pull down to refresh

100 sats \ 3 replies \ @ek 6 Jan \ parent \ on: 🚨 Important Announcement from Predyx 🚨 oracle
We do have a rate-limit user-id/IP on nginx for that sell api. But some how this attacker is able to bypass that rate-limit.
Maybe they use multiple IPs?
But why do you need a rate limit in the first place? Are they able to sell the same shares multiple times?
write
preview
0 sats \ 2 replies \ @mega_dreamer OP 6 Jan
Possibly multiple IPs. But we also have rate-limit per user-id to mitigate the multiple IPs.
Yes they are able to sell same shares multiple times. We use mongodb with transaction locking. Maybe we need to switch to a transactional db like MySQL or Postgres.
reply
100 sats \ 1 reply \ @ek 6 Jan
But we also have rate-limit per user-id to mitigate the multiple IPs.
Ah, sounded like you rate-limit the combination
Maybe we need to switch to a transactional db like MySQL or Postgres.
Sounds like the right move
reply
0 sats \ 0 replies \ @mega_dreamer OP 7 Jan
Yes, we're working on moving to Postgres.
We fixed the issue by queuing the request via RabbitMQ.
The hacker tried to perform the same attack within minute of us coming back online but failed, gave us a real-time feedback that our fix worked.
We're back online! Thanks for your support and advice.
reply