Skip to content

Instantly share code, notes, and snippets.

@abdelhai

abdelhai/report.md

Last active May 29, 2022 08:37
Show Gist options
  • Save abdelhai/0e6244267d6bbc4e1f67b3e68b5e59aa to your computer and use it in GitHub Desktop.
Save abdelhai/0e6244267d6bbc4e1f67b3e68b5e59aa to your computer and use it in GitHub Desktop.
Download ZIP
Thursday 26.05.2022 "deta.dev" domain incident
Raw
report.md

Thursday 26.05.2022 incident

Yesterday (26.05.2022), deta.dev, one of our domains responsible for providing the hostnames for our Micros service was unavailable between 18:30 - 20:15 CET/GMT+2.

Affected services

deta.dev was not available

The DNS resolution for our apex domain deta.dev was failing and thus all the *.deta.dev hostnames weren’t reachable. This means any content hosted on a Micro wasn’t available via its deta.dev URL.

Custom domains were not affected

Custom domains for Micros were not affected as they are served under the custom domain set up by the developer and not our deta.dev domain.

Other services were not affected

Other services like Deta Base, Deta Drive, Deta Space & Deta Space apps weren’t affected as they are served on separate domains.

Cause

As a free, hosting provider we get our fair share of bad actors trying to host phishing websites on our servers. Thanks to public monitoring and internal measures, we are mostly able to remove reported content without affecting our services.

On May 24, we got a phishing report from Namecheap (the registrar we use for deta.dev) which we weren’t aware of, as the email landed in the Mustafa’s “Updates” G-Mail folder. The email points to an affected Micro hosting a phishing website. The email threatened to suspend the affected domain (deta.dev), if no action was taken.

We’ve then received 2 reminders, which we also missed.

Timeline of the incident

Thu 26th May ~ 18:30 CET On Thursday the 26th of May, we received an email from Namecheap informing us that the domain deta.dev was suspended, which we did not immediately see.

Thu 26th May ~ 19:00 CET We started getting reports from our developers that their Micros’ .deta.dev domains were not responding.

Thu 26th May ~ 19:23 CET We noticed the emails & reports. Mustafa looked up all emails from Namecheap in his inbox and found the first report. We then immediately took down the malicious content and contacted Namecheap responding to their report ticket through their support chat. Unfortunately, their chat pointed us to their ticket system. They didn’t provide a hotline or a phone number to reach their Abuse Department.

Thu 26th May ~ 20:15 CET

We received an email from their Abuse Department that the case was resolved and that our domain was back online.

Future measures to avoid harmful content and domain-related service disruptions

  • Use a dedicated safety, security and abuse email address
  • Implement more intelligence to prevent and monitor bad actors (some projects should be live soon)
  • Improve our domain monitoring and alerting
  • Ensure we have premium support with a phone hotline for our domain registrar and infrastructure providers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment