Closed jpatokal closed 2 weeks ago
Investigation confirmed that the "SQL injection" line was bullshit, this was just a garden-variety DDOS targeting only the home page. Cloudflare absorbed >99% of it, but there was enough hammering away from >10k IPs to cause some pretty serious load on the DB server (below).
If this becomes a recurring problem it might be worth investing in caching the front page DB requests better, but for now it looks like they've crawled back under the rock they came from.
Openflights was reporting high latency earlier today, and I received this extortion attempt:
(I've censored the addresses because there's no point in contacting this scum.)
I have no evidence this was an actual SQL injection, which we should be reasonably well protected against at this point, so AFAICT this was more likely a DDOS attack. The website is operating normally at this time and there's no sign of database compromise. I'll investigate more tonight.