Closed zeckli closed 5 months ago
scaled up to 4-8 instances from 2-8 last week, no alert until now.
problems found:
/wp/admin
attack with 500 internal errors> JSON.stringify( JSON.parse(document.getElementById("__NEXT_DATA__").textContent) .props .apolloState .data ) .length
135162 <= 135KB JSON data
"/"
"/tags/[tagId]"
"/[name]/collections/[collectionId]"
auth.matters.news
triggered updated hostname to apiUrl: 'https://server.matters.news/graphql
mitigation in thematters/matters-web#4291
Checklist
Refs
Story