- Moved DNS to Cloudflare, which handled the brunt of it.
- IP and CIDR blocks
- A few trivial heuristics to catch certain behaviors they were using
- In-app query caching for read-only endpoints that serve the same data to all users
- Redis TTL caching for read-only endpoints that take view arguments. A means to manually expire on writes.
- Runtime control plane additions to dynamically block IPs/CIDRs, user accounts, and endpoints (if they find another hole to exploit, we can just block a few endpoints rather than the whole service)
- A tool to inject bad responses (we found another, probably different actor consuming and reselling our service)
- IP and CIDR blocks
- A few trivial heuristics to catch certain behaviors they were using
- In-app query caching for read-only endpoints that serve the same data to all users
- Redis TTL caching for read-only endpoints that take view arguments. A means to manually expire on writes.
- Runtime control plane additions to dynamically block IPs/CIDRs, user accounts, and endpoints (if they find another hole to exploit, we can just block a few endpoints rather than the whole service)
- A tool to inject bad responses (we found another, probably different actor consuming and reselling our service)