Paco Hope2d ago

Ok this one’s on me.

I stood up a test website and I used bunny net as my CDN. The url was predictable. Test dot domain dot net. Well, somebody found it and just hammered it. 1.3M requests in a week. I probably account for about 200 of those. I figured it out when the VM’s disk ran out of space from logging it all.

Total bandwidth 27.81 GB
Cached bandwidth 33.32 MB
Requests served 1,380,802
Cache hit rate 1.25%

#selfhosted #selfhosting

Show threadRune 🇨🇦

@paco
It's less likely that someone guessed the domain name. It's more likely that you, or bunny.net on your behalf, got a TLS cert signed by a Certificate Authority that logs to a certificate transparency log, and someone used that as a way to find potential new victims for whatever they're trying to do.

https://certificate.transparency.dev/logs/

Logs : Certificate Transparency

Certificate Transparency

Mar 27 at 12:16amWeb
Show threadPaco Hope2d ago
@rune could be. But that name was registered ages ago with a let’s encrypt cert. Then the week this all happened it got reissued when bunny net became the cdn. I suppose that’s how they found it.