Spam request filtering
Last updated: 18 August 2024
Today in the morning I woke up to around 20 bounce emails like this:
A quick investigation showed: someone tried sent over 200 spam requests to the API endpoint that creates magic links in Ghost.
Magic links are used to sign a member up for your newsletter. They will still need to confirm their subscription by clicking on a link in the email, so I am not entirely sure what the goal of the attacker was. However, it meant that over 200 people got emails from Magic Pages that don't even know who I am 🤷
I looked into the database connected to Magic Pages' Ghost site and saw that the name of the signed up supposed user was always the same: "adwdasddwa". And I remembered seeing that on Reddit a few days ago:
Someone registers multiple users on my self-hosted Ghost server, all with the same name, is that a hacker?
by u/bohlenlabs in Ghost
Turns out, this "attack" (if you want to call it that) is far more widespread and many Ghost users are affected by it. I ran a quick query over all databases hosted on Magic Pages and found over 2,000 entries. Ughh…
That meant, "best case" somebody just sent 2,000 useless emails to people, who have no idea what that is and will ignore it. "Worst case", they'll report the email as spam (which it legitimately is).
A few hours later, and I am happy to tell you that the spam requests are now filtered out before they can hit your Ghost site on Magic Pages. The solution that has been implemented is flexible enough to be expanded in the future, in case new spam requests emerge.