Week 07/23/2017 - 07/30/2017 Counter malicious traffic & Golang
We rolled out some fixes on hardening our auth funnel, rejecting a lot of bots from our game.
As retaliation, these bots starting scanning our endpoints and hitting all of them with a lot of request trying to bring the server down.
Most of our endpoints were robust enough to handle that, but they managed to find one which is not robust enough, and caused me a lot of pain.
Thanks to our investment in instrumentation & monitoring, we caught the issue quickly and identified the root cause being bot attaching that end point.
Rolled out 2 steps fix:
1. a bandaid to stop bleeding. basically a simply "if" check to match the particular id bots are using and kill the request right away.
2. adding a new rate limitor based on the client id that's provided in the request.
The rest of the week was spend on doing some simple coding test with golang.
Golang has always been on my radar and I haven't got a chance to use it after finish reading the book. So I decided to start doing coding tests with golang to get familiarized with the language.
A few hours per day for a week is good enough for me to get started golang. I love this language for all kinds of nice features it has and I strongly believe it's the right option for building web servers if no legacy code is in the picture.
I'll keep on using golang and hopefully find a big project soon.
As retaliation, these bots starting scanning our endpoints and hitting all of them with a lot of request trying to bring the server down.
Most of our endpoints were robust enough to handle that, but they managed to find one which is not robust enough, and caused me a lot of pain.
Thanks to our investment in instrumentation & monitoring, we caught the issue quickly and identified the root cause being bot attaching that end point.
Rolled out 2 steps fix:
1. a bandaid to stop bleeding. basically a simply "if" check to match the particular id bots are using and kill the request right away.
2. adding a new rate limitor based on the client id that's provided in the request.
The rest of the week was spend on doing some simple coding test with golang.
Golang has always been on my radar and I haven't got a chance to use it after finish reading the book. So I decided to start doing coding tests with golang to get familiarized with the language.
A few hours per day for a week is good enough for me to get started golang. I love this language for all kinds of nice features it has and I strongly believe it's the right option for building web servers if no legacy code is in the picture.
I'll keep on using golang and hopefully find a big project soon.
Comments
Post a Comment