This seems like something they just never concidered until a really big client that was getting hammered told them they can stick the bill. So they are spinning it for good pr
This was actually because a small developer picked the name of their new S3 bucket that happened to collide with a default name of an open source package. Over one weekend they racked up $1300 charges and thousands of users attempted to upload to their bucket. Every call failed (invalid api key) but the developer was still charged.
I don’t buy it. Unauthorized access attempts are a constant on the internet in general, and in AWS endpoints in particular. When anyone exposes an endpoint, it’s a matter of minutes until it starts to get prodded by security scanners. I worked on a project where it’s endpoints were routinely targeted by random people running FLOSS security scanners resulting in thousands of requests that were blocked either by rate-limiting or bad/lack of credentials. I don’t believe that a single invoice of $1k would trigger such a sudden and massive change of heart, when accidental costs in AWS easily reach orders of magnitude above that price tag.
This seems like something they just never concidered until a really big client that was getting hammered told them they can stick the bill. So they are spinning it for good pr
This was actually because a small developer picked the name of their new S3 bucket that happened to collide with a default name of an open source package. Over one weekend they racked up $1300 charges and thousands of users attempted to upload to their bucket. Every call failed (invalid api key) but the developer was still charged.
Wild.
Here’s the sauce
I don’t buy it. Unauthorized access attempts are a constant on the internet in general, and in AWS endpoints in particular. When anyone exposes an endpoint, it’s a matter of minutes until it starts to get prodded by security scanners. I worked on a project where it’s endpoints were routinely targeted by random people running FLOSS security scanners resulting in thousands of requests that were blocked either by rate-limiting or bad/lack of credentials. I don’t believe that a single invoice of $1k would trigger such a sudden and massive change of heart, when accidental costs in AWS easily reach orders of magnitude above that price tag.
Yes, this indeed screams “Cloudflare does not pull this sort of shit”, and now they are spinning this as something they do out of kindness.