DoS attack
tavindev
PROOP

2 years ago

Someone found a vulnerability that leads to a DoS attack on my api, but I suspect it's Railway related. Can someone contact on DM? Or is there a better place to disclose this?

21 Replies

brody
EMPLOYEE

2 years ago

may i ask what makes you think this is railway related?

tavindev
PROOP

2 years ago

Application still runs, doesn't crash and doesn't appear to use all available resources, but requests fail with CORS error, while the malicious requests are running

brody
EMPLOYEE

2 years ago

what status code though?

tavindev
PROOP

2 years ago

1220078667070177300

tavindev
PROOP

2 years ago

works fine when we dont run the reqs

brody
EMPLOYEE

2 years ago

may you tell me the status code please

tavindev
PROOP

2 years ago

the connection times out

tavindev
PROOP

2 years ago

so no status code

brody
EMPLOYEE

2 years ago

seems like your app has soft locked with all this traffic

brody
EMPLOYEE

2 years ago

at this time, im not seeing any issues with railway itself

tavindev
PROOP

2 years ago

mb

tavindev
PROOP

2 years ago

1220079443616469000

tavindev
PROOP

2 years ago

503

tavindev
PROOP

2 years ago

app still running tho

brody
EMPLOYEE

2 years ago

that was what i thought, seems like a softlock

brody
EMPLOYEE

2 years ago

what kind of app is this

tavindev
PROOP

2 years ago

it's a rest api

brody
EMPLOYEE

2 years ago

do you have cloudflare in front?

tavindev
PROOP

2 years ago

no, do you think it would solve this?

brody
EMPLOYEE

2 years ago

thats what cloudflare's main selling point is

jfk
PRO

2 years ago

If you’re concerned this is a platform issue please provide as much info as possible to security@railway.app for triage

Loading...