
Ask HN: How to mitigate “SMS layer” DDoS attacks with Twilio-style services? - turkeytotal
Recently a website that does customer support over SMS was DDOS&#x27;d. An angry customer wrote a script to spam the support line with thousands of texts. A hefty bill was racked up, but thankfully the customer was placated and the attack stopped.<p>It quickly came to the service&#x27;s attention that Twilio (and any downstream providers) only supports blocking numbers for inbound calls:<p>https:&#x2F;&#x2F;support.twilio.com&#x2F;hc&#x2F;en-us&#x2F;articles&#x2F;223181648-Is-there-a-way-to-block-incoming-SMS-on-my-Twilio-phone-number-<p>The service is in search for an alternative, and hoping a fellow HN-er would be able to provide some insight&#x2F;mitigations. It appears bandwidth.com does not support blocking SMS from specific numbers either, so the concern is that this may be a limitation of the telephony system.<p>Thank you in advance :)
======
posguy
Your carrier should not be charging you for inbound SMS, changing SMS
enablement providers can usually be done in a few minutes.

I would encourage you to look at Teli, Telnyx & Signalwire, iirc they all
support blocking texts from a particular number. Avoid Bandwidth.com unless
you want to deal with a long sales funnel and chasing them for API keys they
never provide.

~~~
turkeytotal
>Your carrier should not be charging you for inbound SMS

Agreed!

>look at Teli, Telnyx & Signalwire

Thank you, a quick glance seems to indicate they do not charge for inbound SMS
on local numbers.

~~~
posguy
Teli has treated us well for years, they use some small cell provider in the
midwest for SMS/MMS enablement. Signalwire is essentially Bandwidth.com
without the sales funnel.

~~~
turkeytotal
FWIW, I looked through the APIs and while I did see mechanisms for rejecting
phone calls and faxes, I did not see a way to block specific numbers from
sending you SMS. Not that it matters, free inbound more or less solves the
problem. Thanks again.

~~~
posguy
Hrm, it looks like its a documented endpoint:
[https://apidocs.teleapi.net/api/my-phone-numbers/block-
inbou...](https://apidocs.teleapi.net/api/my-phone-numbers/block-inbound-sms)

