This is insane. If I had any business with repl.it, I'd stop it.
They are describing a web app, with a single ingress point, that they wrote from scratch. And it seemed to have no logging at all!
> Look at the contents of the repl, nothing is there. What the hell?
... and at this moment, you dump the repl's state and figure it out. You don't need to "strap in, teeth clinched", you just carefully analyze this repl and see why cloning it causes the attack to start.
At the same time, turn on the web logging if you don't have it. Use ephemeral system disks if you have to, it only needs to last a short time.
> There is a binary in there -- how do they get it in?
maybe the binary is using UDP now, but it got there via your infra. And your infra only talks TCP, and only using channels you control. So look at your HTTP logs and figure it out.
...
If you are going to provide the free compute resources to the world, you are going to get abused. You should not deploy if you don't have a plan for this.
They are describing a web app, with a single ingress point, that they wrote from scratch. And it seemed to have no logging at all!
> Look at the contents of the repl, nothing is there. What the hell?
... and at this moment, you dump the repl's state and figure it out. You don't need to "strap in, teeth clinched", you just carefully analyze this repl and see why cloning it causes the attack to start.
At the same time, turn on the web logging if you don't have it. Use ephemeral system disks if you have to, it only needs to last a short time.
> There is a binary in there -- how do they get it in?
maybe the binary is using UDP now, but it got there via your infra. And your infra only talks TCP, and only using channels you control. So look at your HTTP logs and figure it out.
...
If you are going to provide the free compute resources to the world, you are going to get abused. You should not deploy if you don't have a plan for this.