Botnet Attack


A distributed botnet (from multiple IPs) is hitting one of our websites and is creating new accounts at a rate of 4 per second.

  • Each hour 15k new accounts are created
  • Usernames contain an unusual ‘fiction-based’ text (i.e. from books)
  • Each new account has some impact on the back-end due to automated actions and workflows (i.e. auto-creation of albums and insertion into CRM tools)

Objective: Understand and contain issue(s) without any pushes to production

You can use any technology you want (ideally ones you have experience with) and any Group Security team size * Describe what you would do and how you would act (ideally in diagram format) * Who would you talk to? * What actions would you take to contain and remediate the issue(s)?

Resources and Technologies available:

  • Techops, Webops, and Dev teams
  • Slack, Jira, Confluence, ELK, Grafana, Nagios, Akamai, AWS, Cisco Firewalls, Landeks, and DarkTrace

Back to all challenges

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Contact

Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street
London
SE1 0HS
England