-
s3-bucket-name-generator
Generate an S3 bucket name that is hard to guess to mitigate DoS billing attack
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Today I was hit by a surprise 500$ bill by using byte range request within zip files without an upper bound, but not consuming the whole stream. I tested for about 45 min at about 1gbps. My ISP meter says I downloaded 300gb which lines up with physics, but AWS says it was 6000gb.
My first thought is that can be abused to multiply the damage if you want to engage in some cost based denial of service.
About every other week AWS gets out of their way to make us remember that they are the worst cloud around.
For reference https://github.com/ZJONSSON/node-unzipper/issues/308
Well this was an unwelcome attack vector, since I wrangle a fair few S3 buckets. I hastily threw together a S3 bucket name generator in Bash under Linux [1] to create names that follow the AWS rules to start my migration to my new S3 bucket names, and welcome any help to ensure it creates names that are strongly resistant to this attack, and follow various S3-like vendor rules.
[1] https://github.com/automaticit-anthonyyen1/s3-bucket-name-ge...
Well this was an unwelcome attack vector, since I wrangle a fair few S3 buckets. I hastily threw together a S3 bucket name generator in Bash under Linux [1] to create names that follow the AWS rules to start my migration to my new S3 bucket names, and welcome any help to ensure it creates names that are strongly resistant to this attack, and follow various S3-like vendor rules.
[1] https://github.com/automaticit-anthonyyen1/s3-bucket-name-ge...