ServerlessHorrors

Stories you never want to feel on your own skin

$100,000.420

Andras Bacsai's avatar
$100,000.420

Original post

Conclusion: Never let your Firebase project alone!

Fun Fact: Firebase Storage


From the original post:

I had cloudflare in front of my stuff. Hacker found an uncached object and hit it 100M+ times. I stopped that and then they found my origin bucket and hit that directly.

CF Workers can access private bucket storage to keep that more secure but workers are billed per instance/minute.

I think I needed rate limiting too which doesn’t seem to be default.

I can’t risk making a minor config mistake and having it cost me 100k.

Done with cloud.