Here's a non-corona thread for you about how last month I got all of http://Ghost.org  kicked off Google and our entire domain no longer appeared for a single search result. Our traffic immediately tanked and things looked very bad.

It all started with illegal pornography:
Ghost: The #1 open source headless Node.js CMS

The world's most popular modern open source publishing platform. A headless Node.js CMS used by Apple, Sky News, Tinder and thousands more. MIT licensed, with 30k+ stars on Github.

http://Ghost.org
A couple of years back we had open trials on http://Ghost.org  to make it as easy as possible for people to try out the product. In about 3 clicks you could spin up a brand new hosted indie publication and start sharing stuff with the world. Blazing fast. Really cool.
Ghost: The #1 open source headless Node.js CMS

The world's most popular modern open source publishing platform. A headless Node.js CMS used by Apple, Sky News, Tinder and thousands more. MIT licensed, with 30k+ stars on Github.

http://Ghost.org
So of course it got steadily abused, more and more, especially by people setting up spam SEO sites for link farms and people sharing torrent download links. Also, by a particularly aggressive group in the business of sharing illegal/copyrighted premium porn.
One time, I managed to trace one of the IP addresses signing up all these porn accounts to a web development / marketing agency in Malaysia -- tracked down their out of hours emergency number -- and phoned (what I assume was) the founder of the company at 2am his time.
I said please can you stop sending us all this porn. We're a 5 person nonprofit organisation just trying to survive. We're not google or facebook, and you're destroying our servers with all these pixelated penises.

He was very apologetic and for a while there was no more porn.
Eventually, though, other people caught on and created more spam sites - and at the start of 2018 we finally decided to validate credit cards in order to start a free trial.

No charge on signup, and no auto-charge at the end of trial. Just validation.

Spam solved! Until 2020
At the start of this year, the strategy we used to get rid of one type of spammer... attracted a new type. Fuck me.

Now there's people who do a "big hack" of cards stored in plaintext somewhere, then try to sell them on the black market before the breach is up on @haveibeenpwned
But you're a hacker, and you just got 100,000 credit card details from a database somewhere which you now want to sell on. The first question you're going to get to establish market value is... "how many of them work?"
And so it turns out we inadvertently designed the ultimate credit card testing tool.

A public facing credit card form, which DOES validate a card can be charged, but DOESNT charge it, meaning it's nearly invisible to the victims:
Doesn't show up on printed statements, doesn't show up on internet banking, doesn't show up ANYWHERE except for a temporary "pending transaction" list with some more modern providers.

Best of all! It's from a known merchant (us) with well established reputation/history!
So these motherfuckers start running big batches of thousands of card tests against our signup page. Spam prevention is now spam magnet.

They do it via a distributed botnet masquerading as real users filling out/submitting the form, so there's basically no way of filtering.
Infrastructure team is trying everything but they're getting through all our honeypots, and we're losing our minds.

I'm going through our firewall logs looking at the requests and spot a couple of signatures which are easy to block. Then, all of a sudden there's a new spike
Thousands of requests from an IP block originating from Google as in Google Cloud Platform. Not on my watch. Block!

And it worked. For about 2 weeks our firewall diligently denied every single fucking request made by Google Web Crawler ... NOT cloud platform ...
One day I searched for something we normally rank for, and we didn't. And then uh ... saw that http://Ghost.org  no longer existed anywhere in Google ...

At all.

Shit.
Ghost: The #1 open source headless Node.js CMS

The world's most popular modern open source publishing platform. A headless Node.js CMS used by Apple, Sky News, Tinder and thousands more. MIT licensed, with 30k+ stars on Github.

http://Ghost.org
So yeah, terrible timing but correlation and causation are still very different things. Lessons were learned.

Fortunately rankings recovered very quickly and got reindexed after we resubmitted sitemaps, etc. Traffic recovered shortly after.

Worked with @stripe to report it all
Long story short: This is why we can't have nice things.

Thank you for coming to my Ted Talk. Like and subscribe. Merch link in bio.
You can follow @JohnONolan.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cålculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more