My supabase api is being DDOS'd
So I had a website was using supabase as backend, but another guy is trying to DDOS my api and managed to rate limit it, and now I only get 429 errors, what should I do in my end? Because if I activate the website now it will just feed into the ip calling too.
13 Replies
Open a support ticket with Supabase support and state what you've stated here.
I sent it
Do you know what else I can do?
What API is being DDOS?
What call?
How do you know someone is attacking it?
My website stopped working giving the error 429, the spikes at Cloudflare are indicating lots of unsual requests
My public is directed to only hispanic users but it reports from other countries that shouldn't even know about the website
You sounded like you know of an attacker.
What API is being hit with the 429 error? Auth? Storage? In the dashboard reports what calls are occurring the most?
Are you using edge functions to call supabase?
You have your own Cloudflare around the Supabase calls? How are you seeing spikes at Cloudflare?
Yes, I have tunneled the api through api.lapregunta.net, and then directed to the supabase api, but I think my api key got leaked with my supabase url too
Those can be public normally. Is the 429 from supabase?
it's from the tunneled api but shouldn-t it be just the same response as supabase? Also i tried with a previous version that used the supabase api, and it still got the same error
You have not said yet what is getting the 429. The dashboard should have errors in the API Gateway logs and the API Gateway report should have more info on main calls for errors.
The database does not have rate limit errors.
You can certainly rotate your JWT secret to stop everything from accessing the API.
I understand, I did tried to restart the project and change api key from legacy to the new ones, and now i get 401, with any of the keys
I meant just rotate the old JWT secret to get a new anon key. The new keys may involve changes to your code depending on what you are doing.
Thanks, it is back and working, I'm sorry if I was a bad experience to support, me but I appreciate your effort and patience with me.