TL;DR: This is the story of a failed attempt to steal FastMail’s domains.
We don’t publish all attempts on our security, but this one stands out for how much effort was put into the attack, and how far it went.
We’ve had a handful of minor attack attempts recently. Targetted phishing emails to staff trying to steal credentials. An NTP-based DDOS which was quickly mitigated by NYI, our excellent hosting service.
These sorts of attacks are the “background radiation” of the internet. Along with port scans and entries in the web server logs from malware trying us out to see if we’re vulnerable to old PHP bugs (hint, we’re not). It’s the reality of being on the internet.
View original post 1,798 more words