My website monitoring site is receiving lots of spam from glitch.me

Glitch Help
1

I am lead dev at Downtime Monkey - a website monitoring site. Recently we’ve been hit by a large amount of spam sign-ups that seem to originate from glitch.me

It seems bots have set up accounts, usually with random gmail addresses on our free plan. Then they proceed to add lots of monitors for glitch.me sites - most of these don’t seem real because they monitor the site without alerting anyone.

This uses overhead on our servers so it’s a bit of a problem - if anyone here knows anything about this please let me know. I’m going to have to take some action and although I’d like to avoid a total ban on glitch sites, I might have to go down that road at least for our free accounts.

Thanks for your help!

4 Likes
2

hi, is it possible to set up:

  • rate limiting
  • verification by email
  • set a max amount of monitors for free members

these should help, also- try adding a robots.txt to stop some bots entering your site for malicious purposes

1 Like
3

I would recommend that you block *.glitch.me as ping services are not allowed. This should prevent a great deal of spam.

10 Likes
4

i agree, or try alternative methods of checking uptime

2 Likes
5

You should also let support@glitch.com know about this, and I’m sure they could help you out!

6 Likes
6

i would strongly recommend rate-limiting

3 Likes
7

Thanks for the advice. They are getting through the email verification and rate limiting which we have in place already. Max number of free monitors per account is 60 but with hundreds of accounts this is adding up.

5 Likes
8

@glitch_support, this thread might require special attention.

6 Likes
9

It’s not ping but is similar - it’s http requests.

2 Likes
10

maybe, you could try auto-freezing accounts for an hour if they make too many monitors too fast at one time

2 Likes
11

What if they use custom domains? After all, Freenom domains are free.

2 Likes
12

Can anyone let me know why they want to request glitch.me sites? Is it to keep them up?

13

no, it’ll be because custom domains are hard to set up and .glitch.me are quicker to set up

4 Likes
14

For the free accounts it’s a fixed rate of one request per 3 minutes.

15

@flyinRyan00 is it possible to create a domain verification system? like you must add a file or code like in the bing search console

16

It’s possible but I don’t want to put any friction in place for normal users - we do check the domain is up and responds with 200 OK

2 Likes
17

i think your best idea is to add this feature- it can be automated in it’s current state so you’ll need to introduce a bit of friction

18

Yeah, but free is free I guess.

2 Likes
19

So is there no real email verification?

2 Likes
20

So is there a reason why they are they setting up the monitors - what’s in it for them to ping the sites?

2 Likes