News

My server got attacked

Takuya Matsuyama

21 Apr 2023 — 4 min read

Hi, it's Takuya here. I've got good news and bad news for this week. Let's go!

📱 Supporting In-App Purchases for iOS 70% done
😵‍💫 Brute force attack on my server
They exploited the API for the client apps (not the website)
Implemented a leaky bucket algorithm
How to prevent similar attacks in the future?

📱 Supporting In-App Purchases for iOS 70% done

I'm currently working on supporting Apple's In-App Purchases for the mobile version of Inkdrop. This week, I implemented a subscription screen and tested it on the iOS simulator (environment=Xcode).

I've also implemented the server-side handling the notifications from App Store. Next week, I'll test it on the sandbox environment and hopefully submit the new build to the App Store.

😵‍💫 Brute force attack on my server

Last Wednesday night, Inkdrop faced an unexpected brute-force attack. Just before going to bed, I received an alert about a high load on the database server. After checking the server logs, I noticed a huge number of requests targeting the API server. A sign-up rush? No, it was rather a brute-force attack on the authentication endpoint using random stolen email addresses and passwords (a.k.a. credential stuffing). The requests came from random IPs, likely from a botnet. It looked like this:

What I did for upgrading React Native to 0.79.1 from 0.74.2

Hi, it's Takuya here, the developer of Inkdrop – a Markdown note-taking app that supports syncing and offline-first capabilities, built with React Native. Bumping up the React Native versions has always been hard, and this time wasn't an exception, especially because it involved migrating from the old

How to animate a TanStack Virtual list with motion (rev. 2)

The desktop version of my note-taking app is built with React and Electron. Previously, I managed to animate the insertion and removal of specific items of a TanStack Virtual list using motion. However, that approach would always trigger animations whenever the note list content changed, including when switching notebooks from

How I implemented TOTP-based 2FA for my Markdown note app

Hey, what's up? This is Takuya. I'm building a Markdown note-taking app called Inkdrop. As of v5.11.0, it supports two-factor authentication with a time-based one-time password. Thank you so much for the feedback during the beta testing! Inkdrop v5.11.0 - Two-factor authentication

Answering dev questions based on my tech notes using MCP + Claude

In the previous post, I integrated my note-taking app Inkdrop with Claude's MCP: Integrating my note app with Claude’s MCPHi, it’s Takuya here. I’ve been fiddling with Claude, which provides an interesting protocol for third-party AI integrations called MCP (Model Context Protocol). Some of my