News

My server got attacked

Takuya Matsuyama

21 Apr 2023 — 4 min read

Hi, it's Takuya here. I've got good news and bad news for this week. Let's go!

📱 Supporting In-App Purchases for iOS 70% done
😵‍💫 Brute force attack on my server
They exploited the API for the client apps (not the website)
Implemented a leaky bucket algorithm
How to prevent similar attacks in the future?

📱 Supporting In-App Purchases for iOS 70% done

I'm currently working on supporting Apple's In-App Purchases for the mobile version of Inkdrop. This week, I implemented a subscription screen and tested it on the iOS simulator (environment=Xcode).

I've also implemented the server-side handling the notifications from App Store. Next week, I'll test it on the sandbox environment and hopefully submit the new build to the App Store.

😵‍💫 Brute force attack on my server

Last Wednesday night, Inkdrop faced an unexpected brute-force attack. Just before going to bed, I received an alert about a high load on the database server. After checking the server logs, I noticed a huge number of requests targeting the API server. A sign-up rush? No, it was rather a brute-force attack on the authentication endpoint using random stolen email addresses and passwords (a.k.a. credential stuffing). The requests came from random IPs, likely from a botnet. It looked like this:

How I implemented TOTP-based 2FA for my Markdown note app

Hey, what's up? This is Takuya. I'm building a Markdown note-taking app called Inkdrop. As of v5.11.0, it supports two-factor authentication with a time-based one-time password. Thank you so much for the feedback during the beta testing! Inkdrop v5.11.0 - Two-factor authentication

Answering dev questions based on my tech notes using MCP + Claude

In the previous post, I integrated my note-taking app Inkdrop with Claude's MCP: Integrating my note app with Claude’s MCPHi, it’s Takuya here. I’ve been fiddling with Claude, which provides an interesting protocol for third-party AI integrations called MCP (Model Context Protocol). Some of my

Integrating my note app with Claude's MCP

Hi, it's Takuya here. I've been fiddling with Claude, which provides an interesting protocol for third-party AI integrations called MCP (Model Context Protocol). Some of my note app (called Inkdrop) users requested that they want to let Claude use their tech notes as knowledge via MCP.

How to animate a TanStack Virtual list with Motion

I love Motion. It makes animating UIs in web apps incredibly easy. I've been using it in my app to animate components like the tags input bar, the notebook list, dialogs, and more. One of the components I wanted to animate was the note list. This was challenging