Divio reinforces its crypto mining abuse counter-measures

Mebrahtu Zemui TesfazghiMebrahtu Zemui Tesfazghi
Divio Technologies
17. June, 2021

Why does Divio require payment card verification for credit cards or debit cards even for free subscriptions?

In recent months, cryptocurrency miners and other abusers have increased their exploitation of the resources offered under free subscription tiers from multiple cloud service providers. Divio is not exempted from that and it is now requiring a valid credit card for users on free plans as well.

When Divio users are selecting the free subscription plan, Divio asks the user to fill in payment card information. On a free subscription plan, Divio only uses the payment card for verification purposes and is not charging the user until the user changes to a paid subscription plan. While verifying the payment card, Divio is requesting a $1 authorization which immediately gets released - the payment card will never get charged.

Divio continues to provide a free subscription plan on the Divio platform.

The reasons for payment card verification

Divio provides a fully featured free subscription plan called “Developer” for public cloud hosting solutions. This free subscription plan allows users to test the Divio products and services and explore the Divio platform.

In the past few months, we have encountered bad actors signing up on a free subscription plan and misusing its intended purpose of testing and exploring the Divio platform. The abusers were using the free subscription plan for running cryptocurrency mining tasks or mounting DDoS attacks. These abusers not only use our platform for bad intentions but also deplete resources, potentially affecting the performance for other users.

Divio does not tolerate nor support any of such activities and immediately implemented multiple security measures - one of which is payment card verification.

Other service providers with similar concerns

Many other service providers have reported similar issues and are coming up with their own mitigating strategies. According to the Record, some of those who have been abused include GitHub, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, and Okteto.

As a mitigation of this abuse,

  • Docker has removed Autobuilds from their free plan.
  • GitHub has updated its reputation assessment on GitHub Actions and also added the requirement of a manual approval of a first time pull request.
  • GitLab is now requiring new free users to provide a valid credit or debit card number in order to use shared runners on GitLab.com.

Note:

Divio will continue to monitor the usage of the Divio platform and may implement additional counter measures as necessary.


Back to overview

Recent posts