How Divio Protects Against Crypto Mining Abuse
Why does Divio require payment card verification for credit and debit cards for all customers? Learn why we reinforce crypto mining abuse countermeasures here.
Mebrahtu Zemui Tesfazghi
Community Manager
Why does Divio require payment card verification for credit cards or debit cards even for free subscriptions from customers? In recent months, cryptocurrency miners and other abusers have increased their exploitation of the resources offered under free subscription tiers from multiple cloud service providers. Divio is not exempted from that and it is now requiring a valid credit card for users on free plans as well.
When Divio users are selecting the free subscription plan, Divio asks the user to fill in payment card information. On a free subscription plan, Divio only uses the payment card for verification purposes and is not charging the user until the user changes to a paid subscription plan. While verifying the payment card, Divio is requesting a $1 authorization which immediately gets released - the payment card will never get charged.
Divio continues to provide a free subscription plan on the Divio platform.
The reasons for payment card verification
Divio provides a fully featured free subscription plan called “Developer” for public cloud hosting solutions. This free subscription plan allows users to test the Divio products and services and explore the Divio platform.
In the past few months, we have encountered bad actors signing up on a free subscription plan and misusing its intended purpose of testing and exploring the Divio platform. The abusers were using the free subscription plan for running cryptocurrency mining tasks or mounting DDoS attacks. These abusers not only use our platform for bad intentions but also deplete resources, potentially affecting the performance for other users.
Divio does not tolerate nor support any of such activities and immediately implemented multiple cloud security measures - one of which is payment card verification.
Other service providers with similar concerns
Many other service providers have reported similar issues and are coming up with their own mitigating strategies. According to the Record, some of those who have been abused include GitHub, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, and Okteto.
As a mitigation of this abuse,
Docker has removed Autobuilds from their free plan.
GitHub has updated its reputation assessment on GitHub Actions and also added the requirement of a manual approval of a first time pull request.
GitLab is now requiring new free users to provide a valid credit or debit card number in order to use shared runners on GitLab.com.
Note:
Divio will continue to monitor the usage of the Divio platform and may implement additional counter measures as necessary.
Related posts
Cloud Compliance / Cloud Cost Control / Cloud Management / Cloud Security
Divio Method and Compliance Part 2: GRC Tool
In this interview with Divio’s Jonathan Stoppani, read about how we set out to build our own Governance, Risk, and Compliance tool. The project exemplifies Divio’s approach to problem solving.
Cloud Compliance / Cloud Security / Cloud Management
Cloud Security Challenges Organizations Need To Overcome
Migrating on-premise infrastructure to the cloud is a top priority for many organizations today. The cloud offers a number of benefits, including scalability, flexibility and cost savings. However, many organizations are unprepared for the security challenges that come with cloud adoption. In this blog post, we will discuss some of the cloud security challenges that organizations need to overcome.