Siddhartha Gunti

For 8 hours, our website served porn

As much as I'd like to say this is a clickbait title- it is not [1].

Feb 19: The weekend we will henceforth remember as "the weekend we bent to the internet's rule of 34". The weekend someone served pornographic content on one of our unused subdomains.

For the unknown- we are a bootstrapped startup, and SEO is our primary acquisition channel. Here's what our search metrics look like for most weeks:

Did you see that minuscule uptick before the last descent? That is the uptick you get for months-long work. An uptick that you treasure. Because ʼ’you don't know when Google makes a "minor" algorithm update. Or when your competitors throw their hearts out at Search ads.

Feb 20, Monday morning: For me, that Monday was the most Monday, Monday could ever be.

Here's what our search metrics looked like:

Internet liked the porn content so much. All our search efforts for the past three years were like an ant in front of a rabbit in the Playboy logo.

Now that I piqued your interest, let me give you the deets:

Things are going to get “techy”

We moved a few of our services from Azure to AWS to save insane infrastructure costs [2]. On such service was, let's be clear, "not-porn-please-open-some-other-site.site.com" in Azure.

This service is not our primary service and is more of a standby service.

  • So we could launch this service on "new-btw-did-i-mention-strictly-not-porn.site.com" in AWS.

  • Use this new domain in our main application.

  • Remove the old service in Azure without creating downtime for our customers.

We had a successful transition (now that I am writing this post, "success" is a relative term, isn't it). We tested our application, new and old domains, and called it a day.

Fast forward to Feb 19

"not-porn-please-open-some-other-site.site.com" serves the content the internet can't get enough of.

What happened?

In Azure, the older domain had an IP address. When we deleted our services from Azure, our subscription lost that IP address.

The boo-boo we did- we missed removing the DNS “A” entry for the older domain from our DNS registry.

Here's where someone saw an opportunity that is not an opportunity. They owned our older IP address and decided to make a dent in the world. How? yes, 69/69 for getting it right.

And because of the DNS entry, they could also prove domain authority and serve the content on HTTPS.

Once we realised it, the fix was simple:

  • Remove the DNS entry.

  • Disavow the subdomain.

  • Pray to Google-gods that the site is not penalised.

But it looks like Google-gods were busy listening to Bard. We did lose our keywords and traffic (28% down). Good news- We recovered ~15% in one month after the mishap.

As a founder, these are the kick-you-in-the-gut kind of moments you want to forget. But what is starting up, if not an existential crisis now and then?

[1] If you are our customer- the attack was not on our primary systems or domains. There was no disruption to our service or brand. Even to see the porn served, you must search with some particular words.

[2] When will it be common to set up your servers like old-school? These infrastructure costs are insane.

built with btw btw logo