Ask HN: How to mitigate “SMS layer” DDoS attacks with Twilio-style services?
Recently a website that does customer support over SMS was DDOS'd. An angry customer wrote a script to spam the support line with thousands of texts. A hefty bill was racked up, but thankfully the customer was placated and the attack stopped.
It quickly came to the service's attention that Twilio (and any downstream providers) only supports blocking numbers for inbound calls:
https://support.twilio.com/hc/en-us/articles/223181648-Is-there-a-way-to-block-incoming-SMS-on-my-Twilio-phone-number-
The service is in search for an alternative, and hoping a fellow HN-er would be able to provide some insight/mitigations. It appears bandwidth.com does not support blocking SMS from specific numbers either, so the concern is that this may be a limitation of the telephony system.
Thank you in advance :) Your carrier should not be charging you for inbound SMS, changing SMS enablement providers can usually be done in a few minutes. I would encourage you to look at Teli, Telnyx & Signalwire, iirc they all support blocking texts from a particular number. Avoid Bandwidth.com unless you want to deal with a long sales funnel and chasing them for API keys they never provide. >Your carrier should not be charging you for inbound SMS Agreed! >look at Teli, Telnyx & Signalwire Thank you, a quick glance seems to indicate they do not charge for inbound SMS on local numbers. Teli has treated us well for years, they use some small cell provider in the midwest for SMS/MMS enablement. Signalwire is essentially Bandwidth.com without the sales funnel. FWIW, I looked through the APIs and while I did see mechanisms for rejecting phone calls and faxes, I did not see a way to block specific numbers from sending you SMS. Not that it matters, free inbound more or less solves the problem. Thanks again. Hrm, it looks like its a documented endpoint: https://apidocs.teleapi.net/api/my-phone-numbers/block-inbou...