Cloud Security  / Cloud Industry

How Divio Protects Against Crypto Mining Abuse

Why does Divio require payment card verification for credit and debit cards for all customers? Learn why we reinforce crypto mining abuse countermeasures here.

Mebrahtu Zemui Tesfazghi

Mebrahtu Zemui Tesfazghi

Community Manager

Why does Divio require payment card verification for credit cards or debit cards even for free subscriptions from customers? In recent months, cryptocurrency miners and other abusers have increased their exploitation of the resources offered under free subscription tiers from multiple cloud service providers. Divio is not exempted from that and it is now requiring a valid credit card for users on free plans as well.

When Divio users are selecting the free subscription plan, Divio asks the user to fill in payment card information. On a free subscription plan, Divio only uses the payment card for verification purposes and is not charging the user until the user changes to a paid subscription plan. While verifying the payment card, Divio is requesting a $1 authorization which immediately gets released - the payment card will never get charged.

Divio continues to provide a free subscription plan on the Divio platform.

The reasons for payment card verification

Divio provides a fully featured free subscription plan called “Developer” for public cloud hosting solutions. This free subscription plan allows users to test the Divio products and services and explore the Divio platform.

In the past few months, we have encountered bad actors signing up on a free subscription plan and misusing its intended purpose of testing and exploring the Divio platform. The abusers were using the free subscription plan for running cryptocurrency mining tasks or mounting DDoS attacks. These abusers not only use our platform for bad intentions but also deplete resources, potentially affecting the performance for other users.

Divio does not tolerate nor support any of such activities and immediately implemented multiple security measures - one of which is payment card verification.

Other service providers with similar concerns

Many other service providers have reported similar issues and are coming up with their own mitigating strategies. According to the Record, some of those who have been abused include GitHubGitLabMicrosoft AzureTravisCILayerCICircleCIRenderCloudBees CodeShipSourcehut, and Okteto.

As a mitigation of this abuse,

Note:

Divio will continue to monitor the usage of the Divio platform and may implement additional counter measures as necessary.