One of my websites is getting way too many requests to stay within budget. I'm having to drop anon account ability to playback videos. Now visitors have to log in first.

Gotta earn more money somehow. The required login widened my sales funnel which is good. Free accounts work, but you don't get all the analytics features unless you're a paid member.

Looked in my Pocketbase logs. Saw tons of SQL injection attacks. Luckily it's attacks for Oracle server, so whoever's doing that doesn't seem very focused. Botnet maybe. Might have to set up some CDN stuff to block that.

Realized I have an unsecured api endpoint where people can bypass the login and get the direct link to the videos. Not a huge deal yet (very few visitors know how to access it.) Can't just put access controls on the endpoint because that is the same endpoint for visitors get data for the webpages. Gotta re-architect that.

Definitely gotta remove the ability for users to download videos through the direct links. Could be that there are other sites hotlinking. Haven't seen any indication of that in the logs, but there's a shitton of logs I haven't seen and you know what they say about Murphey's Law. Gotta set up CDN signed URLs that expire after awhile so it's not an issue.

Never a dull moment.