So I have a small web app I made. I didn’t really advertise much because there’s a lot of things I wanna fix in it and I don’t have the time. But I did tell a few classmates about it.
Last few days I noticed it had been running slowly. Until one day it just stopped working. I checked the server logs and there was a background worker trying and failing to insert some data into the db on loop because of a bug I didn’t notice. The data it was trying to insert was spam so I knew this was an intentional thing. I took the server down and in the process accidentally deleted all the logs. Oops.
So I go and check the database and the user who inserted the spam data used their actual email. I google it, find their GitHub, their twitter, and their fiverr which has their actual name and picture. I search their name in my university system and find them. It’s someone I don’t know. Someone who heard from a classmate I told about it.
Fixed the bug now, banned the account, removed the spam. I guess you could say they did me a favor catching the bug but they could’ve just told me about it lol.
The only question left is: should I contact them? Send them a subtle 'I know what you did" message on the uni portal?
Anyone could have used that email to insert spam. Unless you use confirmation emails?
Well, if you don’t, you have nothing. If you do use confirmations, then just tell the police.
What is the police going to do?
I do.