I am a solo developer working on multiple AI projects. Since the past 1 month, on random days my API key gets leaked, and within the span of minutes 100 dollars get spent.
After doing some digging in the logs, i noticed that all the API calls are being made in Chinese. I’ve pasted an example below:
I have done the bare minimum, i.e. store the keys in env files and make sure that nothing is exposed, yet, this still persists. Please help me with how do i start debugging this. I have lost over 250 dollars now and this is getting out of hand.
If you’re rotating keys, and only using a backend, then something about that platform is insecure.
File-based keys should be completely out of the hosting or the http root, and group or root 600 permissions of the Python execution.
It can just be bad client code that needs to be pulled down, someone using your API, bypassing customer validation, or even data bleed on shared hosting or an untrustworthy admin.
You can take down one thing at a time and see who keeps coming back for delicious API keys. Look at your http access logs.
You can also set billing limits and warnings on your API Dashboard. While you are researching your compromised security, you should probably set extremely low billing limits so that hackers can only acheive a few dollars worth of API requests.
imo, unless you have production facing products. I would tear it all down and rebuild your infrastructure. You’ve been compromised, and resetting your API key is like depositing to a bank that is mid-robbery
