Author Topic: Beware..your Mapbox key can be poached.  (Read 533 times)

0 Members and 1 Guest are viewing this topic.

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 8884
  • Saratoga, CA, USA Weather - free PHP scripts
Beware..your Mapbox key can be poached.
« on: February 08, 2023, 06:56:39 PM »
I got an email this morning from Mapbox saying my key was over quota for a free key.
Logged into the site, checked the stats on my account and found a big bump in Map Tile usage (250K) in the last 3 days..
Digging deeper, the 'offending' site was earthquaketrack{dot}ru/eq_map2/ .. they'd used my quake-json.php script (which is ok),
but scraped my Mapbox key from my quakes.php page.  My bill will be $15 US for their overactive usage. Sigh...

So.. a quick regeneration of the Mapbox public key, a password change to the Mapbox site, and removal of the API key from my Settings.php should stop them from harvesting it again.

So.. if you use a free Mapbox key on your site for my map scripts (quake-json, mesonet-map, global-map), watch your usage and if it spikes, remove it from your site and regenerate your mapbox API key and change password for the mapbox website.
Ken True/Saratoga, CA, USA main site:
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP