Starting tomorrow, January 31st, the API endpoints that were running the services of Moocher.io will be permanently disabled and all the users who are still using the endpoint in api.moocher.io will have to change it to api.apility.net. The capabilities of these services will not be reduced, on the contrary in Apility.io all services have been significantly improved and increased.

Recently I was interview by SecOpsHub and they asked me about the origins of Moocher.io. People love good stories, and I think this is a good one.

At my former company, we ran a Cloud Service Provider. And we had a serious problem with users who “abused” trial accounts over and over again. We called them in Spanish “gorrones” (you can translate it to English as  “moochers”). As a CEO sometimes you have to take decisions to onboard as many users as possible. Trial periods are a very popular method to onboard users, but it’s very common to have users that abuse of trials. There is a trend now promoting simpler onboarding services. The fewer parameters, the better. And they are right, but it has the collateral of inviting poor quality users to your service.

During Christmas time of 2015, the problem broke completely and we had a coordinated attack that nearly collapsed the service. The procedure for discovering these “moochers” was manual, but in the middle of the Christmas time neither my team nor I were willing to abandon our families because of these bad users, but we couldn’t take the full service down either.

So I came up with the idea of gathering information of the users when they connect: IP address, email, domain, credit cards, browser User Agent to set up a profile. Then the user was given a score based on this information, and if the score was low, he was not allowed to register.

What I discovered is that all this information needed for scoring already exists, but it is very scattered on the Internet and not always up-to-date. That’s how I thought that maybe a service that gathered this information and kept it up to date could have a market.

When I left my former company I developed and launched as a side project a site called ‘moocher.io’ with a free basic API to check if people started using it. Users from all places around the world started using it, slowly becoming a new tool for Threat Intelligence analysis.

Once I validated that there was a market, I decided to market more advanced services under the brand name ‘Apility.io’. Some people told me that ‘Moocher’ may be offensive to potential users don’t getting the irony so I think changing to this new name was the right choice. There are currently a few hundred users (and companies in most cases) who use our service. Although we still don’t have the size to hire a full Product Management team (I take this role), we do have Support staff and Account Managers.