Did you know that by default databases on Heroku are open to the world and anyone can connect to them?<p>They explain this in https://help.heroku.com/QVRZIEAH/why-am-i-seeing-connection-errors-for-my-heroku-postgres-database-from-an-unexpected-ip-address-what-are-these-unauthorized-connection-attempts.<p>This would be okayish if those log attempts would not count against the logging add-ons and even their internal logging limit. So what happens if someone tries to brute force the DB instance?<p>First logs get dropped as Heroku Logplex starts dropping all logs once it becomes too much to even show them(https://i.imgur.com/cvpHcwi.png), second if you have a logging addon you most likely lost valuable logs (let's hope you are not storing them for compliance) and you have to upgrade to a higher plan just to have them processed, ignoring that some of them won't even get logged.<p>Support says this is not abuse, they won't block offending IPs and that one should upgrade to private space which costs 6x more.<p>Tell me if this is ok practice, I don't think it is?