AlphaBits
Back Next: My AI Coding Stack: Under $100 a Month
Written by Alpha Bits team
February 19, 2026 software

How AI Saved Our eCommerce Operations During a Lunar New Year Botnet Attack

The following is an experiential post shared directly by our engineering team regarding a cyber security incident that took place over the holidays.

Our servers were attacked on Vietnamese New Year 2026 by a Vietnamese Botnet.

Emergency response gear

It was the morning of February 18th, 2026—literally the second day of a week-long Tết (Lunar New Year) holidays in Vietnam. We were looking forward to some quiet downtime, but our morning started instead with urgent messages from our Samoa eCommerce team.

Payments were failing across the board. Customers couldn't checkout, and business had effectively come to a standstill.

The Investigation

The entire team was understandably offline for the holidays, but when you are responsible for the tech stack, you prepare for these exact moments. We grabbed our laptops, connected to the production servers from the hotel balcony, and immediately deployed Brian, our AI Security Agent, directly onto the server to help us comb through the massive influx of logs.

Brian AI isolating the malicious IPs in the terminal

What Brian found within minutes was a classic, humbling engineering oversight.

An automated scanner, part of a wandering botnet, discovered an open port 2 days ago on the 16th of Feb 2026, and attempted to connect to turn it into a replica. The connection ultimately failed, but the persistent attempts triggered a defensive response in the database, knocking it into "Read-Only" mode.

Because the payment gateway's rate limiters relied on writing request counts to this specific database, every single API call was suddenly met with an error. The system effectively locked itself down.

Brian AI patching the vulnerability and deploying firewall rules

Brian quickly identified the culprit: a known variation of the 'i love u' malware script 🤖. Thankfully, having an autonomous AI assistant right there in the terminal allowed us to immediately patch the vulnerability, update the firewall rules to block the botnet's IP range, and remove all traces of the malware in a fraction of the time it would normally take a human team.

The Takeaway

As Brian bluntly reminded us in its post-incident report: we were incredibly lucky. If this had gone unnoticed over the long break without an AI agent monitoring the anomalies, the impact could have been catastrophic.

This is exactly what bad actors bank on. They intentionally target the holiday periods when engineering teams are offline, and response times are slower. It's a classic playbook.

Of course, having Brian AI on our team saved the day, which is why we're here sharing the experience! 😆

Share this article