Giter Club home page Giter Club logo

Comments (3)

pjv avatar pjv commented on June 11, 2024 1

Thanks, yeah, I understood the square bracket integer thing which is how I manually figured out which IP address was hammering me.

My guess is that as with web servers, this (intentional or unintentional DOS-ing) is going to be a pretty regular thing for nostr relays, so it would probably be good to make logging the IP address and a timestamp for all kinds of requests and errors a basic idiom so that tools like fail2ban can just watch the logs and do what they need to do to keep the server online.

I wasn’t able to figure out what was hitting the server or why. It was an IPV6 address that just mapped to the IP space of a commercial ISP in Germany - i.e. likely a home user - and I have no idea what they were requesting since strfry was just erroring the requests out.

Luckily, it was just the one host; I blocked the IP and haven’t seen that error message again since.

from strfry.

hoytech avatar hoytech commented on June 11, 2024

Good idea! It will need a bit of a refactor to log the IP on that line, but it should be possible. I'm adding that to the TODO list.

One thing that may help in the meantime: The numbers inside the square brackets correspond to the connection ID. For example:

2023-02-27 06:47:53.857 (   4.084s) [Websocket       ]INFO| [1] Connect from 127.0.0.1 compression=N sliding=N
2023-02-27 06:47:53.857 (   4.085s) [Ingester 1      ]INFO| sending error to [1]: bad msg: unknown cmd

In these two log lines, the [1] on the Connect line matches the [1] in the error line. So you could build a log scanner that keeps a mapping of connection ID to IP address.

It's not ideal, because you'd need to look arbitrarily far back in time to find the Connect log (well, at least back to server restart, at which point the conn IDs are reused), and you might have to worry about log rotations and such.

In the end, did you figure out if it was a buggy client or malicious activity?

from strfry.

pjv avatar pjv commented on June 11, 2024

@hoytech if you can tell me if there is a relatively simple way to access the IP address of the host from here:

strfry/src/RelayReqMonitor.cpp

Line 44 in e5ec135

sendNoticeError(connId, std::string("too many concurrent REQs"));

I will try to modify that error string to include the IP address and will then be able to automatically block the boxes that are slamming my relay now too fast and furious for me to handle manually, and then submit a PR.

from strfry.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.