Since earlier this week, we have what looks like a DDoS attack going on against our (very small and unknown) public IPFS gateway. It was both filling up our disks, as well as nginx throwing 500s from running out of file handles for serving parallel requests.
Since we don’t intend for it to be a general gateway, but mostly to serve pinned documents for our own project, we have set NoFetch
to true
and are now banning all IP addresses that exceed a handful of 404s for a couple of days.
The number of IPFS addresses banned (i.e. doing a lot of regular requests despite never receiving files) is currently hovering around the 72,000 mark. Now, the question I have for other people hosting public gateways is if this happened to someone else before? It seems like an odd vector for attacking our project specifically, so I’m currently guessing it’s someone targeting public IPFS gateways in general. But I’m not sure. (Also, it’s a rather uncontroversial, tiny FOSS project and the main app we’re developing is neither relying on IPFS nor any blockchain, doesn’t directly involve money, and isn’t even really launched yet.)