DDoS against public IPFS gateways?

raucao · November 18, 2022, 1:39pm

Since earlier this week, we have what looks like a DDoS attack going on against our (very small and unknown) public IPFS gateway. It was both filling up our disks, as well as nginx throwing 500s from running out of file handles for serving parallel requests.

Since we don’t intend for it to be a general gateway, but mostly to serve pinned documents for our own project, we have set NoFetch to true and are now banning all IP addresses that exceed a handful of 404s for a couple of days.

The number of IPFS addresses banned (i.e. doing a lot of regular requests despite never receiving files) is currently hovering around the 72,000 mark. Now, the question I have for other people hosting public gateways is if this happened to someone else before? It seems like an odd vector for attacking our project specifically, so I’m currently guessing it’s someone targeting public IPFS gateways in general. But I’m not sure. (Also, it’s a rather uncontroversial, tiny FOSS project and the main app we’re developing is neither relying on IPFS nor any blockchain, doesn’t directly involve money, and isn’t even really launched yet.)

hector · November 18, 2022, 1:47pm

This is normal. Did you add your gateway to Public Gateway Checker | IPFS ? This is usually how gateways are discovered by abusers.

There is some very popular movie-related app in China that will hammer gateways requesting content. I think they hammer multiple ones, cancelling requests if some other gateway is responding faster. They don’t care if your gateway 404s. The 72k blocked IPs mark is consistent with my own experience.

Unfortunately, blocking IPs like you do is the best approach to curb this abuse. On the plus side, it is probably not a DDoS attack against you specifically.

raucao · November 18, 2022, 2:02pm

Great, thanks! That’s very helpful.

Did anyone try to contact them about it yet? They might not even do this intentionally, or realize the impact that they’re having.

We did not publish our gateway URL to any directories or other websites. It’s only mentioned on our wiki somewhere.

hector · November 21, 2022, 8:28am

Then I guess they have other discovery mechanisms…

Topic		Replies	Views
Dynamic content blocking on an IPFS gateway Kubo	5	738	September 3, 2020
Why is IPFS using so much bandwidth when I'm not fetching or hosting content? Help	2	575	November 15, 2018
IPFS daemon seems to consistently kills my wifi connection - Is it just me?	1	498	November 11, 2020
504 Gateway Time-out on all public Gateways IPFS	1	360	March 25, 2022
IPFS Server Log remote access to Gateway Help	13	1772	June 22, 2018

DDoS against public IPFS gateways?

Related Topics