DDoS against public IPFS gateways?

Since earlier this week, we have what looks like a DDoS attack going on against our (very small and unknown) public IPFS gateway. It was both filling up our disks, as well as nginx throwing 500s from running out of file handles for serving parallel requests.

Since we don’t intend for it to be a general gateway, but mostly to serve pinned documents for our own project, we have set NoFetch to true and are now banning all IP addresses that exceed a handful of 404s for a couple of days.

The number of IPFS addresses banned (i.e. doing a lot of regular requests despite never receiving files) is currently hovering around the 72,000 mark. Now, the question I have for other people hosting public gateways is if this happened to someone else before? It seems like an odd vector for attacking our project specifically, so I’m currently guessing it’s someone targeting public IPFS gateways in general. But I’m not sure. (Also, it’s a rather uncontroversial, tiny FOSS project and the main app we’re developing is neither relying on IPFS nor any blockchain, doesn’t directly involve money, and isn’t even really launched yet.)

1 Like

This is normal. Did you add your gateway to Public Gateway Checker | IPFS ? This is usually how gateways are discovered by abusers.

There is some very popular movie-related app in China that will hammer gateways requesting content. I think they hammer multiple ones, cancelling requests if some other gateway is responding faster. They don’t care if your gateway 404s. The 72k blocked IPs mark is consistent with my own experience.

Unfortunately, blocking IPs like you do is the best approach to curb this abuse. On the plus side, it is probably not a DDoS attack against you specifically.

3 Likes

Great, thanks! That’s very helpful. :pray:

Did anyone try to contact them about it yet? They might not even do this intentionally, or realize the impact that they’re having.

We did not publish our gateway URL to any directories or other websites. It’s only mentioned on our wiki somewhere.

Then I guess they have other discovery mechanisms…