Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory Utilization Percent is running high (Potencial DDoS attack?) #1

Open
josecelano opened this issue Jan 30, 2025 · 0 comments
Open

Memory Utilization Percent is running high (Potencial DDoS attack?) #1

josecelano opened this issue Jan 30, 2025 · 0 comments

Comments

@josecelano
Copy link
Member

josecelano commented Jan 30, 2025
edited
Loading

It seems we have starting having some users in the service. Yesterday I started receiving some alerts from Digital Ocean:

Image

And it seems nginx container have been restarted:

docker ps
CONTAINER ID   IMAGE                       COMMAND                  CREATED       STATUS                 PORTS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NAMES
0f0baadcc222   nginx:mainline-alpine       "/docker-entrypoint.…"   8 weeks ago   Up 5 hours             0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               proxy
f68aebf2b043   torrust/hash2torrent:main   "/usr/local/bin/entr…"   8 weeks ago   Up 8 weeks (healthy)   0.0.0.0:3000->3000/tcp, :::3000->3000/tcp, 0.0.0.0:33021->51000/tcp, [::]:33021->51000/tcp, 0.0.0.0:33022->51001/tcp, [::]:33022->51001/tcp, 0.0.0.0:33023->51002/tcp, [::]:33023->51002/tcp, 0.0.0.0:33024->51003/tcp, [::]:33024->51003/tcp, 0.0.0.0:33025->51004/tcp, [::]:33025->51004/tcp, 0.0.0.0:33026->51005/tcp, [::]:33026->51005/tcp, 0.0.0.0:33027->51006/tcp, [::]:33027->51006/tcp, 0.0.0.0:33028->51007/tcp, [::]:33028->51007/tcp, 0.0.0.0:33029->51008/tcp, [::]:33029->51008/tcp, 0.0.0.0:33030->51009/tcp, [::]:33030->51009/tcp, 0.0.0.0:33031->51010/tcp, [::]:33031->51010/tcp   hash2torrent

Digital Ocean graphs:

Image

There are 4644 files in the torrents cache. The first days after the release I checked it regularly but nobody was using it.

We also have some suspicious torrents with similar prefixes from info-hashes:

. . .
├── ffa9b550763d4d7e322d89df294e5d7da46600ee.torrent
├── ffc311718ec7a555426e0a7d2fe016a66d40dc93.torrent
├── ffcd4e34ec068f276605bb619f29827f41c94f7d.torrent
├── fff8139712d0e647c8833feba95b3dbb4d5cd9ef.torrent
├── fff8e4a650e6cd2a52cb5d075720fc8cc4dfd49e.torrent
├── fffd335ab6b70f8a49034770eef151dc53d56faa.torrent
└── ffffac77de5620edd33109df7b630eef1b09fa0d.torrent

It happened something similar on the index/tracker demo.

cc @da2ce7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@josecelano