Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Excessive, unwanted HTTP requests made to my server by your clients
See original GitHub issueHello. I’d like to congratulate you on this really neat re-implementation of a “blockchain”, or as we, people who actually paid attention in computer science classes like to call them, “Merkle trees,” a revolutionary data structure first invented and widely used since at least 1979.
Now, to be perfectly honest with you, I have no idea what one would actually want or need a “blockchain” for (other than tax evasion or mail ordering drugs), but before we get all excited to go get some money out of naive venture capitalists (hi @a16z invest in my tor drug empire when you decide to actually make some money off this bitcoin thing lol), could you explain why my server is receiving hundreds of HTTP requests per second on ports 8000 and 8001, from thousands of random IP addresses seemingly running this software?
My server’s IP address is 94.237.41.193, and in case I didn’t make it clear enough, it is not a Lisk node, it’s not participating in any Blockchain/Sidechain/Ledger, or any other fairy-tale technology meant to excite CEOs and other non-technical manager types who do not understand the complexity of distributed systems.
I’d like to ask you to either immediately release a hotfix release with my server’s IP blacklisted, or pay me $500 US dollars (in real, not imaginary unicorn-fart money) to upgrade my cloud instance to accommodate all this unwanted traffic for the next two years.
Expected behavior
- My server does not need a Blockchain.
- My server does not want a Blockchain.
- It should not be receiving any traffic from people running this software.
Actual behavior
- Your software seems to think my server needs a Blockchain, it does not.
- Your software seems to think my server wants a Blockchain, it does not.
- My server is receiving thousands of unwanted HTTP requests on port 8000 and 8001, averaging almost 500MB of unwanted traffic per hour, or 360GB per month.
- It looks like this:
GET /socketcluster/?version=1.6.0&protocolVersion=1.0&wsPort=8001&httpPort=8000&nethash=ed14889723f24ecc54871d058d98ce91ff2f973192075c0155ba2b7b70ad2511&nonce=1VDK407vm3QIIKK4 HTTP/1.1
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: mFwRx6eI96BFYbwJj6Vy6Q==
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Steps to reproduce
- Have a server with the IP address
94.237.41.193. - Look at the IPTables logs, wonder why some idiot is trying to DDoS you with HTTP requests on filtered ports, when there are open ports 80 and 443 to hit instead.
- Use tcpdump to capture the HTTP requests. Realise it’s actually some poorly written blockchain software. Pretend to act surprised.
- Open a sassy Github issue asking them to either cover the cost of the bandwidth or blacklist my IP address.
Which version(s) does this affect? (Environment, OS, etc…)
NixOS GNU/Linux. A certified blockchain-free™ environment.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:43
- Comments:10 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
you are very very smart @tjg1 you must of attended a LOT of computer science classes 😃
Yes,
bedlam.megane.space, that’s the reverse DNS PTR record of my server. You know, DNS. That thing when you type in a domain likegoogle.cominto your web browser, which lets your computer know what IP address it points to. PTR records are like that, but in reverse. They resolve IP addresses into domain names.Thing is, I have never run your software on my server. And it will never become active again, because I never intend on running your software on my server. What somebody else did in the past with the same IP address is none of my business. In fact, said PTR record would have never existed while they were doing it, because I’m the one who set it up.
Now let me attempt to get through your thick skulls why what you’re doing is bad.
Let’s say I have a really bad ISP at home. 1Mbps download. I have a dynamic IP address that changes periodically. I was just assigned a new IP address and it just so happens that whoever had the IP beforehand, was running a Lisk node. Now I’m getting hundreds of unwanted connections per second, that if they don’t overload the bottom-of-the-barrel router that my ISP gave me, are going to slow down my Internet connection by 50%. Whose fault is it?
Or maybe in a language you can understand.
Let’s say I’m some has-been media personality. I just read about this hot new blockchain tech thing in Fortune magazine. My music career isn’t doing so great anymore, so I phone up my loser nerd cousin to try to get in on this thing. She forks bitcoin-core, changes a few strings, and we announce our new ICO on my Twitter account. People fall for it, the money keeps rolling in, so I dump all the profits and get myself a new boat with expensive satellite broadband. Unknowingly to me, the satellite ISP just got a new IPv4 assignment and whoever was using the IP address of my boat previously, was running a Lisk node. It’s getting half a GB of traffic per hour that I have to pay $10 / 10MB for. When I get back from my cruise and get the bill, all my ICO profits are gone. Now, whose fault is it?
Now can you please blacklist my IP address from your software? Or even better, fix your software, so it’s not DDoSing random IP addresses?