Excessive API noise from HaikuDepot?
kallisti5 opened this issue · comments
I noticed on our server that a single IP from Canada has made 9,447 requests to depot.haiku-os.org over an hour.
Is this some targeted attack, or is HaikuDepot just way too agressive in polling stuff?
Here's a partial list of the top HTTP requests:
3923 /__api/v1/authorization
2017 /__api/v1/pkg
1288 /__api/v1/miscellaneous
652 /__api/v1/userrating
323 /
322 /__js/app/directive/naturallanguagechooser.html
322 /__js/app/directive/modalcontainer.html
322 /__js/app/directive/breadcrumbs.html
322 /__js/app/directive/banner.html
322 /__js/app/controller/viewpkg.html
322 /__api/v1/repository
7 /__img/breadcrumbseparator.svg
6 /__jawr/js/gzip_N798099307/bundles/app.js
6 /__jawr/js/gzip_1335435818/bundles/libs.js
6 /__jawr/css/gzip_1612448890/bundles/app.css
6 /__img/staroff.svg
6 /__img/paginationright.svg
6 /__img/paginationleft.svg
6 /__img/newwindow.svg
6 /__img/modalclose.svg
6 /__img/haikudepot.svg
6 /__img/haikudepot-error.png
6 /__img/feed.svg
6 /__img/download.svg
4 /__pkgicon/18thcenturykurrentfont.png?f=true&s=24&m=1495981628288
4 /__img/haikudepot16.png
3 /__pkgscreenshot/6ae49b1d-dc30-4b48-ba7f-bffa9b025ff9.png?m=1495981628288&tw=320&th=160
3 /__pkgicon/survivantfont.png?f=true&s=24&m=1495979684427
3 /__pkgicon/18thcenturykurrentfont.png?f=true&s=32&m=1495981628288
2 /__pkgscreenshot/e940716b-9d76-4f5b-a8af-9435d3e07620.png?m=1485986446306&tw=227&th=240
2 /__pkgscreenshot/d40b10e4-0883-43ba-9c64-f4a84db5c023/raw
2 /__pkgscreenshot/d40b10e4-0883-43ba-9c64-f4a84db5c023.png?m=1495979684427&tw=320&th=160
2 /__pkgscreenshot/d1575b45-21df-4153-8282-7e287df2c415.png?m=1483323923907&tw=320&th=200
2 /__pkgscreenshot/aba8a3ac-15b5-4796-8713-103e2489a29d.png?m=1497175366914&tw=320&th=160
2 /__pkgscreenshot/9637790c-bfb1-49cb-9bb6-ed3f81571c60.png?m=1479608660463&tw=310&th=240
2 /__pkgscreenshot/854149e7-b0fd-4279-a78c-0dce2bba9454.png?m=1497175353671&tw=320&th=195
2 /__pkgscreenshot/84296ffd-7209-45a7-ae48-400f9cd94d15.png?m=1495981641189&tw=320&th=160
2 /__pkgscreenshot/7eba1c35-b652-45b1-acdb-a6256c6e3ca5.png?m=1488803252178&tw=292&th=240
2 /__pkgscreenshot/41fbdc04-00d5-4c46-b3f8-d4427d86fc1c.png?m=1495979973307&tw=320&th=160
2 /__pkgicon/wgetter.png?f=true&s=32&m=1505697854991
2 /__pkgicon/watertorturefont.png?f=true&s=24&m=1495979480541
2 /__pkgicon/valkyrofont.png?f=true&s=24&m=1495979628133
2 /__pkgicon/unanimousfont.png?f=true&s=24&m=1495978384010
2 /__pkgicon/technetiumfont.png?f=true&s=24&m=1495978481590
2 /__pkgicon/tcping.png?f=true&s=32&m=1461115465082
2 /__pkgicon/tallymarkfont.png?f=true&s=24&m=1501535942144
2 /__pkgicon/survivantfont.png?f=true&s=32&m=1495979684427
2 /__pkgicon/sujetafont.png?f=true&s=24&m=1495978504663
2 /__pkgicon/speedwayfont.png?f=true&s=24&m=1500535330119
2 /__pkgicon/snigletfont.png?f=true&s=24&m=1501536482907
2 /__pkgicon/shalbum.png?f=true&s=32&m=1498502755962
2 /__pkgicon/sanctuaryfont.png?f=true&s=24&m=1495978613673
2 /__pkgicon/realplayer.png?f=true&s=24&m=1488803252178
2 /__pkgicon/qmediainfo_x86.png?f=true&s=32&m=1483323923907
2 /__pkgicon/qmediainfo_x86.png?f=true&s=24&m=1483323923907
2 /__pkgicon/pmmp.png?f=true&s=32&m=1485986446306
2 /__pkgicon/pmmp.png?f=true&s=24&m=1485986446306
2 /__pkgicon/openyoutube.png?f=true&s=32&m=1467747730621
2 /__pkgicon/nullpointerfont.png?f=true&s=24&m=1495979292816
2 /__pkgicon/nanoblogger.png?f=true&s=32&m=1498502541346
2 /__pkgicon/gnufreefonts.png?f=true&s=24&m=1495980942610
2 /__pkgicon/gaussjordanfont.png?f=true&s=32&m=1495980911623
2 /__pkgicon/flickrfind.png?f=true&s=32&m=1467747680226
2 /__pkgicon/discotheek.png?f=true&s=32&m=1479608660463
2 /__pkgicon/discotheek.png?f=true&s=24&m=1479608660463
2 /__pkgicon/deluxepaintcomicfont.png?f=true&s=32&m=1497175366914
2 /__pkgicon/deluxepaintcomicfont.png?f=true&s=24&m=1497175366914
2 /__pkgicon/damasefont.png?f=true&s=32&m=1497175353671
2 /__pkgicon/damasefont.png?f=true&s=24&m=1497175353671
2 /__pkgicon/codonfont.png?f=true&s=24&m=1497175324732
2 /__pkgicon/chunkfont.png?f=true&s=24&m=1497175305720
2 /__pkgicon/blackoutfont.png?f=true&s=24&m=1495981216832
2 /__pkgicon/beryliumfont.png?f=true&s=24&m=1495981162092
2 /__pkgicon/bernardomodafont.png?f=true&s=24&m=1495981137707
2 /__pkgicon/berlinemailfont.png?f=true&s=24&m=1495981125567
2 /__pkgicon/beonfont.png?f=true&s=24&m=1495981110135
2 /__pkgicon/benegraphicfont.png?f=true&s=24&m=1495981093574
2 /__pkgicon/beltanefont.png?f=true&s=24&m=1495981066733
2 /__pkgicon/bazaronitefont.png?f=true&s=24&m=1495981051057
2 /__pkgicon/baskervaldfont.png?f=true&s=24&m=1495981038086
2 /__pkgicon/averiasansfont.png?f=true&s=24&m=1495981614722
2 /__pkgicon/average.png?f=true&s=32&m=1483323848609
2 /__pkgicon/aurelisadffont.png?f=true&s=24&m=1495981505130
2 /__pkgicon/alegreyafont.png?f=true&s=24&m=1495981273694
2 /__pkgicon/akronnbpfont.png?f=true&s=24&m=1495981259201
2 /__pkgicon/airbrushfont.png?f=true&s=32&m=1495979973307
2 /__pkgicon/2prongtreefont.png?f=true&s=32&m=1495981641189
2 /__img/haikudepot-error.svg
2 /favicon.ico
2 /__error
1 /__pkgscreenshot/fff28959-aee4-435d-8d78-6a07a799d908/raw
Hello Alex; Are you able to get the User-Agent for those requests? Those don't look like HTTP requests from the HaikuDepot desktop application, but requests from use of the web application. The heavy use of the 'authorization' endpoint makes me ponder if there isn't a bug somehow so I will look into that.
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0"
Unless the web ui should be hitting out server 140,923 times over the last 24-hours from a single IP, i'm guessing it is some kind of attempted attack.
I'm going to block that user.
Hi Alex; Yes I think your assessment would be correct; that's a crazy hit rate. Blocking makes sense. Is it OK to close the ticket?
Yeah, we can close it.
I implemented a rate limit on HDS in traefik as well to slow down brute force attacks.. I don't think normal users will trigger it.