Possible DDOS attack?


Some of you may have noticed that the us1 satellite uploads a lot of tiny files and then sends a lot of these files to the trash these days
It’s bad for our hard drives and it slows down all of my nodes.
It takes a very long time to move a node to another hard drive with rsync.The I/O pushes my hard drives to the maximum because of the tiny files.
I don’t realy know how works the customer side but is it possible that someone with hacked PCs try to make a DDOS attack ?
It will not cost to much money because the files will never be downloaded but put to trash.

It’s just an idea to think about, not an accusation

1 Like

It would be poorly targeted relying on the Satellites to choose nodes for you, so it would not be a very good DDOS attach versus just hammering your listening port with too many requests.

How I understand it, is that all files are small files by the nature of them being sliced up and distributed.

Some people may be using Storj as a sharing platform. Upload something to Storj, provide the user the link, let the user download it. Then delete the file afterwards. Repeat. You end up with a lot of files being deleted.

Even with backups, you can have situations where you don’t keep backups forever due to cost concerns as well as the need to purge data at set times due to policy. Someone might upload today’s backup, and delete the one from two years ago they have stored on Storj DCS. Every day you get new data and deleted old data.

I have noticed that as well and mentioned it in another thread.

Short version of it:
My node received 8 uploads per second, which overlaoded it and the logs show that some transfers from multiple satellites took insanely long (10 minutes for a 1kB file) and still completed (not canceled). Either the log is wrong (canceled uploads show as completed or the timestamps are wrong) or it was a kind-of DOS attack.

Something is not right there.

Yeah, if I cared enough, I’d implement what I had in mind in the past, which is using some historical data to blacklist uploading IPs. It’s… I guess… good for the network I don’t care enough.


I don’t think the DDOS attack is against me, but against the Storj project.


I was thinking about your thread when i said : Some of you may have noticed… :wink:

Agreed on this behaviour, although it’s probably a customer trying out their code on US1 as it doesn’t say don’t use for Development use :frowning:

For my node, the ramp up started on the 8th October 21 from US1, and by the looks of it an S3 gateway so can’t block or trace the IP client.

Upload pattern is horrible, literally 10’s of thousands of generally small files being uploaded, then around 1/3 of them being deleted - blue line on graph is trash delete process, constantly above 5k requests.


We have escalated this issue to our dev team who are currently actively investigating the root cause.