For the past few weeks, there have been attacks on Hive Engine. I'm not sure if it is an intentional attack or someone writing a bad query to get some data. But it appears to be a bad actor because the same type of request is hitting Hive Engine from different IP addresses. We have had similar issues in the past too, and we have created so many improvements to mitigate these issues. Currently, again the issue is being investigated and if there can be a permanent solution for this, it will be implemented.
It is hard to find out who is doing the attack but we can only get the list of IP addresses doing this bad query to slow down the system. My nodes struggled a little bit because I have been operating some public nodes. For those who are operating public nodes, this can be a problem because the trafic hits the public node and it takes times to get executed. There are two ways in which this can be handled. One is through a firewall to prevent IP addresses from bombarding the API node with requests. Restrictions can be set in place.
The other way to handle the issue is to work on the RPC node itself and have some filters and indexing in place so that it can handle bad query runners. Sometimes when people are bombarded with many requests or bigger request, even to reject the system can take some time. Block production or chain movement is not affected because of this issue however if a public node is very busy or at 100 percent utilization, block signing can also get affected because the response time to p2p node will be high.
We have come across many improvements to Hive Engine's core codebase, and I hope this also gets handled soon. Currently, the solution people are doing is to block the IP addresses that are troublesome and keeping the node behind cloudflare is also helpful because we can configure a few things there to handle DDoS attacks. Private nodes will not have any problems with this issue.
If you like what I'm doing on Hive, you can vote me as a witness with the links below.
 |
 |
 |
Posted Using INLEO
Is there a danger of getting hack?
Always, but not as a result of this. This is more of a dos (denial of service) attack trying to make the service inaccessible to users.
This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.
Do you know that you can earn a passive income by delegating to @indiaunited. We share more than 100 % of the curation rewards with the delegators in the form of IUC tokens. HP delegators and IUC token holders also get upto 20% additional vote weight.
Here are some handy links for delegations: 100HP, 250HP, 500HP, 1000HP.
100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited..
This post received an extra 20.00% vote for delegating HP / holding IUC tokens.
Yeah well blocking ip is just a temporary solution, they will just use a proxy or a vpn, or just a dynamic ip isp... Block too many requests from the same ip could be good
Bad actors always up to something. Hive has really done it best when it comes to security till date. I hope this hackers don't find ways to discourage new investors from coming into the chain.
I observed the past week that HE has been down several times. Is it related to the attack? I wonder how it is done and what the attackers get from it.