Avatar
jascha 2y ago

Yesterday and overnight seen a few variations on the spam attacks. With nostr:npub16fcy8ynknssdv7s487nh4p2h4vr3aun64lpfea45d7h4sts9jheqevshgh noticed some Chinese language posts mentioning using Relayable relays. Not long after saw our US relay getting an influx of Chinese language posts and Spam from Chinese IPs. Which is odd since someone in mainland China would be directed by our latency based DNS routing to our Singapore relay.

These spam posts are much more evasive than others usng short or long string. Seems to be effecting a lot of relays. We have blocked IPs and found sources of a lot of the spam. The previous spam over weekend was tracked to US and Spain IPs. Adding more policies to thwart these type of attacks. If run relay feel free to DM me for the IP list. 🤙🫂

Examples:

Reply to this note

Please Login to reply.

Discussion

Avatar
jascha 2y ago

One interesting behavior is if tag as spam in Amethyst after a few minutes you get another random account replying to that. It seems to have a purposeful delay to (I assume) avoid rate-limiting.

Example:

Avatar
Dan Wedge 2y ago

Long term are you more worried about the transmission of the spam or the ability for it to by pass the “spam firewall settings?”

Avatar
jascha 2y ago

Both. I was purposely baiting the bots overnight to get them to reveal IPs and tactics. The Chinese spam I started to get seemed more organized and focused after the influx of real Chinese users. So in my fiat life this alludes to something usually more sinister. Still digging into it but some source IPs are Chinese govt potentially.

Avatar
iefan 🕊️ 2y ago

It is quite peculiar; something seems to be happening. 🤔

Avatar
Dan Wedge 2y ago

It would seem its an attack on the infrastructure rather than the user?

Would a mass spam potentially limit or DNS a relay?

Avatar
mIX 2y ago

I could be completely wrong here, but is it possible the Chinese government would use a tactic like this to get the IPs coming out of China blocked in order to block Nostr usage to the average citizen? The fact that it's coming directly from the mainland makes me wonder.

Since they can't firewall Nostr, get the Nostr interfaces to block them instead? I realize they could also go to the relay directories and find and block that way too, but this just seems to fill gaps?

If they don't want people talking on Nostr in the first place, they don't care if they get blocked, right? 🤔

Avatar
jascha 2y ago

Perhaps, but I notice a lot of the non-spam Chinese language posts are via US VPNs. This is how hitting the US relay in many cases. So seems more like if Chinese govt just trying to make relays unusable or get people to stop using relays that Chinese are using.

Avatar
jascha 2y ago

Another version of spam seeing is spam complaining about spam (inception spam?). The irony is not lost on me. 🤣

Avatar
jeff 2y ago

🤣🤣🤣

Avatar
jascha 2y ago

Another is the "cat hugger"

Example: