Very popular with Opera users and users who are very eager to read events that do not exist from randomly inactive pubkeys.
I don't know, I've spent countless hours trying to improve or fix this situation. I can't identify any blockable pattern aside from the tons of traffic already being blocked, but I also don't have experience with this stuff. It does feel very erratic and nonsense, and coming from a large number of IP addresses, but it's probably not a targeted DDoS in the classic sense.
Block Opera. Easy fix.
It's not just Opera, it's very random, that was just one example. But if there is any Opera user-agent strings that's gotta be because something fishy is going on, right?
OK, I've blocked a huge ton of IP addresses now. Let me know if you were affected (which means assuming your guilt).
Isn't the internet very broken if attacks of this kind are possible?
I think you should put up a stats page so we can all bask in the glory of how popular nostr is from non-nostr clients. The other stats are just lame. njump would actually be a better DAU count.
There's an effect, on any website, that when someone even semi-popular mentions something, everyone goes to it at once, it will likely fall over. To run an njump you would probably want to at least cache the previous results on a CDN or something right? I guess, I didn't realize you weren't doing that. It looks like it's just a server with the stuff cached on it's disk.
Or, it sounds like some of the issue is it's getting requested many events it cannot find? IE, they just randomly ask for random IDs with no relay hints or anything and you have to go scrape that for them each time?
I admire the idea, but it all sounds hard and prone to being a victim of it's own success.
There is Cloudflare cache in front of everything, and we also cache events internally, so a second hit for the same page, if it happens, should be immediately cheap.
But yes, there are a lot of requests for events that probably do not exist or at least can't be found anywhere.
It would be worth it to double check all your cache settings. I was mostly able to hit cloudflares cache but actually the first request to the / of the site, said cache had expired. And that should just be a static site that NEVER changes. Weird. It is possible you're expiring the cache too quickly or pages are fooling cloudflare into thinking they're dynamic when they're static. I would look into all the tags and headers you're using, and cloudflare settings, and try to get it serving most of the traffic.
(good ideas from: Anthony, says you have him muted:) https://njump.me/nevent1qvzqqqqqqypzpm5aj708u9qc48m5w2a0stwfvzp2p4p9rdmmevts5mkweyl6mlmyqydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcpzemhxue69uhkyetkduhxummnw3erztnrdakj7qpq0z33mktkyffltunzf34ffcsfyf6lgdeu2clc9vj2c6km34xzezuqk6dq69
Then you can figure out how to mitigate the rando-event requestoors. If they're truly a DDoS it should be fairly obvious, and at that point, maybe you can just have people zap-subscribe to be able to add things to the njump cache. That's what I would do, you're sitting on a cash cow and you're gonna let it die off cause everyone uses it too much ;)
Yes, thank you, I'll go check these cache things again. It had just occurred me looking at the logs that / wasn't being cached on Cloudflare, but I thought event and profile pages were.
But I didn't mute nostr:npub1a6we08n7zsv2na689whc9hykpq4q6sj3kaauk9c2dm8vj0adlajq7w0tyc and I haven't received a DM from him in ages, so I don't know why he thinks that. Anyway, good ideas, I'll try them.
Now I don't think njump.me should be anyone's cash cow. It shouldn't even exist, and hopefully in the near future it will stop being necessary with browsers and other websites adopting "nostr:" URLs natively or something like that. If it dies today it will be sad and mildly disruptive, but not a fatal blow to anything.
nostr:nprofile1qqswlew3yr0ses5slf6gwflmgkkysl926drdfu3f82cxn68srlz3nqgppemhxue69uhkummn9ekx7mp0qy08wumn8ghj7mn0wd68yttsw43zuam9d3kx7unyv4ezumn9wshsz8thwden5te0dehhxarj9e3xjarrda5kuetj9eek7cmfv9kz70l9gef
