Nice little Nostr spam attack. 70k profile events. During (before blocking) and after/normal. 
Discussion
Correct after. Link didn’t copy. Doh.
Which relay comes from who got attacked?
Well in a way it replicates out as relays sync or broadcast. It started mostly on one relay and toward the end it was a lot.
I noticed this a bit comes from relay.nostr.band and other several relays. Didn't have screenshots, Amethyst shows the events around 65000±
Update:
Not sure if you notice this for now, the attacker seems to start the attack again around Mon Mar 06 20:00:00 2023 UTC - Mon Mar 06 20:30:00 2023 UTC
😄
The problem with me filtering stuff is I’m not sure what I don’t see anymore, but the network does. ha.
I do have an event rejection queue, but it’s limited in size.
I hate spending the time on it, spam is just wasting my time, but I’ve built some pretty solid detection across the board. Have a few more things in the works.
Literally just purged another 800k events from my db, by backtesting against new defences.
It is really hard for relay operator, especially for free public relay operator. They will eventually have to face this kind of DoS spam attack which seems to target their performance (bloating database). Even for you as relay operator + data scientists , need a lot of work and patience. 😅
Great works for all you've done
Yeah. It’s why I’ve built that PoW Service Provider. I’ll open source it this week. It’s not complete 100%, but good enough perhaps to whitelist pubkeys and test it.
It’s funny, I’ve mostly been messing with aggregation and spam stuff to help find performance weaknesses and address them - before the network 10x and then 10x again. I think 1000x, and we likely start seeing the network become islands, and relays become tiered into classes.
Oh, so it is like Delegated PoW service. Any suspicious users can be redirected to your service to do PoW to make them whitelisted on certain relays?
Same, we can probably see it in near future. Especially when adoption of new users increase rapidly. Honestly, client with gossip model discovery like https://github.com/mikedilger/gossip + fully implementarion of NIP-65 will alleviate some burden of relays
I’m probably going to need to clean up my relay again soon. Do you have a script that can spam detect and filter json?
I’ve been playing around with strfry’s writePolicy.plugin system this weekend. Pretty basic checks for now, but am planning on getting more sophisticated with it soon. I’ll be sure to share whatever I come up with.
yup I’ve been playing with that as well, got one set up for my private strfry relay. Would be good to have a rate limiting one for the public relay.
#[4] should have those spam filter script. He/she implemented it on nostr.mom and nos.lol
I’ve got a pretty large training set of 13k (with some dupes) spam events. You could filter labelled as spam, and perhaps hash the content into a set. Then maybe check membership?
I also have around 28k pubkeys flagged as spam I can share directly. You could review them and then delete their events.
Failing those, you could use the ML to get spam scores.. but it likely is more computational.
I’ve just purged around 2.8MM spam events. Some I can’t detect easy yet - like bogus reactions and reposts. I see them in network traffic. I just can’t do anything automatically.
Amazing! Thanks 😊
I’ll DM you the other couple lists I have.