MartialBE / one-hub

OpenAI 接口管理 & 分发系统,改自songquanpeng/one-api。支持更多模型,加入统计页面,完善非openai模型的函数调用。
https://one-hub.xiao5.info/
Apache License 2.0
1.2k stars 241 forks source link

Brute force attacks? #322

Closed bentwnghk closed 4 months ago

bentwnghk commented 4 months ago

例行检查

问题描述 最近查看 logs,发現不尋常活動,懷疑是遭到 brute force attack。請教我的猜測對嗎?

复现步骤

预期结果

相关截图 2024/07/25 15:02:36 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.945ms] [rows:0] SELECT FROM tokens WHERE key = 'nk' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:02:36 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:02:36 ERROR 20240725150236362262422SGT1bcII | 无效的令牌 2024/07/25 - 15:02:36 INFO GIN request {"status": 401, "request_id": "20240725150236362262422SGT1bcII", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.476371ms"} 2024/07/25 15:03:13 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.402ms] [rows:0] SELECT FROM tokens WHERE key = 'ak' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:03:13 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:03:13 ERROR 202407251503137738440964M9tN7Mt | 无效的令牌 2024/07/25 - 15:03:13 INFO GIN request {"status": 401, "request_id": "202407251503137738440964M9tN7Mt", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "895.685µs"} 2024/07/25 15:03:41 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.773ms] [rows:0] SELECT FROM tokens WHERE key = 'junior' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:03:41 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:03:41 ERROR 20240725150341861143877V4zyu6Rz | 无效的令牌 2024/07/25 - 15:03:41 INFO GIN request {"status": 401, "request_id": "20240725150341861143877V4zyu6Rz", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.301113ms"} 2024/07/25 15:04:13 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.571ms] [rows:0] SELECT FROM tokens WHERE key = 'nk' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:04:13 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:04:13 ERROR 20240725150413738604118EjwiJkHX | 无效的令牌 2024/07/25 - 15:04:13 INFO GIN request {"status": 401, "request_id": "20240725150413738604118EjwiJkHX", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.024305ms"} 2024/07/25 15:04:45 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [2.312ms] [rows:0] SELECT FROM tokens WHERE key = 'ak' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:04:45 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:04:45 ERROR 20240725150445504727430TJjdG2rL | 无效的令牌 2024/07/25 - 15:04:45 INFO GIN request {"status": 401, "request_id": "20240725150445504727430TJjdG2rL", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.729727ms"} 2024/07/25 15:05:19 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.704ms] [rows:0] SELECT FROM tokens WHERE key = 'thx1138' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:05:19 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:05:19 ERROR 20240725150519979839591KTBfvKU7 | 无效的令牌 2024/07/25 - 15:05:19 INFO GIN request {"status": 401, "request_id": "20240725150519979839591KTBfvKU7", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.290163ms"} 2024/07/25 15:05:48 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.620ms] [rows:0] SELECT FROM tokens WHERE key = 'nk' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:05:48 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:05:48 ERROR 20240725150548633862343EpiFbNU3 | 无效的令牌 2024/07/25 - 15:05:48 INFO GIN request {"status": 401, "request_id": "20240725150548633862343EpiFbNU3", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.107216ms"} 2024/07/25 - 15:05:56 INFO [SYS] | syncing options from database 2024/07/25 15:06:21 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.596ms] [rows:0] SELECT FROM tokens WHERE key = 'ak' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:06:21 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:06:21 ERROR 2024072515062112060682XctkqyW2 | 无效的令牌 2024/07/25 - 15:06:21 INFO GIN request {"status": 401, "request_id": "2024072515062112060682XctkqyW2", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.089956ms"} 2024/07/25 15:06:54 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.771ms] [rows:0] SELECT * FROM tokens WHERE key = 'porno' ORDER BY tokens.id LIMIT 1 2024/07/25 - 15:06:54 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:06:54 ERROR 2024072515065479123325u4jHfTzi | 无效的令牌 2024/07/25 - 15:06:54 INFO GIN request {"status": 401, "request_id": "2024072515065479123325u4jHfTzi", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.142986ms"}

MartialBE commented 4 months ago

是的。但看起来刷的频率也没那么高。 这个是图什么呢。

bentwnghk commented 4 months ago

大概每30秒至1分鐘刷一次。應該來自我其中一個新註冊用戶,他剛剛註冊便充值了十美元,但從未使用過一個token。

他的意圖究竟是什麼呢?

bentwnghk commented 4 months ago

有方法可以知道他的真實 IP? 另外有沒有方法可以 block 了他?

MartialBE commented 4 months ago

config.yaml新增trusted_header参数,在使用cf代理时,可以将它设置成CF-Connecting-IP来获取用户的真实IP。 如果你使用其他的,请填写存储真实IP的头部

woodchen-ink commented 4 months ago

QQ_1721903950833

woodchen-ink commented 4 months ago

我没碰到,但是这个的确很奇怪,如果是撞key,不会用这么短的

bentwnghk commented 4 months ago

config.yaml新增trusted_header参数,在使用cf代理时,可以将它设置成CF-Connecting-IP来获取用户的真实IP。 如果你使用其他的,请填写存储真实IP的头部

我沒有使用 Cloudflare 做代理,只是直接存取 LLM API,可以如何設置?

bentwnghk commented 4 months ago

我没碰到,但是这个的确很奇怪,如果是撞key,不会用这么短的

是的呢,但按理他沒可能不知道 key 沒有那麼短的吧

ZeroDeng01 commented 4 months ago

也可能是下游用户做状态监控,我自己做状态监控就是时间范围内随机时间发送错误key看是否能准确获取401以评估服务健康情况

MartialBE commented 4 months ago

增加了一个 判断令牌长度直接拒绝的逻辑,避免频繁请求数据库