Closed bentwnghk closed 4 months ago
是的。但看起来刷的频率也没那么高。 这个是图什么呢。
大概每30秒至1分鐘刷一次。應該來自我其中一個新註冊用戶,他剛剛註冊便充值了十美元,但從未使用過一個token。
他的意圖究竟是什麼呢?
有方法可以知道他的真實 IP? 另外有沒有方法可以 block 了他?
config.yaml新增trusted_header参数,在使用cf代理时,可以将它设置成CF-Connecting-IP来获取用户的真实IP。 如果你使用其他的,请填写存储真实IP的头部
我没碰到,但是这个的确很奇怪,如果是撞key,不会用这么短的
config.yaml新增trusted_header参数,在使用cf代理时,可以将它设置成CF-Connecting-IP来获取用户的真实IP。 如果你使用其他的,请填写存储真实IP的头部
我沒有使用 Cloudflare 做代理,只是直接存取 LLM API,可以如何設置?
我没碰到,但是这个的确很奇怪,如果是撞key,不会用这么短的
是的呢,但按理他沒可能不知道 key 沒有那麼短的吧
也可能是下游用户做状态监控,我自己做状态监控就是时间范围内随机时间发送错误key看是否能准确获取401以评估服务健康情况
增加了一个 判断令牌长度直接拒绝的逻辑,避免频繁请求数据库
例行检查
问题描述 最近查看 logs,发現不尋常活動,懷疑是遭到 brute force attack。請教我的猜測對嗎?
复现步骤
预期结果
相关截图 2024/07/25 15:02:36 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.945ms] [rows:0] SELECT FROM
tokens
WHEREkey
= 'nk' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:02:36 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:02:36 ERROR 20240725150236362262422SGT1bcII | 无效的令牌 2024/07/25 - 15:02:36 INFO GIN request {"status": 401, "request_id": "20240725150236362262422SGT1bcII", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.476371ms"} 2024/07/25 15:03:13 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.402ms] [rows:0] SELECT FROMtokens
WHEREkey
= 'ak' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:03:13 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:03:13 ERROR 202407251503137738440964M9tN7Mt | 无效的令牌 2024/07/25 - 15:03:13 INFO GIN request {"status": 401, "request_id": "202407251503137738440964M9tN7Mt", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "895.685µs"} 2024/07/25 15:03:41 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.773ms] [rows:0] SELECT FROMtokens
WHEREkey
= 'junior' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:03:41 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:03:41 ERROR 20240725150341861143877V4zyu6Rz | 无效的令牌 2024/07/25 - 15:03:41 INFO GIN request {"status": 401, "request_id": "20240725150341861143877V4zyu6Rz", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.301113ms"} 2024/07/25 15:04:13 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.571ms] [rows:0] SELECT FROMtokens
WHEREkey
= 'nk' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:04:13 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:04:13 ERROR 20240725150413738604118EjwiJkHX | 无效的令牌 2024/07/25 - 15:04:13 INFO GIN request {"status": 401, "request_id": "20240725150413738604118EjwiJkHX", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.024305ms"} 2024/07/25 15:04:45 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [2.312ms] [rows:0] SELECT FROMtokens
WHEREkey
= 'ak' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:04:45 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:04:45 ERROR 20240725150445504727430TJjdG2rL | 无效的令牌 2024/07/25 - 15:04:45 INFO GIN request {"status": 401, "request_id": "20240725150445504727430TJjdG2rL", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.729727ms"} 2024/07/25 15:05:19 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.704ms] [rows:0] SELECT FROMtokens
WHEREkey
= 'thx1138' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:05:19 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:05:19 ERROR 20240725150519979839591KTBfvKU7 | 无效的令牌 2024/07/25 - 15:05:19 INFO GIN request {"status": 401, "request_id": "20240725150519979839591KTBfvKU7", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.290163ms"} 2024/07/25 15:05:48 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.620ms] [rows:0] SELECT FROMtokens
WHEREkey
= 'nk' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:05:48 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:05:48 ERROR 20240725150548633862343EpiFbNU3 | 无效的令牌 2024/07/25 - 15:05:48 INFO GIN request {"status": 401, "request_id": "20240725150548633862343EpiFbNU3", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.107216ms"} 2024/07/25 - 15:05:56 INFO [SYS] | syncing options from database 2024/07/25 15:06:21 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [0.596ms] [rows:0] SELECT FROMtokens
WHEREkey
= 'ak' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:06:21 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:06:21 ERROR 2024072515062112060682XctkqyW2 | 无效的令牌 2024/07/25 - 15:06:21 INFO GIN request {"status": 401, "request_id": "2024072515062112060682XctkqyW2", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.089956ms"} 2024/07/25 15:06:54 /home/runner/work/one-api/one-api/model/cache.go:30 record not found [1.771ms] [rows:0] SELECT * FROMtokens
WHEREkey
= 'porno' ORDER BYtokens
.id
LIMIT 1 2024/07/25 - 15:06:54 ERROR [SYS] | CacheGetTokenByKey failed: record not found 2024/07/25 - 15:06:54 ERROR 2024072515065479123325u4jHfTzi | 无效的令牌 2024/07/25 - 15:06:54 INFO GIN request {"status": 401, "request_id": "2024072515065479123325u4jHfTzi", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.142986ms"}