Closed aziraphale closed 6 years ago
This is definitely a problem worth investigating. I will get onto this immediately.
I have changed it so that after 50 errors in a row, the bot will shutdown. Im not completely happy with this alternative, but its something. I also made the bot not start if not properly configured, which should cut down on the misconfigured spamming.
Cool, that should sort it. Thanks! It looks like a great plugin, I just haven't had the free time to configure it and try it out yet! :)
Hi,
I installed this plugin but didn't get around to configuring it yet, so it's been sat idle for a few weeks, I guess. Today I checked out the usage graphs for my ISP and noticed that since around midday (BST) on Saturday, we've been using a huge amount of upstream bandwidth - on the order of 50 GiB/day.
I tracked it down to my Octoprint Pi, down to Octoprint itself, and after running a packet sniffer on my router, which returned packets referencing
discordapp.com
, I traced it to this plugin. Restarting Octoprint saw the data spam continue, albeit at a much lower rate (judging by the graphs for my ISP, the data stream gradually increases over the course of 60-90 minutes). When I disabled this plugin and restarted Octoprint, the data spam ceased entirely, with just a couple of kbps background traffic remaining.Graph from Saturday, the red line is our uploads, showing around 5 Mbps, but note that we have two bonded VDSL lines, so seeing 5 Mbps on one line means that there's also 5 Mbps on the other line for a total of 10 Mbps:
Graph from Sunday (Monday, Tuesday and Wednesday look much the same):
The traffic was all going to a Cloudflare IP address,
104.16.59.5
.Upon checking my Octoprint logs folder I found that my
octoprint.log
file was 36 MiB, but previous days' logs were more than 200 MiB.The most recent
octoprint.log
almost entirely consists of these lines repeated forever:However the older log files (Saturday and earlier) also include some HTML alongside the
report-uri
line:My guess is that this plugin was attempting to do something, accidentally ended up being very spammy to someone (possibly the Report-URI service), and then that person blocked my Pi's IP address at Saturday lunchtime (the guy who runs Report-URI lives in the UK, so that's a perfectly reasonable time for him to be dealing with things like that), and then this plugin wasn't expecting the Report URI requests to 404 and just started spamming those requests, somehow doing so at increasing frequency - every 1-2 seconds judging by this
octoprint.log
!But I suspect that the main issue will be that there is no logic to keep the plugin in "idle"/standby mode if it's not configured :)
I'm happy to share my log files privately, along with the packet dumps I collected, if that helps.
And hopefully this hasn't resulted in my entire IP address range being blocked by Report-URI, as that was a service I was planning to use at some point. It won't matter too much if only the Raspberry Pi's IP address was blocked, but if the block extends to my whole IP range I won't be happy =/
Thanks :)