Skip to content

Commit

Permalink
Block infohash spammers from tracker
Browse files Browse the repository at this point in the history
  • Loading branch information
Chocobozzz committed Jun 25, 2020
1 parent d4bf24d commit db48de8
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 22 deletions.
34 changes: 29 additions & 5 deletions server/controllers/tracker.ts
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
import { logger } from '../helpers/logger'
import * as bitTorrentTracker from 'bittorrent-tracker'
import * as express from 'express'
import * as http from 'http'
import * as bitTorrentTracker from 'bittorrent-tracker'
import * as proxyAddr from 'proxy-addr'
import { Server as WebSocketServer } from 'ws'
import { Redis } from '@server/lib/redis'
import { logger } from '../helpers/logger'
import { CONFIG } from '../initializers/config'
import { TRACKER_RATE_LIMITS } from '../initializers/constants'
import { VideoFileModel } from '../models/video/video-file'
import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
import { CONFIG } from '../initializers/config'

const TrackerServer = bitTorrentTracker.Server

Expand Down Expand Up @@ -53,7 +54,16 @@ const trackerServer = new TrackerServer({
const playlistExists = await VideoStreamingPlaylistModel.doesInfohashExist(infoHash)
if (playlistExists === true) return cb()

return cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))
cb(new Error(`Unknown infoHash ${infoHash} requested by ip ${ip}`))

// Close socket connection and block IP for a few time
if (params.type === 'ws') {
Redis.Instance.setTrackerBlockIP(ip)
.catch(err => logger.error('Cannot set tracker block ip.', { err }))

// setTimeout to wait filter response
setTimeout(() => params.socket.close(), 0)
}
} catch (err) {
logger.error('Error in tracker filter.', { err })
return cb(err)
Expand Down Expand Up @@ -88,7 +98,21 @@ function createWebsocketTrackerServer (app: express.Application) {

server.on('upgrade', (request: express.Request, socket, head) => {
if (request.url === '/tracker/socket') {
wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
const ip = proxyAddr(request, CONFIG.TRUST_PROXY)

Redis.Instance.doesTrackerBlockIPExist(ip)
.then(result => {
if (result === true) {
logger.debug('Blocking IP %s from tracker.', ip)

socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
socket.destroy()
return
}

return wss.handleUpgrade(request, socket, head, ws => wss.emit('connection', ws, request))
})
.catch(err => logger.error('Cannot check if tracker block ip exists.', { err }))
}

// Don't destroy socket, we have Socket.IO too
Expand Down
3 changes: 2 additions & 1 deletion server/initializers/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -633,7 +633,8 @@ const AUDIT_LOG_FILENAME = 'peertube-audit.log'
const TRACKER_RATE_LIMITS = {
INTERVAL: 60000 * 5, // 5 minutes
ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval
ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
ANNOUNCES_PER_IP: 30, // maximum announces for all our torrents in the interval
BLOCK_IP_LIFETIME: 60000 * 10 // 10 minutes
}

const P2P_MEDIA_LOADER_PEER_VERSION = 2
Expand Down
17 changes: 16 additions & 1 deletion server/lib/redis.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ import {
USER_PASSWORD_RESET_LIFETIME,
USER_PASSWORD_CREATE_LIFETIME,
VIDEO_VIEW_LIFETIME,
WEBSERVER
WEBSERVER,
TRACKER_RATE_LIMITS
} from '../initializers/constants'
import { CONFIG } from '../initializers/config'

Expand Down Expand Up @@ -121,6 +122,16 @@ class Redis {
return this.exists(this.generateViewKey(ip, videoUUID))
}

/* ************ Tracker IP block ************ */

setTrackerBlockIP (ip: string) {
return this.setValue(this.generateTrackerBlockIPKey(ip), '1', TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME)
}

async doesTrackerBlockIPExist (ip: string) {
return this.exists(this.generateTrackerBlockIPKey(ip))
}

/* ************ API cache ************ */

async getCachedRoute (req: express.Request) {
Expand Down Expand Up @@ -213,6 +224,10 @@ class Redis {
return `views-${videoUUID}-${ip}`
}

private generateTrackerBlockIPKey (ip: string) {
return `tracker-block-ip-${ip}`
}

private generateContactFormKey (ip: string) {
return 'contact-form-' + ip
}
Expand Down
49 changes: 34 additions & 15 deletions server/tests/api/server/tracker.ts
Original file line number Diff line number Diff line change
Expand Up @@ -40,21 +40,6 @@ describe('Test tracker', function () {
}
})

it('Should return an error when adding an incorrect infohash', function (done) {
this.timeout(10000)
const webtorrent = new WebTorrent()

const torrent = webtorrent.add(badMagnet)

torrent.on('error', done)
torrent.on('warning', warn => {
const message = typeof warn === 'string' ? warn : warn.message
if (message.includes('Unknown infoHash ')) return done()
})

torrent.on('done', () => done(new Error('No error on infohash')))
})

it('Should succeed with the correct infohash', function (done) {
this.timeout(10000)
const webtorrent = new WebTorrent()
Expand All @@ -76,6 +61,7 @@ describe('Test tracker', function () {
const errCb = () => done(new Error('Tracker is enabled'))

killallServers([ server ])

reRunServer(server, { tracker: { enabled: false } })
.then(() => {
const webtorrent = new WebTorrent()
Expand All @@ -96,6 +82,39 @@ describe('Test tracker', function () {
})
})

it('Should return an error when adding an incorrect infohash', function (done) {
this.timeout(20000)

killallServers([ server ])

reRunServer(server)
.then(() => {
const webtorrent = new WebTorrent()

const torrent = webtorrent.add(badMagnet)

torrent.on('error', done)
torrent.on('warning', warn => {
const message = typeof warn === 'string' ? warn : warn.message
if (message.includes('Unknown infoHash ')) return done()
})

torrent.on('done', () => done(new Error('No error on infohash')))
})
})

it('Should block the IP after the failed infohash', function (done) {
const webtorrent = new WebTorrent()

const torrent = webtorrent.add(goodMagnet)

torrent.on('error', done)
torrent.on('warning', warn => {
const message = typeof warn === 'string' ? warn : warn.message
if (message.includes('Unsupported tracker protocol')) return done()
})
})

after(async function () {
await cleanupTests([ server ])
})
Expand Down

0 comments on commit db48de8

Please sign in to comment.