MartialBE/one-hub

Brute force attacks?

bentwnghk opened this issue · 10 comments

例行检查

  • 我已确认目前没有类似 issue
  • 我已确认我已升级到最新版本
  • 我已完整查看过项目 README,尤其是常见问题部分
  • 我理解并愿意跟进此 issue,协助测试和提供反馈
  • 我理解并认可上述内容,并理解项目维护者精力有限,不遵循规则的 issue 可能会被无视或直接关闭

问题描述
最近查看 logs,发現不尋常活動,懷疑是遭到 brute force attack。請教我的猜測對嗎?

复现步骤

预期结果

相关截图
2024/07/25 15:02:36 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[1.945ms] [rows:0] SELECT * FROM tokens WHERE key = 'nk' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:02:36 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:02:36 ERROR 20240725150236362262422SGT1bcII | 无效的令牌
2024/07/25 - 15:02:36 INFO GIN request {"status": 401, "request_id": "20240725150236362262422SGT1bcII", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.476371ms"}
2024/07/25 15:03:13 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[0.402ms] [rows:0] SELECT * FROM tokens WHERE key = 'ak' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:03:13 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:03:13 ERROR 202407251503137738440964M9tN7Mt | 无效的令牌
2024/07/25 - 15:03:13 INFO GIN request {"status": 401, "request_id": "202407251503137738440964M9tN7Mt", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "895.685µs"}
2024/07/25 15:03:41 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[1.773ms] [rows:0] SELECT * FROM tokens WHERE key = 'junior' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:03:41 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:03:41 ERROR 20240725150341861143877V4zyu6Rz | 无效的令牌
2024/07/25 - 15:03:41 INFO GIN request {"status": 401, "request_id": "20240725150341861143877V4zyu6Rz", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.301113ms"}
2024/07/25 15:04:13 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[0.571ms] [rows:0] SELECT * FROM tokens WHERE key = 'nk' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:04:13 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:04:13 ERROR 20240725150413738604118EjwiJkHX | 无效的令牌
2024/07/25 - 15:04:13 INFO GIN request {"status": 401, "request_id": "20240725150413738604118EjwiJkHX", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.024305ms"}
2024/07/25 15:04:45 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[2.312ms] [rows:0] SELECT * FROM tokens WHERE key = 'ak' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:04:45 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:04:45 ERROR 20240725150445504727430TJjdG2rL | 无效的令牌
2024/07/25 - 15:04:45 INFO GIN request {"status": 401, "request_id": "20240725150445504727430TJjdG2rL", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.729727ms"}
2024/07/25 15:05:19 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[0.704ms] [rows:0] SELECT * FROM tokens WHERE key = 'thx1138' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:05:19 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:05:19 ERROR 20240725150519979839591KTBfvKU7 | 无效的令牌
2024/07/25 - 15:05:19 INFO GIN request {"status": 401, "request_id": "20240725150519979839591KTBfvKU7", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.290163ms"}
2024/07/25 15:05:48 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[1.620ms] [rows:0] SELECT * FROM tokens WHERE key = 'nk' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:05:48 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:05:48 ERROR 20240725150548633862343EpiFbNU3 | 无效的令牌
2024/07/25 - 15:05:48 INFO GIN request {"status": 401, "request_id": "20240725150548633862343EpiFbNU3", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.107216ms"}
2024/07/25 - 15:05:56 INFO [SYS] | syncing options from database
2024/07/25 15:06:21 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[0.596ms] [rows:0] SELECT * FROM tokens WHERE key = 'ak' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:06:21 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:06:21 ERROR 2024072515062112060682XctkqyW2 | 无效的令牌
2024/07/25 - 15:06:21 INFO GIN request {"status": 401, "request_id": "2024072515062112060682XctkqyW2", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "1.089956ms"}
2024/07/25 15:06:54 /home/runner/work/one-api/one-api/model/cache.go:30 record not found
[1.771ms] [rows:0] SELECT * FROM tokens WHERE key = 'porno' ORDER BY tokens.id LIMIT 1
2024/07/25 - 15:06:54 ERROR [SYS] | CacheGetTokenByKey failed: record not found
2024/07/25 - 15:06:54 ERROR 2024072515065479123325u4jHfTzi | 无效的令牌
2024/07/25 - 15:06:54 INFO GIN request {"status": 401, "request_id": "2024072515065479123325u4jHfTzi", "method": "POST", "path": "/v1/chat/completions", "query": "path=v1&path=chat&path=completions", "ip": "192.168.1.1", "user-agent": "Next.js Middleware", "latency": "2.142986ms"}

是的。但看起来刷的频率也没那么高。 这个是图什么呢。

大概每30秒至1分鐘刷一次。應該來自我其中一個新註冊用戶,他剛剛註冊便充值了十美元,但從未使用過一個token。

他的意圖究竟是什麼呢?

有方法可以知道他的真實 IP? 另外有沒有方法可以 block 了他?

config.yaml新增trusted_header参数,在使用cf代理时,可以将它设置成CF-Connecting-IP来获取用户的真实IP。
如果你使用其他的,请填写存储真实IP的头部

我没碰到,但是这个的确很奇怪,如果是撞key,不会用这么短的

config.yaml新增trusted_header参数,在使用cf代理时,可以将它设置成CF-Connecting-IP来获取用户的真实IP。 如果你使用其他的,请填写存储真实IP的头部

我沒有使用 Cloudflare 做代理,只是直接存取 LLM API,可以如何設置?

我没碰到,但是这个的确很奇怪,如果是撞key,不会用这么短的

是的呢,但按理他沒可能不知道 key 沒有那麼短的吧

也可能是下游用户做状态监控,我自己做状态监控就是时间范围内随机时间发送错误key看是否能准确获取401以评估服务健康情况

增加了一个 判断令牌长度直接拒绝的逻辑,避免频繁请求数据库