m0wer's avatar
m0wer m0wer@stacker.news 1 month ago
There is an ongoing attack against JoinMarket makers where a random nick not serving onion constantly sends !orderbook requests through directory servers. The makers and directories mostly cope with the load, but the log files, which have a hardcoded debug log level, grow several gigabytes per hour and crash many makers. A solution is to setup hourly log rotation. In Debian systems, you can move logrotate from daily to hourly cron using: ``` dpkg-divert --add --rename --divert /etc/cron.hourly/logrotate /etc/cron.daily/logrotate ``` The default user data directory is `$HOME_DIR/.joinmarket`. Create a logrotate config: ``` /home/user/.joinmarket/logs/*.log { hourly size 100M copytruncate rotate 24 notifempty missingok } ``` To install and test, save the config to `/etc/logrotate.d/joinmarket-logs`, test it with `sudo logrotate -d /etc/logrotate.d/joinmarket-logs`, and force run manually with `sudo logrotate -f /etc/logrotate.d/joinmarket-logs` or wait for automatic hourly execution via cron.

Replies (1)

Биткойн.БГ's avatar
Биткойн.БГ nostr@bitcoin.bg 2 weeks ago
The speed at which the log file grows is not the only problem during these attacks, the scope and strength of which increase by the day. CPU usage is also at 100%. In addition, your ISP may temporarily block you for this spam traffic. Thank you for your work on the JoinMarket NG project!
1 replies ↓