[headlessvictim2]

Off-topic, but our freemium website is under attack by headless browsers.

The freemium service provides access to compute-heavy machine learning models running on GPUs.

Hackers blast 50-100 requests in the same second, which clog the servers and block legitimate users.

We reported IPs to AWS and use Cloudflare "Super Bot Fight Mode" to thwart attacks, but the hackers still break through.

We don't require accounts, but could impose account requirements if this helps.

Any suggestions?

[austincheney]

Browser automation will occur by executing events in the DOM or by calling properties of the page/window. It’s all JavaScript designed for user interaction executed by a bot.

The one event that cannot be automated is cursor movement/position. Put a check into your event handlers that check that the cursor is actually over the event target.

[mesadb]

You are right every testing solutions out there push UIEvents to the page rather than clicking with an actual mouse. That's why puppeteer, selenium etc are scraping tools not testing tools

[darkstar999]

That sounds like an accessibility problem.

[austincheney]

Use an alternate control for keyboard navigation that is visually hidden and is accessed only by tab focus.

[headlessvictim2]

This is interesting. Thanks for sharing.

Are you saying block form submission unless the cursor is over the event target?

If so:

* How to handle legitimate requests from mobile users?

* How to handle form submissions with the "return" key?

[austincheney]

Mobile users will use touch events instead of click events and likely your interface will be different and the screen width will be different. Check for these things along with keywords from the user agent string to determine mobile users from other users.

Return key on a control in a form will fire a submit event. Check for cursor position in your submit handler.

[slig]

Just block the AWS ASN on CF, it's nor worth fighting.

[rob-olmos]

+1 and GCP, and many other hosting ASNs

[1vuio0pswjnm7]

Tell freemium users what is the acceptable rate for requests per second. Publish the allowable rate on the website. Ban freemium user IPs that exceed the allowable rate. This can be done using a proxy.

[headlessvictim2]

A proxy like Cloudflare or a custom proxy that stores data?

Are there proxy examples you could point us to?

Thanks for your help.

[1vuio0pswjnm7]

https://www.haproxy.com/blog/four-examples-of-haproxy-rate-l...

[headlessvictim2]

Thank you for this.

[cmeacham98]

100 requests/second isn't that much, especially if you're fronting your website with Cloudflare. Do you have some unauthenticated endpoint(s) that eat up a ton of server CPU?

[headlessvictim2]

Thanks for the reply!

The freemium service provides access to machine learning models on GPU instances, served with FastAPI.

Each request invokes a compute-intensive ML model, but perhaps there is something wrong with the FastAPI configuration as well?

[tempest_]

It could be.

I watch the FastAPI repos a lot and tones of people do not understand how async python works and put their models with sync code in an async context.

[headlessvictim2]

Consider us one. :)

We tried removing "async" -- thinking it would force sequential processing -- but it unexpectedly seemed to cause parallel processing of requests, which caused CUDA memory errors.

Before removing "async", this is the weird behavior we observed:

* Hacker blasts 50-100 requests.

* Our ML model processes each request in normal time and sequentially.

* But instead of returning individual responses immediately, the server holds onto all responses -- sending responses only when the last request finishes (or a bunch of requests finish).

* Normally, request 1 should return in N seconds, request 2 in 2N seconds, but with this, all requests returned in about N50 seconds (assuming batch size of 50).

1. Any suggestions on this?

2. Mind clarifying how sync vs aync works? The FastAPI docs are unclear.

Any help would be much appreciated.

This has been extremely frustrating.

[Nextgrid]

Any chance the entire thing can be offloaded to a task queue (Celery/etc)? This would decouple the HTTP request processing from the actual ML task.

The memory errors you're seeing could suggest that you may not actually be able to run multiple instances of the model, and even if you could it may not actually give you more performance than processing sequentially.

Seems like ultimately your current design can't gracefully handle too many concurrent requests, legitimate or malicious - this is a problem I recommend you address regardless of whether you manage to ban the malicious users.

[pjgalbraith]

Yeah this is the way.

@headlessvictim2 search for "Asynchronous Request-Reply pattern" if you want more information about this kind of architecture. You will remove any bottleneck from the API server and can easily scale out from the task queue.

[tempest_]

Python async is co-operative multi-tasking (as opposed to per-emptive)

There is an event loop that goes through all the tasks and runs them.

The issue is the event loop can only move on to the next task when you reach an await. So if you run a lot of code (say an ML model) between awaits no other task can advance during this time.

This is why it is co-operative, it is up to a task to release the event loop, by hitting an await, so other tasks can get work done.

This is fine when you have async libs that often hit awaits at things that are IO related like say db, or http calls.

FastAPI will spawn controllers that are not defined as async functions on a thread pool but it is still a python so GIL and all that.

You should do as the sibling comment says and decouple your http from your ML and feed the ML with something like Celery. This way your server is always there to respond to things (even if just a 429) to hit a cache or whatever else.

[headlessvictim2]

Thanks for the FastAPI explanation. This makes sense.

Right now, we use ELB (Elastic Load Balancer) to sit in front of multiple GPU instances.

Is this sufficient or do you suggest adding Celery to this architecture?

[azinman2]

What are the bots goals? Curious

[headlessvictim2]

To use premium settings without paying.

It appears less like malicious DDoS and more like pragmatic theft.

[synergy20]

what's your site? would like to play with it

[forgotmyoldacc]

Why not ReCAPTCHA?

[headlessvictim2]

Thanks for the suggestion.

It is possible, but this degrades the experience for legitimate users.

We prefer solving this without impacting/taxing normal users if possible.

[readyplayeremma]

Just add the captcha only for requests coming from the problematic ASNs, like AWS.

edit: Actually, since you use CF, just make a firewall rule that forces the captcha for those ASNs before it even gets to your app. They have a field named "ip.geoip.asnum" for that, and an action called "challenge" which will force a captcha.

[rabi_molar]

Perhaps Captcha?

[headlessvictim2]

Thanks for the suggestion.

It is possible, but this degrades the experience for legitimate users.

We prefer solving this without impacting/taxing normal users if possible.

[geraldwhen]

Recaptcha v3 doesn’t prompt if it thinks you’re a real user.

[Nextgrid]

This could have major GDPR implications if that's something the parent cares about. ReCaptcha is basically Google spyware that happens to provide captcha services.

[waynesonfire]

it's obvious the parent is trolling.

[machiaweliczny]

429