My onion address was under attack (not a normal ddos attack, 1000s of requests per second), but OnionBalance managed to stop it but recently it looks like the attacker found a new method to attack. This time I don’t see any GET requests to my server but only these warnings from onionbalance (I get like 10-20 of them every 10-30 minutes)
[WARNING]: Descriptor upload failed for frontend AAAAAA to BBBBBB (UPLOAD_REJECTED)
Is there a way to stop this type of attack?
And I have to add that my onion address become painfully slow to load
Another thing I noticed is the total relay bandwidth jumped from 750 Gbit/s to 1 TB/s at exact day my onion address went under attack
I have more than 20,000 private onion addresses none of them has this issue only my main (public) onion address has this issue
It’s hard to know what’s going on with the information provided.
This message comes from here, is caught by Onionbalance here and it’s specified here.
It may be a bug in Onionbalance producing a malformed descriptor. That could be ruled out by trying to validate the superdescriptor.
Or it may be something wrong with the HSDir.
I would suggest you to fill a ticket in the Onionbalance issue queue if you need help to validate your superdescriptor, if you found out that there’s an issue with the generated superdescriptor or if you believe the issue is with Onionbalance itself.
Or you you might consider filling a ticket directly at the tor issue queue, if you believe that this is related to an attack (which might seem the case since you say your service is under attack for a while).
In any case, please include the link to this thread.
Please also note that an Onionbalance frontend does not accept connections from clients (it’s just a descriptor builder/publisher), so it’s hard to imagine that there’s an attack vector to DoS an Onionbalance frontend.