Experiencing a sudden spike in requests to your endpoint can be concerning. Here are the recommended steps to address and mitigate this issue effectively.
Legitimate or unauthorized?
First, make sure to confirm if the traffic is legitimate or unauthorized.
If it is unauthorized, we recommend you roll your Authentication token immediately.
Create a new authentication token and delete the old one from the security tab on your dashboard. This action will disconnect any HTTP/WSS connections using the old token. Also, archiving your endpoint will stop any further activity on that specific endpoint.
To avoid service interruptions, please remember to push the new endpoint token to your app.
Understand the Exposure Risks
Be aware that placing your endpoint on a web application's front/client side makes it visible to anyone who inspects your website's source code or network activity. Token authentication and Referer whitelisting help, but they are not foolproof.
How can you mitigate it?
1. Review Endpoint Securitization Options: Familiarize yourself with various endpoint security methods. Check out the endpoint securitization FAQ for detailed information.
2. Enable rate-limits: set a limit of credits per second, requests per second, requests per minute or requests per day. This will help limit the endpoint usage to what users of your project just need.
3. Enable rate-limit by IP: this will change the rate-limits applied from endpoint to per IP, a very interesting feature for public facing endpoints.
4. Use Endpoint Amor: by using Endpoint Armor, your endpoint will be able to lock down your endpoint to exactly what is needed, by limiting the methods allowed, RPS by method, and even just whitelist the smart contracts your project interacts to.
5. Implement JWT (JSON Web Tokens) Authentication: Adding JWT authentication introduces an additional layer of security. While not completely infallible, it's a significant deterrent. For guidance on implementing JWT with QuickNode, refer to this guide.
6. Combine JWT with Cloudflare: Enhance security further by distributing JWT tokens through Cloudflare Workers. This method allows for the distribution of tokens with short expiration times and leverages robust tools to prevent bot and abuse attacks. An example of this implementation can be seen in Bonfida's approach.
7. Develop Your Authentication Mechanism: Consider setting up a proxy for your QuickNode endpoint within your backend, exposing only the proxy's address. Implement rules within this setup to detect and prevent unauthorized access. Options include authentication through platforms like Google or GitHub or IP-based rate limiting. A good starting point for rate limiting could be 10 requests per second, adjusted based on actual usage patterns.
It's important to note that QuickNode doesn't record the source information for endpoint requests in the database, so providing a historical report of source IP addresses isn't feasible.
By following these steps, you can enhance the security of your application, making it more resilient to threats such as abuse and botting. If you have further questions or need more details on any of these points, don't hesitate to reach out for assistance.
For additional security insights, please visit our Security guides.
Comments
0 comments
Article is closed for comments.