Recent Discussions
Suspicious Packet Attempt Caused Server Lag/Crash
Unanswered
Barbary Lion posted this in #questions
8 messages
0 views
Barbary LionOP
Had a weird incident on my server where it lagged out and needed a restart. Noticed these logs at the start of the incident:
Looks like a malformed or malicious packet.
“gptbot(at)openai.com” and a user-agent string “GPTBot/1.2 +https://openai.com/gptbot”. Seeing this leads me to think someone might have been using an OpenAI tool (or spoofing one) to trigger the packet. It appears as if the payload was crafted by someone attempting to use GPT-related requests or mimic OpenAI scraping behavior, possibly to probe or overload my server.
The Connectivity mod flagged it so I was able to halt whatever this was. Oddly enough though, Connectivity is now rolling out an update today, weird timing tbh but highly unlikely to be related.
Anyone have a clue what's going on or seen this before?
[22:13:51] [Netty Server IO #20/WARN] [co.co.Connectivity/]: Packet:ServerboundPongPacket id 32 larger than expected error detected, printing packet and buffer. Stacktrace gets logged after this [22:13:51] [Netty Server IO #20/WARN] [co.co.Connectivity/]: Packet data: { "f179721": 796028770 } [22:13:51] [Netty Server IO #20/WARN] [co.co.Connectivity/]: Packet:PooledUnsafeDirectByteBuf id 32 data of 232 extra bytes: [22:13:51] [Netty Server IO #20/WARN] [co.co.Connectivity/]: Packet data: [ "ots.txt HTTP/1.1x-openai-host-hash: 11090037accept: /fro: gptbot(at)openai.comuser-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2 +https://openai.com/gptbot)accept-encoding: gzip, br, de" ]Looks like a malformed or malicious packet.
“gptbot(at)openai.com” and a user-agent string “GPTBot/1.2 +https://openai.com/gptbot”. Seeing this leads me to think someone might have been using an OpenAI tool (or spoofing one) to trigger the packet. It appears as if the payload was crafted by someone attempting to use GPT-related requests or mimic OpenAI scraping behavior, possibly to probe or overload my server.
The Connectivity mod flagged it so I was able to halt whatever this was. Oddly enough though, Connectivity is now rolling out an update today, weird timing tbh but highly unlikely to be related.
Anyone have a clue what's going on or seen this before?
Ruddy Ground-Dove
Is this server offline mode?
@Ruddy Ground-Dove Is this server offline mode?
Barbary LionOP
no. but it may just be a non-issue. according to what another reddit user shared, this is likely just a crawler from OpenAI and truly nothing malicious
so will just try to block and carry on. whats weird is how it tried to connect on the server's port
Ruddy Ground-Dove
It's pretty common to see random crawlers like this.
Overall just follow best practice.
Whitelist on if you're a friend server, have backups and something like CoreProtect if you're prod.
Whitelist on if you're a friend server, have backups and something like CoreProtect if you're prod.
Barbary LionOP
gotcha, good to know. thanks!
Barbary LionOP
!solved
Loading...
Loading...