Have instances been abused?

[Zwyx]

Hi and thank you for making PrivateBin! I'm interested in hosting it myself, mainly in order to use it through its API in a web app I'm making.

However, I'm worrying about my instance getting abused. Indeed, because no authentication is required, anyone could create tons of data on it. I read about rate and size limit, but that's only slowing an attack down.

• Has this kind of thing happened before on some PrivateBin instances?
• Would you be able to let me know what is the cost of running privatebin.net, which I guess is one of the most popular instances?

[elrido]

Hi and thanks for asking, let me try to break it down as much as I can. Clearly, I can only talk about the privatebin.net instance, it would be interesting to hear from other folks what their experiences are with running such public services.

instance abuse

This is less of a problem in terms of volume or load, there are other aspects to it that you may want to consider. In more detail:

data storage

There are different limits that prevent that becoming too much of an issue. Apart from the default rate limiting of only accepting one POST request per 10s per single IP, each POST will be limited to your webserver and PrivateBin settings, the default of 10 MiB seems pretty reasonable for many use cases. Should it become an issue, you can tighten these settings, i.e. only allow 2 MiB or increase the delay to 30 or 60 seconds without the common user noticing this much.

In 2022 privatebin.net hosted around 35000 pastes consuming 1 GiB of disk space and as of now we are at around 84000 pastes and 1.9 GiB (more details below).

DDoS

It seems to be a common practice by a lot of fellow instance maintainers to run their service behind Cloudfront. privatebin.net doesn't do so. Large scale DDoS are mitigated by our provider via BGP zero-routing. The uplink of the site is limited to 1 Gb/s, so it can still be easily overwhelmed with lower traffic, but tar-pit-like client behaviour, but those are easy to mitigate on the router level with simple packet filter rules.

The worst case we had so far was an incident where someone used a java-tool (according to their user-agent) from 10+ different residential Brazilian IPs to transmit large, but invalid, POST requests to the service and the only reason this caused issues was because the log VM got close to running out of disk space - in Switzerland, where this is hosted, we have to retain 6 months of access logs for the authorities. :-( Anyhow, that was one of only a hand full of times I had to block connections from a relatively large subnet for a month or so. Having to block subnets occurs about every other year or so.

Of course there is a normal background noise of misbehaving traffic logged, bots scanning known URLs for weaknesses and such, but that shouldn't cause any issues or prevent benign users from reaching your instance if you do keep your software patched and frontend webservers configured tightly.

legal threats

These, to me, are the main hassle! While the content of the pastes is encrypted and we don't know what's in them (and don't want to know), some individuals use the service to spread leaks of sensitive information of all kind and we then receive takedown requests by private individuals, organizations, lawyers or government agencies via email or worse, letters by local authorities. So far none of this has lead to any actual legal trouble for me, but it was enough of a distraction that in February 2020 I decided to limit the expiration options to at most one day. Things got a lot quieter after that and since March 2022 I've increased it again to one month and so far we have gotten less than around 4 takedown requests per year.

costs

This is a bit tricky to answer. Technically PrivateBin hosting is free, as in I run the KVM server cluster housed in a data center for myself anyways and the PrivateBin VM is by far the smallest and makes up less than 10% of the traffic (Jitsi meet has far greater resource needs, as do fediverse instances and even mail servers). The 2U rack space plus flat rate power plus 10Gb/s uplink (limited to 1Gb/s by my current router) costs around CHF 200 / month and privatebin has 3 domains which add another CHF 30 - 40 / year (depending on USD exchange rates and I pay for domains 8 - 10 years in advance). So depending on how you'd slice that the instance would cost around CH 20 / month incl. domain.

specs

It may or may not be cheaper to run an instance of this kind on a shared hoster or in a public cloud. For anyone that wants to calculate this on their own, the gist of the VMs spec are these:

Metric	Value
CPU	4 cores
RAM	512 MiB
disk	10 GiB
OS	Alpine Linux

Currently the VM runs docker (I'm considering switching to podman) and three container images:

• frontend web server, TLS termination and static info site: 28 MiB RSS
• demo instance: 48 MiB RSS
• directory: 7 MiB RSS

In 2022 the network traffic over 1 month averaged at 600 kbps out / 80 kbps in and 1m peaks of 17.5 Mbps out / 9 Mbps in. For the last month the average is at 464 kbps out / 60 kbps in and 1m peaks of 13.3 Mbps out / 6.6 Mbps in.

In more technical details:

$ nproc 
4
$ free -m
              total        used        free      shared  buff/cache   available
Mem:            472         154          34           9         284         296
Swap:           975         104         871
$ df -h
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs         10M     0   10M   0% /dev
shm             236M     0  236M   0% /dev/shm
/dev/vda3       8.8G  5.7G  2.7G  69% /
tmpfs            95M  524K   94M   1% /run
/dev/vda1        92M   23M   62M  28% /boot
$ docker exec -t privatebin-demo du -sh /srv/data
1.9G	/srv/data
$ time docker exec -t privatebin-demo administration --statistics
Total:			83932
.................................................................................... 10% .................................................................................... 20% .................................................................................... 30% .................................................................................... 40% .................................................................................... 50% .................................................................................... 60% .................................................................................... 70% .................................................................................... 80% .................................................................................... 90% ...................................................................................
Expired:		1730
Burn after reading:	498
Discussions:		2253
Plain Text:		32269
Source Code:		2461
Markdown:		49202
real	3m 17.22s
user	0m 0.06s
sys	0m 0.06s

Resident Set Size (RSS) of the containerized processes was looked up via (replace 1234 with PID of parent process):

total_rss=0
for PID in $(pstree -p 1234 | grep -Eo '[0-9]+')
do total_rss=$((total_rss + $(grep VmRSS /proc/$PID/status | awk '{print $2}')))
done
echo $((total_rss/1024)) MiB

[Zwyx]

Fascinating 🤩 Than you so much for this amazing answer!

It's interesting and reassuring to know all that. I was expecting much more storage for privatebin.net. And also much less takedown requests!

I've set up my instance on a free GCP VM (2 CPUs, 1GB of RAM, 30GB of disk, pretty good!), and it seems to be working very well.

Thank you again, I really appreciate 🙂