[GH-ISSUE #572] New Tracker Server #465

New issue

Closed

opened 2026-02-26 06:30:42 +03:00 by kerem · 14 comments

kerem commented 2026-02-26 06:30:42 +03:00

Owner

Copy link

Originally created by @Ghost-chu on GitHub (Mar 12, 2025).
Original GitHub issue: https://github.com/ngosang/trackerslist/issues/572

Address:

• https://tracker.ghostchu-services.top/announce
• http://tracker.ghostchu-servides.top/announce
• wss://tracker.ghostchu-services.top/announce (for WebTorrent Protocol)
• udp://utracker.ghostchu-services.top:6969

https & http & wss routing via CloudFlare.
UDP direct routing to Luxembourg.

Running PBH-BTN/Trunker as backend.

Live statistics can be viewed here:
https://grafana.ghostchu-services.top/public-dashboards/ae5337f1f1704ae2bd241f957317946c

I am the owner of this Tracker.

Originally created by @Ghost-chu on GitHub (Mar 12, 2025). Original GitHub issue: https://github.com/ngosang/trackerslist/issues/572 Address: * `https://tracker.ghostchu-services.top/announce` * `http://tracker.ghostchu-servides.top/announce` * `wss://tracker.ghostchu-services.top/announce` (for WebTorrent Protocol) * `udp://utracker.ghostchu-services.top:6969` https & http & wss routing via CloudFlare. UDP direct routing to Luxembourg. Running [PBH-BTN/Trunker](https://github.com/PBH-BTN/trunker) as backend. Live statistics can be viewed here: https://grafana.ghostchu-services.top/public-dashboards/ae5337f1f1704ae2bd241f957317946c I am the owner of this Tracker.

kerem 2026-02-26 06:30:42 +03:00

• closed this issue
• added the
  waiting
  label

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@renfei commented on GitHub (Mar 14, 2025):

Error 502

<!-- gh-comment-id:2724151635 --> @renfei commented on GitHub (Mar 14, 2025): ## Error 502 

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@Ghost-chu commented on GitHub (Mar 14, 2025):

Error 502

<!-- gh-comment-id:2724154654 --> @Ghost-chu commented on GitHub (Mar 14, 2025): > ## Error 502 >  

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@Ghost-chu commented on GitHub (Mar 14, 2025):

I have noticed that the NF ConnTrack table is full and causing the OS to be rejecting some of the connections.
Now that I have increased it to a more reasonable value, It should no longer have the 502 problem.

Edit: Received massive abnormal traffic and deal with it.
Edit2: Seems resolved.

<!-- gh-comment-id:2724161438 --> @Ghost-chu commented on GitHub (Mar 14, 2025): I have noticed that the NF ConnTrack table is full and causing the OS to be rejecting some of the connections. Now that I have increased it to a more reasonable value, It should no longer have the 502 problem. Edit: Received massive abnormal traffic and deal with it. Edit2: Seems resolved.

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@Ghost-chu commented on GitHub (Mar 14, 2025):

@renfei We have confirmed that our service suffered a DDoS attack today with over 78,000 per second concurrent requests, which is around the time your visit appeared 502.

I originally thought that a full NF ConnTrack table on our forwarding server was the culprit for the issue, so I adjusted it to a larger value. This action directly resulted in all attack traffic being forwarded to our backend server. Destroying everything including Tengine (nginx's fork), the Tracker program and everything else.

Since the traffic was sent directly through the relay server IP and not through CloudFlare, we didn't notice the attack had started. This directly led to the subsequent service outage.
I apologize for this. However, despite our efforts, I can't guarantee that the service will still be up and running the next time we are attacked.
This was an HTTP DDoS attack against our L7, so the DDoS defenses provided by our host do not cover this part.

I did some WAF work, limiting the request rate, adding request Token validation, and tweaking some kernel parameters.
But honestly, I don't think it will make a fundamental difference, but it should be better.

But I still think we are able and willing to offer Tracker services to the public. So I will keep this Issue open.

<!-- gh-comment-id:2724819810 --> @Ghost-chu commented on GitHub (Mar 14, 2025): @renfei We have confirmed that our service suffered a DDoS attack today with over 78,000 per second concurrent requests, which is around the time your visit appeared 502. I originally thought that a full NF ConnTrack table on our forwarding server was the culprit for the issue, so I adjusted it to a larger value. This action directly resulted in all attack traffic being forwarded to our backend server. Destroying everything including Tengine (nginx's fork), the Tracker program and everything else. Since the traffic was sent directly through the relay server IP and not through CloudFlare, we didn't notice the attack had started. This directly led to the subsequent service outage. I apologize for this. However, despite our efforts, I can't guarantee that the service will still be up and running the next time we are attacked. This was an HTTP DDoS attack against our L7, so the DDoS defenses provided by our host do not cover this part. I did some WAF work, limiting the request rate, adding request Token validation, and tweaking some kernel parameters. But honestly, I don't think it will make a fundamental difference, but it should be better. But I still think we are able and willing to offer Tracker services to the public. So I will keep this Issue open.

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@renfei commented on GitHub (Mar 14, 2025):

I looked at your Tracker open source repository, it's a great project!

The Tracker traffic is very huge, which is similar to HTTP DDoS attack, so I lowered the defense threshold in Cloudflare firewall.

You may not be able to correctly distinguish whether it is normal request traffic or malicious HTTP flood attack.

However, in order to ensure the normal operation of the service, I will also limit the flow at the Cloudflare edge node to ensure the stability of the server.

The above is my experience, welcome to communicate.

我看了您的Tracker开源仓库，非常棒的项目！

Tracker 的流量非常巨大，这类似 HTTP DDoS 攻击，所以我在 Cloudflare 防火墙中调低了防御的阈值。

您可能无法正确分辨是正常的请求流量还是恶意的HTTP 洪水攻击。

不过为了服务正常运行，我也会在Cloudflare边缘节点进行限流，确保服务器的稳定。

以上是我分享我的经验，欢迎交流。

<!-- gh-comment-id:2724866647 --> @renfei commented on GitHub (Mar 14, 2025): I looked at your Tracker open source repository, it's a great project! The Tracker traffic is very huge, which is similar to HTTP DDoS attack, so I lowered the defense threshold in Cloudflare firewall. You may not be able to correctly distinguish whether it is normal request traffic or malicious HTTP flood attack. However, in order to ensure the normal operation of the service, I will also limit the flow at the Cloudflare edge node to ensure the stability of the server. The above is my experience, welcome to communicate. > 我看了您的Tracker开源仓库，非常棒的项目！ > > Tracker 的流量非常巨大，这类似 HTTP DDoS 攻击，所以我在 Cloudflare 防火墙中调低了防御的阈值。 > > 您可能无法正确分辨是正常的请求流量还是恶意的HTTP 洪水攻击。 > > 不过为了服务正常运行，我也会在Cloudflare边缘节点进行限流，确保服务器的稳定。 > > 以上是我分享我的经验，欢迎交流。

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@ngosang commented on GitHub (Mar 14, 2025):

Added. Thank you!
It looks like wss://tracker.ghostchu-services.top/announce is not working, but the others are fine.

<!-- gh-comment-id:2724921492 --> @ngosang commented on GitHub (Mar 14, 2025): Added. Thank you! It looks like wss://tracker.ghostchu-services.top/announce is not working, but the others are fine.

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@Ghost-chu commented on GitHub (Mar 14, 2025):

wss://tracker.ghostchu-services.top/announce

Hi,
I tested the wss protocol and it seems to work well with WebTorrents.

Edit: I've noticed that our Tracker may be too aggressive in recycling WSS connections, which may have something to do with WebSocket processing. I'll check that again later.

<!-- gh-comment-id:2724933038 --> @Ghost-chu commented on GitHub (Mar 14, 2025): > wss://tracker.ghostchu-services.top/announce Hi, I tested the wss protocol and it seems to work well with WebTorrents.    Edit: I've noticed that our Tracker may be too aggressive in recycling WSS connections, which may have something to do with WebSocket processing. I'll check that again later.

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@ngosang commented on GitHub (Mar 14, 2025):

You tracker is not working well with WSS. You can check following these steps.

1. Use a WSS client. I'm using => https://insomnia.rest/
2. Send this request
   URL => wss://tracker.ghostchu-services.top:443/announce
   Body:

{
	"action": "scrape",
	"info_hash": "\u0008\u00ad\u00a5\u00a7\u00a6\u0018\u003a\u00ae\u001e\u0009\u00d8\u0031\u00df\u0067\u0048\u00d5\u0066\u0009\u005a\u0010"
}

3. You will get an error showing "Invalid UTF-8" in the response.

Doing some tests in Python I can see your tracker responds these bytes, but they are not well encoded in UTF-8.
b'{"action":"scrape","files":{"\\u0008\xad\xa5\xa7\xa6\\u0018:\xae\\u001e\\t\xd81\xdfgH\xd5f\\tZ\\u0010":{"seeder":0,"complete":0,"incomplete":0,"downloaded":0}}}\n'

<!-- gh-comment-id:2725086903 --> @ngosang commented on GitHub (Mar 14, 2025): You tracker is not working well with WSS. You can check following these steps. 1. Use a WSS client. I'm using => https://insomnia.rest/ 2. Send this request URL => wss://tracker.ghostchu-services.top:443/announce Body: ``` { "action": "scrape", "info_hash": "\u0008\u00ad\u00a5\u00a7\u00a6\u0018\u003a\u00ae\u001e\u0009\u00d8\u0031\u00df\u0067\u0048\u00d5\u0066\u0009\u005a\u0010" } ``` 3. You will get an error showing "Invalid UTF-8" in the response.  Doing some tests in Python I can see your tracker responds these bytes, but they are not well encoded in UTF-8. `b'{"action":"scrape","files":{"\\u0008\xad\xa5\xa7\xa6\\u0018:\xae\\u001e\\t\xd81\xdfgH\xd5f\\tZ\\u0010":{"seeder":0,"complete":0,"incomplete":0,"downloaded":0}}}\n'`

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@Gaojianli commented on GitHub (Mar 14, 2025):

since this isn't a doc of the the websocket tracker, our wss implements is just a reverse engineering of the js client. I will check this and try to fix it next week

<!-- gh-comment-id:2725128843 --> @Gaojianli commented on GitHub (Mar 14, 2025): since this isn't a doc of the the websocket tracker, our wss implements is just a reverse engineering of the js client. I will check this and try to fix it next week

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@ngosang commented on GitHub (Mar 14, 2025):

Take a look at this bitorrent server too https://github.com/greatest-ape/aquatic

<!-- gh-comment-id:2725323720 --> @ngosang commented on GitHub (Mar 14, 2025): Take a look at this bitorrent server too https://github.com/greatest-ape/aquatic

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@Gaojianli commented on GitHub (Mar 17, 2025):

2. wss://tracker.ghostchu-services.top:443/announce

fixed

<!-- gh-comment-id:2729042159 --> @Gaojianli commented on GitHub (Mar 17, 2025): > 2\. wss://tracker.ghostchu-services.top:443/announce fixed

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@Ghost-chu commented on GitHub (Mar 17, 2025):

wss://tracker.ghostchu-services.top:443/announce
ws://tracker.ghostchu-services.top:80/announce

both available

<!-- gh-comment-id:2729067609 --> @Ghost-chu commented on GitHub (Mar 17, 2025): wss://tracker.ghostchu-services.top:443/announce ws://tracker.ghostchu-services.top:80/announce both available

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@ngosang commented on GitHub (Mar 17, 2025):

Added both!

<!-- gh-comment-id:2729209387 --> @ngosang commented on GitHub (Mar 17, 2025): Added both!

kerem commented 2026-02-26 06:30:43 +03:00

Author

Owner

Copy link

@1265578519 commented on GitHub (Apr 1, 2025):

The Tracker traffic is very huge, which is similar to HTTP DDoS attack, so I lowered the defense threshold in Cloudflare firewall.

cloudflare cf误报http ddos可以搜索描述或者规则ID：Global L7 attack mitigations
c9f18c647ae745c6b81b459d8ed59b32
修改敏感度，默认值为高，设置成中，然后保存。最好直接本质上为关

其实客户端请求频率是正常的，可以抓每个ip的info_hash请求间隔，然后cf经常会tracker误报http ddos拦截访问

<!-- gh-comment-id:2769334160 --> @1265578519 commented on GitHub (Apr 1, 2025): > The Tracker traffic is very huge, which is similar to HTTP DDoS attack, so I lowered the defense threshold in Cloudflare firewall. cloudflare cf误报http ddos可以搜索描述或者规则ID：Global L7 attack mitigations c9f18c647ae745c6b81b459d8ed59b32 修改敏感度，默认值为高，设置成中，然后保存。最好直接本质上为关  其实客户端请求频率是正常的，可以抓每个ip的info_hash请求间隔，然后cf经常会tracker误报http ddos拦截访问

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

  

enhancement

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

waiting

  

wontfix

No labels

bug

enhancement

help wanted

pull-request

question

waiting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/trackerslist-ngosang#465

No description provided.