R
Runpod10mo ago
thanatos121.

Security issue: Attackers Scanning Runpod pods?

Hello, over the past month or so, I have been noticing that whenever I spin up a new pod, I instantly start seeing these pings: INFO: Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit) INFO: 100.64.0.33:33194 - "GET /v1/models HTTP/1.1" 200 OK ERROR 01-10 08:39:01 serving_chat.py:114] Error with model object='error' message='The model vllm-vl does not exist.' type='NotFoundError' param=None code=404 INFO: 100.64.0.32:51002 - "POST /v1/chat/completions HTTP/1.1" 404 Not Found INFO: 100.64.0.35:50500 - "GET /v1/models HTTP/1.1" 200 OK ERROR 01-10 08:39:11 serving_chat.py:114] Error with model object='error' message='The model vllm-vl does not exist.' type='NotFoundError' param=None code=404 INFO: 100.64.0.35:50500 - "POST /v1/chat/completions HTTP/1.1" 404 Not Found INFO: 100.64.0.33:49030 - "GET /v1/models HTTP/1.1" 200 OK ERROR 01-10 08:39:26 serving_chat.py:114] Error with model object='error' message='The model vllm-vl does not exist.' type='NotFoundError' param=None code=404 Where "vllm-vl" is the name of my template and therefore the name of my pod. I am not pinging this server, it happens nearly immediately after I spin it up. My guess about what is happening is that attackers are identifying new runpod pod ids on the public registry. They then can assume that a fair number of these servers are running vllm, sglang, or tgi. They then "guess" about how to make an API call to the endpoint by using the pod name (not exactly sure how they get this) as the model name. Many templates simply have the model name as the template name so this is a fair assumption. They can then use this process to get free LLM calls on the communities pods.
4 Replies
thanatos121.
thanatos121.OP10mo ago
It is either that, or there is some internal runpod test happening. Has anyone else experienced this? What I am also confused by, is I thought that you had to pass your runpod API key to be able to access these servers but that definitely isn't the case. I can easily run inference on my servers without passing my key with an empty bearer token.
Poddy
Poddy10mo ago
@thanatos121.
Escalated To Zendesk
The thread has been escalated to Zendesk!
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
thanatos121.
thanatos121.OP10mo ago
Secure cloud only. I set it to ANY region. But it happens very consistently. I will spin one up and let you know which region it is in

Did you find this page helpful?