Hi, all. pgpkeys.eu is fully operational, is accepting key submissions and is syncing with two similarly recovered peers. The number of keys in the dataset is back to pre-flooding levels, and site reliability has been significantly improved.
If you are an operator and need assistance recovering your system, please get in touch. Thanks, A > On 27 Mar 2023, at 18:47, Andrew Gallagher via Gnupg-users > <gnupg-users@gnupg.org> wrote: > > Signed PGP part > Hi, everyone. > > The synchronising keyserver network has been under an intermittent flooding > attack for the past five days, resulting in the addition of approximately 3 > million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are > currently being submitted multiple times per second via a large number of Tor > exit relays, making them difficult to block using normal abuse mitigations. > If unaddressed, this will eventually fill up the disk of all public > synchronising servers. > > Effective immediately, pgpkeys.eu has been temporarily disconnected from all > its peers, and is blocking all key submissions. It will remain available for > key lookups but will not allow key updates while the flooding attack > continues. > > I strongly recommend that other keyserver operators take similar measures, > until a more permanent solution can be deployed. > > A
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
