IPFS Runbook

This document outlines procedures and steps to address common alerts and issues. Most general alerts are covered in the general runbook here: General Infrastructure Runbook

Abuse Report

Description: This is not an Alertmanager alert name; it refers to general abuse reports we receive from bare-metal/cloud providers, Google, or Cloudflare regarding our IPFS gateway.

More context: our service is an IPFS gateway, which is part of a decentralized network. Because of the nature of IPFS, anyone can publish content on their own node and have it accessed via a public gateway, which unfortunately means that malicious or phishing content can sometimes appear.

That said, we actively monitor abuse reports from providers and maintain a custom blocklist (denylist) of known malicious IPFS CIDs. Once an issue is identified, we promptly block and remove access to the reported content from our gateway.

Action:

1. Extract the reported malicious CID from the abuse report.
2. Append the malicious CID to the end (not the top or middle; the denylist is append-only) of our self-maintained denylist:
   • https://github.com/ChainSafe/orbitor-ipfs-denylist/blob/main/cs-denylist.deny
3. Wait a few minutes and confirm the denylist is updated automatically by the Rainbow Gateway:

   ssh devops@185.191.117.102
   cat ipfs-gateway/data/denylists/cs-denylist.deny

4. Confirm the CID now returns 404: https://ipfs.orbitor.dev/ipfs/BAD-CID
5. Report back to the cloud provider and request a review.
6. (Optional) Report the malicious CID to the global denylist maintained by the IPFS Foundation:
   • https://about.ipfs.io/#reporting-abuse

---