In our ongoing operation of cloud services, we have repeatedly identified a series of abnormal request patterns originating from unofficial clients. These requests pose significant security risks and have negatively impacted the reliability of our services.
These incidents have included significant abnormal traffic patterns and, in some cases, targeted DDoS attacks that have impacted service availability. Our monitoring systems have detected peaks of up to 30 million unauthorized requests per day, creating unnecessary strain on our infrastructure.
- Increased System Load: Middleware components experience elevated loads, leading to abnormal restarts and disruptions to online operations.
- Degraded Service Performance: Back-end service latency has increased significantly, adversely affecting the experience of normal users.
- Login System Failures: The high frequency of login attempts has triggered multiple failures in the cloud login components, cumulatively disrupting normal user logins for approximately 1 hour and impacting the ability of users to access services.
Below are recorded incidents of abnormal access, highlighting the severity and recurrence of the issue:
- January 8, 2025: 10M abnormal requests in 15 minutes.
- December 28, 2024: 110K abnormal requests in 10 minutes.
- November 16, 2024: 1M abnormal requests.
- October 23, 2024: 286K abnormal requests.
- October 22, 2024: 1.8M abnormal requests.
- October 21, 2024: 13M abnormal requests.
- August 3, 2024: 90K abnormal requests.
- June 1, 2024: 760K abnormal requests.
- September 22, 2023: MakerWorld experienced a DDoS attack lasting approximately 1 hour, with a peak QPS of 12K. This resulted in service-wide abnormalities and disruptions.
The persistent and escalating volume of abnormal requests highlights an urgent need to strengthen security measures, monitor unauthorized access more effectively, and mitigate their impacts. We are committed to implementing enhanced protections to safeguard system stability, improve user experience, and reduce unnecessary costs.
- Enhanced identity authentication and authorization mechanisms to prevent unauthorized control of printers via Handy.
- Resolved vulnerabilities that allowed attackers to exploit legitimate identities or authentication loopholes to control online devices already bound by other users.
- Mitigated risks of remote control attacks using invalid but seemingly legitimate identities.
- Implemented stringent validation of command content to block injection of illegal operations through client/cloud control commands.
- Prevented maliciously constructed commands sent via Studio, Handy, or cloud interfaces from being executed at the device level by introducing strict inspection and restriction mechanisms.
- Addressed a critical chip vulnerability in the official firmware and enhanced the anti-rollback feature.
- Fixed the security boot vulnerability in the main chip and improved boot medium inspection during the loader phase to bolster overall system security.
- Prevented ZIP decompression path traversal in 3MF files by implementing strict inspection protocols.
- This measure protected devices and the cloud from malicious script implantation during 3MF file parsing. Attackers were thereby thwarted from constructing malicious 3MF files to execute harmful scripts.
- Migrated network communication protocols to SSL/TLS-based standards, ensuring data integrity and security.
- MQTT → MQTTS
- FTP → FTPS
- HTTP → HTTPS
- Enhanced private image transfer protocols.
- These updates effectively prevent attackers from capturing sensitive user data through network packet interception.