What can providers do to prevent potentially malicious application deployments

It seems that there is a potential for the akash provider network to potentially become a target for individuals to deploy potentially malicious applications. Many malicious applications – such as botnets, C&C controllers, spam bots, etc. are often deployed to large infrastructure like AWS, but accounts are easily disabled once malicious activity is detected.
Given that all that is needed to deploy to an akash provider is a wallet, even if a malicious application is detected and lease terminated there’s nothing that stops a bad actor from re-deploying the same application.
Are there any particularly effective types of IDS/IPS services (services like snort or suricata), or things like clamAV that can be used to scan for malicious binaries or traffic? Are there any kubernetes specific applications that scan for malicious binaries or virus-related traffic?
Particularly for those who host their provider in datacenters, if the datacenter facility detects this type of traffic over their network it could potentially lead to termination of a hosting contract – or even those hosting on a residential connection could lead to their ISP disconnecting their service.
Any advice on how to scan for and mitigate this potential activity would be helpful, particularly to include in the official provider documentation.
Thanks!

4 Likes

Good question. I just want to add that it’s not just botnets and spammers. This is a much more extensive problem. Akash network can be used to host copyrighted material or even terrorists propaganda content. You can’t detect them with IDS/IPS services. It can get worse if somebody runs a Tor hidden service. Imagine a darknet drug marketplace running on your home PC and you not even knowing it! There is almost no way you can tell if it’s running there unless you find a critical bug on Tor and hack your way into it or something like that. Depending on where the host is, it can lead to the owner’s arrest by the local police.

Well, I don’t want providers to panic. Actually, this is the same problem every hoster faces. It usually isn’t a big deal because you can always prove that you’ve been just a hoster. However, unlike most hosters who does KYC, you don’t KYC on Akash. It makes it harder for you to prove you were not a partner in crime.

Agreed. I think we can all agree that KYC-type regulations and requirements don’t work and aren’t the right solution. A major part of what makes Akash great is that it doesn’t require KYC.
But at the same time, to borrow the often overused phrase, “with great power comes great responsibility.”
However, security being entirely relative, ultimately if someone has malicious intentions, no matter what security measures are put in place someone will find their way around them.
I don’t think there is a “silver bullet” solution to this problem. However I do think just as there are provider operations best practices, as a community, we should develop a list provider security best practices.

1 Like

I myself never gone through any KYC. I’ve always chosen other providers instead of giving out my private information. That’s one of Akash’s strong points.
I totally agree with you. A couple of ‘best practice’ guides and more clarity on the issues will help a lot.