Jam crashes node

cogwheel7544 · April 20, 2026, 9:30pm

Seems related on the ongoing attack, either the jam wallet will lock up, or the entire s9 node will crash. It looks like its an OOM issue, as the ram gets constantly used up overtime, typically crashing within a day.

There is a hotfix, linked below. Is there a way to implement the patch noted here?

github.com/JoinMarket-Org/joinmarket-clientserver

fix(daemon): mitigate onion message flooding DoS attack (#1840)

master ← m0wer:fix/onion-message-flooding-dos

opened 03:21PM - 15 Apr 26 UTC

m0wer

+282 -1

## Problem An ongoing DoS attack targets JoinMarket makers by connecting direct…ly to makers' onion services and flooding `!orderbook` requests. Each request can trigger expensive orderbook response handling and failed reply routing, causing: - disk growth from repeated logs - high CPU/memory usage - maker instability / OOM kills ## What this patch does This is a small stopgap mitigation in `src/jmdaemon/onionmc.py`: 1. **Per-connection inbound rate limit** - Drop a connection if it sends more than **45 messages in 15 seconds**. 2. **Handshake gate for JM messages** - For **non-directory peers**, ignore JM messages unless the peer has completed handshake. - Prevents unauthenticated inbound peers from triggering expensive JM message handling. 3. **Reduce noisy warning** - Change `"Failed to send privmsg because no directory peer is connected."` from warning to debug. ## Directory classification / spoofing notes - A peer is treated as a directory based on local configured directory nodes, not by arbitrary handshake claims. - Inbound peers are non-directory by default. - `dn-handshake` is only accepted from peers already marked as directory. - Sending `{"directory": true}` in a handshake does not grant directory privileges. ## Limitations - Attackers can reconnect after disconnect and continue probing. - Attackers can still flood `!orderbook` through trusted directory relay paths; this bypasses per-connection direct-connection limiting. - Fully addressing that requires additional controls (not in this emergency patch), especially **per-nick / higher-layer rate limiting**. And ideally Tor PoW defense. Implemented in https://github.com/joinmarket-ng/joinmarket-ng/ - This is an urgent mitigation, not the final comprehensive defense. ## Testing - Added `test/jmdaemon/test_onionmc_dos.py` with 11 tests: - per-connection rate limiting behavior - handshake-gating behavior for JM messages - New tests pass in local daemon-focused run. ## Applying patch manually ```shell curl -sL https://github.com/m0wer/joinmarket-clientserver/commit/b391a29e5f3c28e93fc8e80bb261830adbb7ed86.patch -o /tmp/onionmc.patch && FILE=$(find / -type f -name onionmc.py 2>/dev/null | head -n 1) && DIR=$(dirname $(dirname $(dirname "$FILE"))) && echo "Patching in: $DIR" && cd "$DIR" && patch -p1 -i /tmp/onionmc.patch && echo "Success" ``` Don't trust, verify!

The command is:
curl -sL https://github.com/m0wer/joinmarket-clientserver/commit/b391a29e5f3c28e93fc8e80bb261830adbb7ed86.patch -o /tmp/onionmc.patch && FILE=$(find / -type f -name onionmc.py 2>/dev/null | head -n 1) && DIR=$(dirname $(dirname $(dirname “$FILE”))) && echo “Patching in: $DIR” && cd “$DIR” && patch -p1 -i /tmp/onionmc.patch && echo “Success”

But I wasnt able to get the command to work in s9 while ssh’d in.