This is why we can't have nice things

We have our first "winner" in the "not playing nice" sweepstakes.  We just received almost 10,000 requests (in a very short amount of time) that were completely malformed, generating lots of errors.

/img/eq2/spell/516158219?c:show=icon2359399449?c:show=icon3738777316?c:show=icon4066552472?c:show=icon650221803?c:show=icon225795768?c:show=icon3999244081?c:sh! ow=icon875198566?c:show=icon3343323249?c:show=icon538807098?c:show=icon2056297704?c:show=icon3208181192?c:show=icon574782159?c:show=icon3911986130?c:show=icon3870613913?c:show=icon1524651143?c:show=icon2980965974?c:show=icon1749382029?c:show=icon874385182?c:show=icon2847772206?c:show=icon167480564?c:show=icon727178933?c:show=icon4163907866?c:show=icon3779406537?c:show=icon3104895741?c:show=icon3010071996?c:show=icon1289726178?c:show=icon1102182191?c:show=icon3882514684?c:show=icon4007929094?c:show=icon1811358348?c:show=icon3329741370?c:show=icon4129959719?c:show=icon2842245420?c:show=icon1473837900?c:show=icon

Besides the frequency of requests, these aren't even valid URIs (multiple "?" characters) and improper use of the API (asking for multiple icons from one spell.

We have also seen a HUGE rise in people probing the web servers for the API, looking for patch assets and various back doors.  This is not unusual on the interwebs, but it is something that we have to keep an eye on.

I realize that the audience of this forum is the choir that I'm preaching to, but thought you would like to know.

-dan

 

Can we apply a stricter validation to requests? Maybe put in a grey goo fence in order to prevent issues from escalating? These are just suggestions of course. ^_^ From what I have seen census.daybreakgames.com only serves up superficial assets so it would not effect games and what not if an IP would get temporarily blocked.

-Ant

 

We could do more, but we are focusing more on adding functionality to the API.  At some point, we'll get around to more filtering.  While this problem didn't cause any service problems, it is something I am on the lookout for.

In general, I would like for us to be able to provide a way for developers to get a view into the logs for the requests that they generate so that we can provide more transparency into that.  If you have a bunch of problem queries, I would like for you to be able to see them.  Even if you have valid queries, one may not realize how many of them (or their impact) until you see them rolled up into an aggregated report.

-dan

 

Yep, that's a funky query.  At least they "tested" it 10,000 times to make sure it wasn't just a glitch and was in fact a malformed query. 

 

Well...here are the stats from this event...

All times in PDT (California time)

• Start: 9:00:49
• Stop: 9:12:45 (when we put this IP address on our "deny" list)
• Duration: 11:56 (716 seconds)
• 9,508 (mostly the same) requests or 13 requests/sec

As far as I can tell, there was no impact to the API service as a whole.  Our tests seemed to be fine.

-dan