Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crafatar.com spammed with bogus requests #318

Open
qtchaos opened this issue Nov 19, 2023 · 12 comments
Open

crafatar.com spammed with bogus requests #318

qtchaos opened this issue Nov 19, 2023 · 12 comments

Comments

@qtchaos
Copy link

qtchaos commented Nov 19, 2023

The Crafatar API returns a 521 error code, or sometimes shows a Heroku error.
This is very unfortunate because recently we switched from mcheads to Crafatar for our game launcher, and having this occur within a week is making me lose confidence in the service.

@SuperZekes
Copy link

I also have the same issue with it we just have to wait for the service to be back up again.

@jomo
Copy link
Contributor

jomo commented Nov 21, 2023

Thanks for reporting this. The server seems to be down, I have contacted the hosting provider to bring it back up.

@sauramel
Copy link

Any news on this?

@jomo
Copy link
Contributor

jomo commented Nov 22, 2023

They haven't replied to the ticket yet

@AqueleHaru
Copy link

you should change the host D:

@Matthewn7
Copy link

Hi. Blazing fast API has been timing out for 3 days now. Has the server grown legs and left for some milk? Updates would be appreciated. Thanks

@sauramel
Copy link

So is this abandoned? @jomo

@jomo
Copy link
Contributor

jomo commented Nov 26, 2023

The hosting provider restarted the VM and crafatar came back, but apparently it went down again.
I wonder if this is caused by someone effectively DoSing the server with too many requests.

Unfortunately only the hosting provider can restart the VM, I've asked them again and will try to monitor the situation as soon as possible.


@AqueleHaru

you should change the host D:

They have hosted crafatar.com for free for almost a decade and only ever asked for their link and logo on the website. They replied in <24 hours, which is quite good for a 0.00 € tier.

@sauramel

So is this abandoned? @jomo

While I don't plan to continue active development on the software, I haven't abandoned running the crafatar.com service. I don't run this for profit, crafatar.com has been free software and ad-free since forever and all expenses are paid by myself. As such, running the service is not the top priority in my life and I'm not a team of SREs waiting 24/7 to handle any incidents.

If anyone relies on the availability of crafatar.com, please DM me if you're interested in a paid SLA. Alternatively, you can easily host a private or public instance of crafatar. hmu if you commit to running a public instance long-term, then I can add it to the README.

@jomo
Copy link
Contributor

jomo commented Nov 26, 2023

Found the problem: Someone is hitting the service with >37x the amount of traffic we usually have… Please don't.

image

The server is actually up, but it's out of resources and slow to respond. I'll see what I can do.

@jomo jomo changed the title Service down yet again crafatar.com spammed with bogus requests Nov 26, 2023
@jomo
Copy link
Contributor

jomo commented Nov 26, 2023

Some IPs are requesting several bogus requests per second with obviously wrong UUIDs, causing a lot of uncached request hits that are then cached, and causing a lot of unnecessary traffic. The requests only identify as a Java version, so they seem to be coming off some kind of Java application.

I'm trying to redirect some of those requests here. If you know what's causing these requests, please let me know.

@jomo
Copy link
Contributor

jomo commented Nov 26, 2023

In other news, crafatar.com currently seems to be stable. I hope it stays that way for a while.

@iLemon
Copy link

iLemon commented Feb 13, 2024

@jomo not 100% sure if this is related to what you're saying, but I thought it'd be worth mentioning: a lot of Tebex stores for Minecraft servers have themes that use crafatar URLs with UUIDs. The problem is that Tebex now just generate a random UUID ever since most stores are now "offline mode" in order to support bedrock users. I just noticed this on my store and got forwarded here.

Hope that explains why you're probably getting a lot of invalid UUID requests!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants