crafatar / crafatar

A blazing fast API for Minecraft faces
https://crafatar.com
MIT License
337 stars 68 forks source link

crafatar.com spammed with bogus requests #318

Open qtchaos opened 11 months ago

qtchaos commented 11 months ago

The Crafatar API returns a 521 error code, or sometimes shows a Heroku error. This is very unfortunate because recently we switched from mcheads to Crafatar for our game launcher, and having this occur within a week is making me lose confidence in the service.

SuperZekes commented 11 months ago

I also have the same issue with it we just have to wait for the service to be back up again.

jomo commented 11 months ago

Thanks for reporting this. The server seems to be down, I have contacted the hosting provider to bring it back up.

sauramel commented 11 months ago

Any news on this?

jomo commented 11 months ago

They haven't replied to the ticket yet

AqueleHaru commented 11 months ago

you should change the host D:

Matthewn7 commented 11 months ago

Hi. Blazing fast API has been timing out for 3 days now. Has the server grown legs and left for some milk? Updates would be appreciated. Thanks

sauramel commented 11 months ago

So is this abandoned? @jomo

jomo commented 11 months ago

The hosting provider restarted the VM and crafatar came back, but apparently it went down again. I wonder if this is caused by someone effectively DoSing the server with too many requests.

Unfortunately only the hosting provider can restart the VM, I've asked them again and will try to monitor the situation as soon as possible.


@AqueleHaru

you should change the host D:

They have hosted crafatar.com for free for almost a decade and only ever asked for their link and logo on the website. They replied in <24 hours, which is quite good for a 0.00 € tier.

@sauramel

So is this abandoned? @jomo

While I don't plan to continue active development on the software, I haven't abandoned running the crafatar.com service. I don't run this for profit, crafatar.com has been free software and ad-free since forever and all expenses are paid by myself. As such, running the service is not the top priority in my life and I'm not a team of SREs waiting 24/7 to handle any incidents.

If anyone relies on the availability of crafatar.com, please DM me if you're interested in a paid SLA. Alternatively, you can easily host a private or public instance of crafatar. hmu if you commit to running a public instance long-term, then I can add it to the README.

jomo commented 11 months ago

Found the problem: Someone is hitting the service with >37x the amount of traffic we usually have… Please don't.

image

The server is actually up, but it's out of resources and slow to respond. I'll see what I can do.

jomo commented 11 months ago

Some IPs are requesting several bogus requests per second with obviously wrong UUIDs, causing a lot of uncached request hits that are then cached, and causing a lot of unnecessary traffic. The requests only identify as a Java version, so they seem to be coming off some kind of Java application.

I'm trying to redirect some of those requests here. If you know what's causing these requests, please let me know.

jomo commented 11 months ago

In other news, crafatar.com currently seems to be stable. I hope it stays that way for a while.

iLemon commented 8 months ago

@jomo not 100% sure if this is related to what you're saying, but I thought it'd be worth mentioning: a lot of Tebex stores for Minecraft servers have themes that use crafatar URLs with UUIDs. The problem is that Tebex now just generate a random UUID ever since most stores are now "offline mode" in order to support bedrock users. I just noticed this on my store and got forwarded here.

Hope that explains why you're probably getting a lot of invalid UUID requests!