crafatar / crafatar

A blazing fast API for Minecraft faces
https://crafatar.com
MIT License
340 stars 69 forks source link

crafatar.com spammed with bogus requests #318

Open qtchaos opened 1 year ago

qtchaos commented 1 year ago

The Crafatar API returns a 521 error code, or sometimes shows a Heroku error. This is very unfortunate because recently we switched from mcheads to Crafatar for our game launcher, and having this occur within a week is making me lose confidence in the service.

SuperZekes commented 1 year ago

I also have the same issue with it we just have to wait for the service to be back up again.

jomo commented 1 year ago

Thanks for reporting this. The server seems to be down, I have contacted the hosting provider to bring it back up.

sauramel commented 1 year ago

Any news on this?

jomo commented 1 year ago

They haven't replied to the ticket yet

AqueleHaru commented 1 year ago

you should change the host D:

Matthewn7 commented 1 year ago

Hi. Blazing fast API has been timing out for 3 days now. Has the server grown legs and left for some milk? Updates would be appreciated. Thanks

sauramel commented 1 year ago

So is this abandoned? @jomo

jomo commented 1 year ago

The hosting provider restarted the VM and crafatar came back, but apparently it went down again. I wonder if this is caused by someone effectively DoSing the server with too many requests.

Unfortunately only the hosting provider can restart the VM, I've asked them again and will try to monitor the situation as soon as possible.


@AqueleHaru

you should change the host D:

They have hosted crafatar.com for free for almost a decade and only ever asked for their link and logo on the website. They replied in <24 hours, which is quite good for a 0.00 € tier.

@sauramel

So is this abandoned? @jomo

While I don't plan to continue active development on the software, I haven't abandoned running the crafatar.com service. I don't run this for profit, crafatar.com has been free software and ad-free since forever and all expenses are paid by myself. As such, running the service is not the top priority in my life and I'm not a team of SREs waiting 24/7 to handle any incidents.

If anyone relies on the availability of crafatar.com, please DM me if you're interested in a paid SLA. Alternatively, you can easily host a private or public instance of crafatar. hmu if you commit to running a public instance long-term, then I can add it to the README.

jomo commented 1 year ago

Found the problem: Someone is hitting the service with >37x the amount of traffic we usually have… Please don't.

image

The server is actually up, but it's out of resources and slow to respond. I'll see what I can do.

jomo commented 1 year ago

Some IPs are requesting several bogus requests per second with obviously wrong UUIDs, causing a lot of uncached request hits that are then cached, and causing a lot of unnecessary traffic. The requests only identify as a Java version, so they seem to be coming off some kind of Java application.

I'm trying to redirect some of those requests here. If you know what's causing these requests, please let me know.

jomo commented 1 year ago

In other news, crafatar.com currently seems to be stable. I hope it stays that way for a while.

iLemon commented 9 months ago

@jomo not 100% sure if this is related to what you're saying, but I thought it'd be worth mentioning: a lot of Tebex stores for Minecraft servers have themes that use crafatar URLs with UUIDs. The problem is that Tebex now just generate a random UUID ever since most stores are now "offline mode" in order to support bedrock users. I just noticed this on my store and got forwarded here.

Hope that explains why you're probably getting a lot of invalid UUID requests!

Technofied commented 2 weeks ago

Checked our forum logs, we use MineSync which is an addon for Xenforo. It also uses Crafatar to fetch avatars for users according to their username.

We use Geyser to support bedrock players, this means the UUID it's parsing to fetch the avatar is invalid. I imagine there are other applications like this exhibiting similar behaviour - hope this helps. :)