DDOS part II

March 16, 2010

The free web services are timing out at the hour precisely for a short moment of some seconds. The reason is a widget that calls the services timezoneJSON and  findNearByWeatherJSON always at exactly the full hour from a large number of ip addresses. The sudden spike in requests is causing many other requests to timeout. Around a year ago the free services were suffering from the effects of an iphone application that has become very popular and was using some geonames web services.

Some hours ago we have changed the service to throw an exception hoping that the developer of the widget will see that the application no longer works and change the behavior of the application. It is not very useful if a distributed application running on a huge number of clients is calling the same server at the very same instance.

The exception is thrown on the domain ws.geonames.org for requests of the two JSON services and if no parameter username is present. If you happen to be using the service, just add the parameter username=<your geonames username> avoid the exception. Those using a ‘secret’ domain name are not affected. You can create an account here.

About these ads

13 Responses to “DDOS part II”

  1. Dylan Says:

    Thanks for the update. I was pretty much freaking out. It’s a shame to see a fellow developer use these services like magic toys without a care for how they treat them.

  2. Amos Says:

    I’m confused about what a “geonames username” is. Is this our forum username or something else?

  3. Tom Says:

    Looks like you can create an account here:

    http://www.geonames.org/login

    I had to search around a lot to find that link, Marc, you might want to add a link to the navigation section somewhere :)

  4. Tom Says:

    Actually, there is a link on your home page, but you probably need one on the webservices info page, as that’s where developers will be when they need to create an account:

    http://www.geonames.org/export/web-services.html

  5. marc Says:

    I have also added a test for the ‘callback’ paramter as the problematic widget is not using this paramter calls with the parameter set are allowed.

    I didn’t expect that anybody using the service does not know how to create an account. On the dynamically generated pages the link is in the navigation bar (depending on logged in or not). Only on the manually edited pages it is not included.

    The service nolonger hangs with the blocking and if ever the widget is changed we can remove the exception again.

  6. marcoplaut Says:

    The service is currently unavailable … Is it known ? I can’t open http://ws.geonames.org/timezone?lat=47.01&lng=10.2

  7. Brian Moreau Says:

    Ok I found the service has not been working for 2 or 3 days, read the post about now having to use username and tried

    http://ws.geonames.org/postalCodeSearch?&postalcode=n22&username=myusername

    But still no joy.

    Just read the above post but cant post on that board.
    Good luck with the server guys.
    Is it posaible to have an ALL GO update when repaired please?

  8. Adam Says:

    ditto. username created, added username paramater.
    wondering if disk is still down?

  9. Tito Maya Says:

    What is the procedure, and the criterias I must attend when developing an application for mobile devices which will consume your webservices?
    I reaaly don’t want to have all my customers with broken links because you changed the signature of a service, just for the very reason of make my specific application break…
    It would not be professional, and in most cases the users will probably loose their applications instead of update the version. Some marketplaces would not even have a way to update the apllication…

    thanks

  10. marc Says:

    We are speaking about a free service here and it cannot be expected that it is professional. It is simply impossible to make any guarantees for a free service. For a professional service the commercial option is the only option: http://www.geonames.org/commercial-webservices.html


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 35 other followers

%d bloggers like this: