DDOS part II

The free web services are timing out at the hour precisely for a short moment of some seconds. The reason is a widget that calls the services timezoneJSON and  findNearByWeatherJSON always at exactly the full hour from a large number of ip addresses. The sudden spike in requests is causing many other requests to timeout. Around a year ago the free services were suffering from the effects of an iphone application that has become very popular and was using some geonames web services.

Some hours ago we have changed the service to throw an exception hoping that the developer of the widget will see that the application no longer works and change the behavior of the application. It is not very useful if a distributed application running on a huge number of clients is calling the same server at the very same instance.

The exception is thrown on the domain ws.geonames.org for requests of the two JSON services and if no parameter username is present. If you happen to be using the service, just add the parameter username=<your geonames username> avoid the exception. Those using a ‘secret’ domain name are not affected. You can create an account here.


13 thoughts on “DDOS part II

  1. Thanks for the update. I was pretty much freaking out. It’s a shame to see a fellow developer use these services like magic toys without a care for how they treat them.

  2. I have also added a test for the ‘callback’ paramter as the problematic widget is not using this paramter calls with the parameter set are allowed.

    I didn’t expect that anybody using the service does not know how to create an account. On the dynamically generated pages the link is in the navigation bar (depending on logged in or not). Only on the manually edited pages it is not included.

    The service nolonger hangs with the blocking and if ever the widget is changed we can remove the exception again.

  3. What is the procedure, and the criterias I must attend when developing an application for mobile devices which will consume your webservices?
    I reaaly don’t want to have all my customers with broken links because you changed the signature of a service, just for the very reason of make my specific application break…
    It would not be professional, and in most cases the users will probably loose their applications instead of update the version. Some marketplaces would not even have a way to update the apllication…


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s