On Fri, 7 Aug 2009 11:05:32 -0700
Ryan Sarver rsar...@twitter.com wrote:
I wanted to send everyone an update to let you know what has been
happening, the known issues, some suggestions on how to resolve them
and some idea of how to move forward.
This was really appreciated. When the dust
Chris ,
We implemented something like this network status using the
rate_limit_status call (for the IP), while some of the numbers are
sometimes wonky with this api right now we poll this every 5 minutes
and set a flag to enable or disable all twitter requests from the
server
Great job :) Hopefully you can crate a security environment to
preclude future attacks.
On Aug 7, 11:05 am, Ryan Sarver rsar...@twitter.com wrote:
I wanted to send everyone an update to let you know what has been happening,
the known issues, some suggestions on how to resolve them and some
Thanks for the update, however PLEASE get oAuth back up and running
ASAP please!
On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote:
I wanted to send everyone an update to let you know what has been happening,
the known issues, some suggestions on how to resolve them and some idea of
OAuth is working fine for my site. To be honest, for something that
does nothing but interact with Twitter I haven't seen much of a drop
in activity.
On Aug 7, 7:28 pm, Rich rhyl...@gmail.com wrote:
Thanks for the update, however PLEASE get oAuth back up and running
ASAP please!
On Aug 7,
Applications in cloud hosting environments may be unable to throttle
anything, due to the fact that if it's IP based checking, the cloud
IPs are stlll going to be sending a lot of requests. ie: Appengine
applications.
On Aug 7, 2:28 pm, Rich rhyl...@gmail.com wrote:
Thanks for the update,
oAuth worked for me on testing this morning, but trying to
authenticate three seperate accounts, right now... all of them timeout
on clicking the 'Allow' button
On Aug 7, 7:32 pm, Goblin stu...@abovetheinternet.org wrote:
OAuth is working fine for my site. To be honest, for something that
does
This is happening all my applications.
Clicking Allow - just causes the App to timeout.
This reminds of the OAuth outage we had last time - which begs the
question, is OAuth ready for production applications?
On Aug 7, 2:38 pm, Rich rhyl...@gmail.com wrote:
oAuth worked for me on testing
Yes! Me too!
I think we must stop out service temporarily while waitng twitter team solve
it!
Be patient for all of us!
2009/8/7 Greg Avola gregory.av...@gmail.com
This is happening all my applications.
Clicking Allow - just causes the App to timeout.
This reminds of the OAuth outage we
Except if you want from [source] on your posts for 'newer' apps you
can only use oAuth!
On Aug 7, 7:49 pm, Greg Avola gregory.av...@gmail.com wrote:
This is happening all my applications.
Clicking Allow - just causes the App to timeout.
This reminds of the OAuth outage we had last time -
Thanks for the update Ryan.
One thing I don't quite understand is why it's not an option to allow
whitelisted applications to post. I will try and throttle our (
twitterfeed.com) service back, but with nearly half a million of active
feeds in the system, I can't quite see how this will help, as
Is there an insight into the hanging (posts, favorites) that is
happening on the twitter.com website?
All my oauth requests are failing with an invalid token exception, and
the response to the request for the token appears to be null. This is
using the twitter python client and from appengine. I don't even get
to the point of redirecting users to the login page.
On Aug 7, 2:53 pm, Mario Menti
I agree with this, although it's not just the US economy... hurts many
other countries too... well businesses within those countries anyway!
On Aug 7, 8:02 pm, Jesse Stay jesses...@gmail.com wrote:
Thanks for the communication - this is good. Just curious - with entire
businesses being put
I'm sure they would let you know first...
Get real.
Sent from my iPhone
On 07.08.2009, at 21:02, Jesse Stay jesses...@gmail.com wrote:
Thanks for the communication - this is good. Just curious - with
entire businesses being put out of place, and rumors that the
Russian Gov't may be
Ryan,
First, thanks for finally posting such a message. It has been pretty
frustrating when there is no communication for you guys. Especially
when we developers rely on your service and you also rely on us
promoting your service. It makes us third party developers look stupid
when Biz/Twitter
Hello Ryan,
Thanks for that update.
currently I can ping twitter.com but I can't access http on it
tpi...@vm:~/app$ ping twitter.com -c4
PING twitter.com (168.143.162.116) 56(84) bytes of data.
64 bytes from 168.143.162.116: icmp_seq=1 ttl=241 time=212 ms
64 bytes from 168.143.162.116:
Thank you for updating us!
I have still a problem with getting search results via curl like
described here: http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search
This was working pretty good before the DDoS attack, but now I don't
get any results just http_code of 302.
An example url,
DMs seem to be down as well. Haven't been able to get any to go out.
Tweets seem to be fine though.
On Aug 7, 1:53 pm, Mario Menti mme...@gmail.com wrote:
Thanks for the update Ryan.
One thing I don't quite understand is why it's not an option to allow
whitelisted applications to post. I will
I have a php/memcache based Twitter Throttle if anyone needs a
reference implementation. Just drop me an email at brian dot roy at
cosinity dot com
On Aug 7, 11:49 am, Greg Avola gregory.av...@gmail.com wrote:
This is happening all my applications.
Clicking Allow - just causes the App to
Same with me. OAuth doesn't work at all. Even the login page is showed
up =\
On Aug 7, 4:00 pm, Joe Bowman bowman.jos...@gmail.com wrote:
All my oauth requests are failing with an invalid token exception, and
the response to the request for the token appears to be null. This is
using the
Comments inline.
On Aug 7, 12:05 pm, Ryan Sarver rsar...@twitter.com wrote:
*Known Issues*
* - HTTP 300 response codes* - One of the measures in thwarting the
onslaught requires that all traffic respect HTTP 30x response codes. This
will help us identify the good traffic from the bad.
Does
As stated in Ryan's email, you should respect 302 responses.
In curl this can be accomplished with the --location flag. See the man
page for more details.
-Chad
On Fri, Aug 7, 2009 at 3:10 PM, Chriskiraili...@gmail.com wrote:
Thank you for updating us!
I have still a problem with getting
We have multiple servers running and they are getting different
response codes. some servers getting 302 for GETs and 408 for POSTs,
other servers getting 503s...
We can modify the code to respect 302s, but what about 503s?
On Aug 7, 11:05 am, Ryan Sarver rsar...@twitter.com wrote:
I wanted to
Chris,
A 302 header means you need to request the location that twitter has
sent back to you with that header.
It is part of their attempts at spotting the real requests from the
fake ones.
How you handle it all depends on what language you are programming in!
Simon
On Aug 7, 8:10 pm, Chris
Obviously the issue is far larger than a normal DDoS attack.
Think about it. Why would they stop white listed Apps and rate limit
these as well as take down oAuth.
There is something else going on and my guess is that besides the
DDoS, it has something to do with spam and or a third party app
Thanks a lot!
Everything is now working well again for me (I'm just a small guy
compared to your big application :) )!
Chris
On 7 Aug., 21:27, Chad Etzel c...@twitter.com wrote:
As stated in Ryan's email, you should respect 302 responses.
In curl this can be accomplished with the --location
THEY may not be stopping whitelisted IPs -- it could be coming from
upstream.
On Fri, Aug 7, 2009 at 13:25, Genevate chris.corriv...@gmail.com wrote:
Obviously the issue is far larger than a normal DDoS attack.
Think about it. Why would they stop white listed Apps and rate limit
these as
I saw some examples for those redirects and they seem to send even an
invalid Location header:
Location: /?somekey
It's illegal for the Location header to contain a relative URL:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30
This causes APIs like twitter4j on Google App
After following 30x redirects, our servers are doing a little better,
at least we are getting results once in a few times. But we are still
getting lots of 503s for Search and 400s for REST. All of our servers
are supposed to be whitelisted, what could we do here?
On Aug 7, 12:44 pm, Chad Etzel
I am getting 404 just for search api, it was working just fine all
along. I get 404 on production server but works fine on dev and qa
boxes - not sure why. My assumption is our production server was
active during DDos attack and has been blacklisted. Am I right? how
can I whitelist/fix it?
On
I couldn't even authenticate the twitter account from my server. but i
could do it in my localhost. May i know the reason why? does this
anything related to Ongoing denial-of-service attack
can't authenticate with the Oauth
On Aug 7, 11:05 am, Ryan Sarver rsar...@twitter.com wrote:
I wanted to
Chad,
I need more info on the 30x responses, please.
Are these responses given only occasionally, or are they given
consistently and predictably?
Is it only on GET or only on POST, or both?
I've throttled back my API calls, and now when I run tests with both
GET and POST, I get 200 OK
Wow, just as I sit down to determine if there's any issue with my
oauth client not following redirects, or anything else within my
code... it all just started working again. That's after being down for
oauth and timelines since the DDoS began, and having the search API
stop working sometime last
Stop asking Twitter Team everybody!
Everyone has the same issue and Twitter is working hard to solve it!
Please be patiente!
2009/8/8 xzela zelaferri...@gmail.com
have you tried removing the OAuth code and replacing it with basic
authentication? If it works, then it could be a simple 'hack'
35 matches
Mail list logo