[Resolved] - ESI Characters Corporation History

Hey everyone!

I’ve been advised that this afternoon we’ve temporarily taken down one of the ESI endpoints:

esi-characters/{character_id}/corporationhistory/" is the exact endpoint.

• Routes will return empty lists rather than corporation history once the request cache has expired
• This affects all versions of the endpoint: legacy, dev, latest, v1 and v2

• Before this weekend, the average number of daily requests was around 50k per hour, however, it has been spiking to 3 million per hour.

Similar to the issue we had towards the end of the year with the Market endpoint, it seems that these requests are also coming from AWS, so banning the offending IPs won’t resolve the issue. Until the endpoint can be protected better, it will be taken offline.

As per the Market endpoints post, once I’m advised of any further developers on this I’ll relay them into this thread.

Edit: Service restored - [Resolved] - ESI Characters Corporation History - #27 by CCP_Zelus

What would be causing the spike? DdoS??

We don’t believe it’s intended to be malicious, it’s more than likely an errant third-party dev miscoded something causing it to increase the number of calls. It appears the issue started on Saturday 7 Jan at 18:13 UTC, so if you’re a budding developer that was developing something new around that time, it may be worth checking into!

We aren’t looking to punish the individual responsible for the uptick in requests, but if we do discover the individual that may have accidentally caused the issue, they’re welcome to drop me a message. I can pass that along to the development team to see if we can restore the service before the additional work is put into reinforcing the endpoint.

Any update that you know of for the market endpoints? Looks like several have had some ideas on how to mitigate the issues

Confirming Tactical Supremacy / aa-alumni · GitLab will be affected,

I have around two thousand users affected by this.

ETA: TBD
Do we really need endpoints though

Market endpoint down and dysfunctional, Character endpoint down. Worrying trend.

aren’t we supposed to add an User-Agent with information what application is doing the request so you can contact the developer? Why not block any request without this info?
I for once am setting it: esi-client/GuzzleFetcher.php at develop · seatplus/esi-client · GitHub

Well this was a 3rd party devs fault on this

They are stripped out before their logging, they mean nothing.

one would think they would use this or at least log this so they find malicious apps and can contact the devs … but no

You must be new to this

While perhaps not malicious this is clearly intentional.

It’s been long enough since the market history endpoint was hit that a developer would have received their bill from AWS and thought “weird, that’s a bit expensive for a t2.micro”.

This is an insane way to approach a fix.

You just disabled a fundamental endpoint for all things recruiting. Having people joining and waiting 7 days to access Wiki, Forums, Comms, Discord when requiring authentication is just akin to tell people to f*** off from joining your Corporation. Those first days in Corp are critical to get people up to speed and setup, and instead you just slammed the door without providing any kind of alternative, or really, without even providing proper communication about it if not after days of the chance getting implemented.

Blame the 3rd party devs ■■■■■■■ things up

Tools should not be using that endpoint to determine current affiliations anyways. That should be done through the affiliations endpoint.

The affiliations endpoint brings back the id’s needed for possible confirmation of faction, corporation, alliance. But from what i can tell, there is now no possible way to check join dates on current corporations etc.

Is there any update on when it would come back or will it just be forgotten like other ESI issues?
It’s really an important endpoint for our recruitment tool and pretty annoying that it got simply disabled.

Any updates on the “temporary” takedown?