What is the abuse they are talking about here?


Can you please be specific. I’m not attempting to conduct the abuses, just trying to understand all that is involved with ESI and related.

People were using it to discover things they shouldnt be using it for, and doing so in such a fashion that it was abusing the endpoint. IE searching on ascending/descending partial strings as fast as they could blast out requests.

The main intended use for this is to use for things like form autocompletion and the like. Basically anything where unreliable user input is needed to find a type or similar by name. @Krysenth has nicely covered the abuses already, just don’t do that. Use it as a search endpoint, 'cause that’s what it is.

I’m not sure I am tracking. I get what you mean, by auto complete, Though I do not know how to set that up, I think I get what you mean there. As for the other ideas, I am lost. Thanks for trying to help me understand though. I have like no computer experience other than as a USER, but my roommate works for the State and he owns his own company, tests their programs for weaknesses? I guess? IDK really, my point is, I often run to him when I need help but this is petty for him and he does not have the time to babysit me in my learning experience. So thanks for all the help here guys!

I think I get the basic idea though. Automated calls or requests can overload the allowed data pull or cap or whatnot?

If you provide X service and allow people to manually search for players, corporations, and alliances and whatnot (think www.evemarketer.com’s searchbar, or zkill’s searching), you would often throw that name against /search/ to be certain it exists (and fetch the IDs in the process). That’s fine and acceptable.

Starting at a[...]a and blasting your way to a[...]z and repeating that until you reach z[...]z, forwards and backwards hammering as many requests out as your network is capable of shoving out at once to discover characters, structures, whatever, is the extremes of the abuse in question that will very quickly lead to you being banned from accessing ESI.

edit: automation is not necessarily… prohibited. Just, use it in moderation. If you build a wallet tracker, it’s perfectly acceptable for your program to pick out names and stuff, and then search those to fetch IDs and whatnot. Moderation is key. Bear in mind, while it wasnt an unintended use of the /search/ endpoint, using it as a discovery mechanism had been tolerated as long as it was gentle and in moderation. Some people caught wind of this “feature” and proceeded to be neither gentle nor moderate, thus the name of this thread- PSA Warning: This is Why We Cant Have Nice Things

1 Like

Very informative. Thank you.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.