[#909] Investigation why our account was blocked

system · July 14, 2022, 11:33pm

Migrated from Redmine #909 | Author: 研岸本
Status: New | Priority: High, I’m very impatient | Created: 2022-07-14

First, we couldn’t access Simplybook.me on 7/4(JST). I asked help chat(which is located at the bottom right in Simplybook.me) and they answered “you have reached the daily limit of API calls”.(I also attached the capture of it.) Therefore, we started to plan to upgrade which can accept more API calls. And I asked in Support #908: We want to know how many API calls were occurred in past. - API - Simplybook.me support for developers to get our API calls list.
Unfortunately, the list shows us there are not such logs.

Now, we have to focus on another problem. Why our access was blocked at that day?
We really want to know this reason because we can’t do same thing again.

So, please start investigate what happened to our account on 7/4(JST).

system · July 15, 2022, 6:58am

Redmine Admin wrote:

hi, we didn’t block your accounts. What exactly is not working, which error message?

system · July 15, 2022, 11:14am

研岸本 wrote:

Thank you for your reply. Wow, you didn’t block us? Really? We couldn’t access from our AWS environment for almost 24hours.
In aws logk there was timeout error like Error: connect ETIMEDOUT 139.99.121.237:443.

system · July 15, 2022, 11:16am

Redmine Admin wrote:

your IP address is not blocked on our servers

system · July 15, 2022, 11:16am

Redmine Admin wrote:

actually there are no IPs blocked now

system · July 15, 2022, 11:17am

Redmine Admin wrote:

please make sure you are using user-api.simplybook.asia endpoint

system · July 15, 2022, 11:18am

研岸本 wrote:

we can access now. how about on 7/4 or 7/5?

system · July 15, 2022, 11:19am

Redmine Admin wrote:

we do not have firewall/load balancer logs unfortunately, can’t check it for past dates

system · July 15, 2022, 11:28am

研岸本 wrote:

Wow I see…

If we requested over 5calls/second what will happen?

system · July 15, 2022, 11:35am

Redmine Admin wrote:

API requests to this login will be blocked for some period of time then (can’t disclosure all details for security reasons)
if it will be 5 requests to different logins then it should be fine

system · July 15, 2022, 11:41am

研岸本 wrote:

thank you.

When you block one account, do you not leave the grounds?

system · July 15, 2022, 11:49am

Redmine Admin wrote:

we do not block account entirely, we just block API requests to it for a short time (only in case when there are too many parallel requests)

system · July 17, 2022, 12:32am

研岸本 wrote:

at that time, we couldn’t access from specific IP address which is from our AWS environment.
do you block specific IP address? and if so, what kind of case applies?

system · July 18, 2022, 6:39am

Redmine Admin wrote:

we may block IP for some time automatically if too many parallel requests comes from it, e.g. more than 10-20 per second

system · July 27, 2022, 10:55pm

研岸本 wrote:

we were blocked again today. now it was fixed but around AM0:00～AM3:00（JST）we couldn’t access to https://cyattoyotoyotaunitedsizuokatest.secure.simplybook.asia/v2/welcome. could you tell me why we were blocked?

system · July 28, 2022, 7:04am

Redmine Admin wrote:

what was the error message?

system · July 28, 2022, 7:11am

研岸本 wrote:

there was a 502 error

system · July 28, 2022, 7:31am

Redmine Admin wrote:

we see nothing in logs, was it 502 error when you tried to reach this url or in your api code/service?

system · July 28, 2022, 8:02am

研岸本 wrote:

we could see 502 error when we tried to reach api code.
at that time, Japan was midnight and only 1 person was testing with code modifications. So only few api calls were called.

system · July 28, 2022, 12:52pm

Redmine Admin wrote:

Hi, 502 is not blocked IP. This is timeout on some proxy. And we do not have 502 errors in out logs, it means that error on your side