there is a developer who is abusing the system, with hundreds of thousands of connections and thousands of connections per second. the system is overloaded. i have blocked this developer, but the connection attempts are still overloading the system.
the following developer keys belong to the abusive developer:
if these developer keys belong to you, then you are disrupting the system for everyone. the owner of these developer keys MUST stop their application from accessing the Cirrus servers IMMEDIATELY and modify their application to be less disruptive. keep in mind that codename Cirrus is a free service for developers -- since it is free to use, it does not have infinite capacity.
my application is OK.BUT the key is exposure.
If hackers use, are also going to be blocked.
My program requires high reliability, can you put my key in special protection
a very high traffic site with a very high churn rate should not make a connection to the Cirrus servers immediately, if the connection will not be needed immediately for communication. this will overload the system.
if a user visits a page but typically does nothing and leaves the page quickly, then making a connection to Cirrus just because the user visited the page is very expensive. in a case like this, the connection should only be made to Cirrus if the user initiates an action in the application that will actually use the connection.
the Codename Cirrus service is a free, beta service for developers. it is not suitable for a production application that requires a guaranteed level of service. Cirrus is usually very reliable, but it is subject to interference from abusive developers, as we are seeing right now.
if your application requires production-grade reliability, you should consider a commercial option, for example Adobe Media Server (you can get it hosted on Amazon Web Services and pay by the hour) or Influxis (among others). services such as these are not free, but you can scale up to whatever you need and get support and service-level guarantees.
I know.think you.But the key is in client, can break, and then anyone can use. if hackers use my key carry out attacks.
and my key maybe been sealed off.
if it is hackers Behavior, I think we should block IP, not the key.
if it is application problem,it should block the key.
want to be able to intelligent judgment the two cases
developer keys can be obtained for free by anyone. there is no incentive to steal a developer key from an existing application, except to abuse it and cause a disruption to the service or for the legitimate developer to be blocked.
unfortunately the connections (in this case) are coming from hundreds of thousands of different end-users. there is no one (or small number) of IP addresses to block, unless i was somehow able to block (in this case) "all of China", which would also block lots of other legitimate applications.
in this case it doesn't look like the developer key has been taken by a hacker. it looks like an application developer deployed an application that makes connections to the service from popular web pages, where the application mostly doesn't need the connection and where the end-users are connecting very rapidly. very few P2P operations appeared to happen with this application (when it was not blocked) even though there were hundreds-of-thousands of concurrent connections. the average duration of the connection to Cirrus in this application is less than 3 minutes.
Thank you,I'm sure you can handle it, although can use the other for example, fms, but I like the cloud Services,
the block key is not me,I use it very formal.Just affect me
This sounds like an organized attack on the Cirrus service. If you say the attack is originating from China, perhaps it might be the best to go as far as blocking all of China. This might effect some ligitimate apps, but will stop the attack and benefit the rest of the world which is still the larger share of the pie. Please consider this. We are in desperate need for a solution after 2 days of down-time.
Cirrus is dead again! When it will be solved?