MG-RAST API throttled after several _accidental_ denial of service attacks

[MG-RAST]

We experienced several denial of service attacks (DOS), which we believe to be accidents, not malicious. The worst case was  four individuals performing this DOS attack via their scripts at the same time.

This brought the center object store to its knees and led to interesting failures across the system. As a consequence all users experienced some fallout from this DOS attack.

As of earlier this month, we have throttled the MG-RAST API @ https://api.mg-rast.org (you can now only do one query per second, not hundreds) to counter the effects of this.

We have now concluded the testing period and believe the new solution to be stable. If you find that your use of the API has been impacted, please notify us via the helpdesk email (as always).


And again a reminder:

Please be considerate when using our API. The fact that something worked once when trying to download data, is not a sign that you want to now run the same bit of downloading software in parallel for 10,000 data sets without waiting for any single job to complete downloading.

The entire team worked hard on a solution to this that allows the user interface to function while blocking those bad downloads.


Folker, for the MG-RAST team