API calls failing with 403 forbidden

[Xidos online]

Hello,

Since today all API calls are failing with the following error:

[error] => Bad Response. Got This:

Forbidden

You don't have permission to access /1.3/ on this server.


Since the online support aren't allowed to answer API questions I'm
lost, any ideas what might be causing this?

Thanks!

[jesse]

You aren't hitting a valid server. Sounds like either your DNS is
being cached too long or you hard coded an IP address in your code.


jesse

[Xidos online]

Hello Jesse,

Thanks for your answer during the weekend.

However, problem remains after 24h+ now.
Url is called by name, not IP and when we verify DNS for both servers
(api.mailchimp.com/us2.api.mailchimp.com) we get the same results for
both the server that works and the '403' server:

403 server:
api_ip:69.20.36.96
us_api_ip:107.6.65.101
campaigns():Array
(

[error] => Bad Response. Got This:
Forbidden
You don't have permission to access /1.3/ on this server.

Working server:
api_ip:69.20.36.96
us_api_ip:107.6.65.101
campaigns(036.....):Array
(
[total] => 25
[data] => Array
(..... etc

Are you sure it isn't possible that our production server is blocked
for some reason?

Thanks in advance!

[phlux0r]

We have exactly the same problem since Oct.1. Only some of our client
sites exhibit this though. We use the same extension (Magento) on
these sites and a couple of our our production site fail with
'forbidden' but the same extension on our dev sites works flawlessly.
The only difference would be the IP addresses the requests are made
from.

I concur with Xidos that it does indeed look like as if some IP
addresses are blocked from API access. In our case, we use the v1.2.
API.

One IP is: 50.56.90.7x
and the other: 120.138.21.1xx

(I can supply the actual full address if necessary)

Any hint in resolving this would be fantastic since this really
impacts our clients badly and it is rather urgent.

Cheers, Robert

[jesse]

You simply should not be using api.mailchimp.com anywhere. If you have
some really awful code running it is possible that your server ips
have been blocked - obviously I can't tell you that without knowing
what they may be.


jesse

[jesse]

Yup, looks like those both are blocked for atrocious behavior,
especially the 120 one. The two issues were that you are making a
ridiculous amount of calls that do absolutely nothing due to the use
the Zend_XmlRpc_Client and then not doing any caching at all. For
example, here are the methods and number of calls that ip made on the
2011-09-29:

listMergeVars - 10178
lists - 10241
listSubscribe - 1
system.methodSignature - 20506 (doesn't even exist - this is the
Zend_Xmlrpc_Client being dumb)

So you made almost 41k calls to the API that day when you should have
made between 1 and 3 (definitely less than 10).

The other IP has similar patterns, simply with a smaller number of
calls. Make sure you are have the most up-to-date code, then we can
look at turning those ips back on. I've talked to the Magento folks
about those things before, so I suspect the most recent versions won't
do that.


jesse

[Dirk ten Brinke]

Greetings,

A client of ours is having the same problem since last weekend. No
problems since April 4. We are on a shared cluster, using Joomla and
joomlamailer component (upgraded to latest version to see if the
solved the problem, it didn't). The IP address of the cluster is
82.94.181.109, domain name schagenfm.nl.
I'm wondering if we are being blocked as well, maybe the component is
badly written, I don't know. Maybe it's someone else in the same
cluster.

Thanks.

[jesse]

That IP is not blocked, but it has also never sent us any traffic. A
similar one is blocked and appears to be affecting your account,
assuming the username is the same as the domain you listed. After
looking more closely at that traffic, that IP is being unblocked.


jesse


On Oct 3, 10:08 am, Dirk ten Brinke <dtenbri...@cleverinsert.com>
wrote:

[Dirk ten Brinke]

Great, thanks! Everything is working again.

[phlux0r]

Hi jesse,
while I understand that API access will be blocked due to "abuse" it
would be nice to get some kind of indication in the MailChimp API
account admin section where the API calls history is that some calls
or access has been blocked for a specific IP. Otherwise we'll be
wondering what's happening.
Cheers.

[phlux0r]

One more comment. I was just looking through the API FAQ and:

http://apidocs.mailchimp.com/api/faq/#faq6

never states that an IP will be blocked only throttled. This IP
blocking must be some new policy, right?

Would be good to get warned/informed before being banned.

So, now we have altered the code to avoid all the list and
listMergeVars calls on both those IPs (50.56.90.7*, 120.138.21.13*) -
can we please get unbanned asap?

Thanks.

[jesse]

They will be removed some time this morning and we'll keep an eye on
your traffic. The documentation covers sane use cases - Section I of
our Terms of Service covers abusive situations:

http://mailchimp.com/legal/terms/

If your traffic matches abusive patterns we absolutely reserve the
right to limit access when it is in the best interest of our platform
- in this case we didn't even shut down accounts. We're looking at
ways to return a more graceful error message when this situation
occurs.


jesse

[phlux0r]

Hi jesse

thanks for your response.

I would appreciate, while you are monitoring our traffic, a notice or
warning so we can action any remaining issue BEFORE being banned
again, ok?

However, my comment about warnings still stands. I think it is
unacceptable to simply shut off access on a production account without
proper warning mechanisms in place. Not always do us users
intentionally generate abusive scenarios nor are we aware of what the
EXACT limits are of what is an abusive scenario. So, from a customer's
perspective an arbitrary ban is very poor customer service.

Once again, I appreciate that the MailChimp team needs to take steps
to guarantee smooth service for all users and, by all means, I don't
want to excuse abuse, only highlight the fact that a more informative
and friendly warning and messaging system is in place. You should give
customers a grace period and notice so they can remedy their situation
BEFORE completely shutting down service.

If there is a customer service person I can take this up with I'd
gladly engage in discussion.

Thanks, Robert

[ebr...@gmail.com]

Seems like we have the same problems like you have phlux0r. I totally
agree with you that there should be some kind of warning that the IP
has been blocked and maybe the reason.
I have tried diffrent things to get it back up and runngin for
serveral hours and now i read this.

I still don't now if this is the problem because it's mentoined any
where. I think i have to contact the helpdesk or something.

Erwin

[ebr...@gmail.com]

Maybe this happend when we where syncing our ecommerce data to the
Mailchimp system? We did make some API calls at that moment but
normaly we the only thing we do is add an user when someone orderded
products in the shop.

[jesse]

No - like I said in the other thread, review what I've already said
here, look at how awful the processes you are running may be, and then
like they did, provide IP addresses and be ready to address issues
your code may have.


jesse

[ebr...@gmail.com]

Hi Jesse,

Answers like this dont really help us out at the moment. The only
thing we do is adding the people how order everyday.
I cant go true the whole system. Just tell me what kind of action
where are abusing and then i can see what is going wrong there.

Erwin

[jesse]

I can't tell you that without knowing either the IP you are sourcing
from or something to identify your account like the username or u
parameter from the hosted forms.


jesse

[jbarnes]

Jesse,

Thanks for your help, I appreciate it. We are experiencing this
problem also with some of our accounts (Forbidden 403 error). Can you
see if it is something we are doing wrong? IP is 74.114.165.130 user
is ofe...@shop.pr

- Jasen

On Oct 5, 9:23 am, jbarnes <jasen.bar...@gmail.com> wrote:
> I don't see my previous message posted, but wanted to make sure you
> get it.  Does it require approval before it posts on your end?

[jesse]

@jbarnes - you have something hitting us from that IP every minute
using the user-agent "Mozilla/5.0 (compatible; PRTG". If it's
monitoring, make authenticated calls to ping() to avoid sourcing nasty
traffic.


jesse

On Oct 5, 10:29 am, jbarnes <jasen.bar...@gmail.com> wrote:
> Jesse,
>
> Thanks for your help, I appreciate it.  We are experiencing this
> problem also with some of our accounts (Forbidden 403 error).  Can you
> see if it is something we are doing wrong?  IP is 74.114.165.130 user

> is ofer...@shop.pr

> > > > > > > > > > > > > > > Since today all API calls are failing with the following error:...
>
> read more »

[jesse]

Oh, and we're unblocking it - still, fix that so you don't get caught
up again.


jesse

> > > > > > > > > > > > > > Thanks in...
>
> read more »

[jbarnes]

Jesse,

Thanks for checking it out. We'll make the update on our end as well.

Jasen

> > > > > > > > > > > > > > > api_ip:69.20.36.96...
>
> read more »

[jesse]

Thanks for providing that info. You got caught up b/c you are on a
shared IP and there's another bad user there. We've unblocked that IP
for now as we try to get that user in line.


jesse

On Oct 5, 9:57 am, "ebru...@gmail.com" <ebru...@gmail.com> wrote:

[ebr...@gmail.com]

Jesse, can you check the account Doublemedia. Could you also provide a
reason for the block so we can solve the issue, because we really
don't now what the problem is.

Kind regards,

Erwin

[jesse]

That is exactly what that reply to your message did.


jesse

[ebr...@gmail.com]

Reply? Message? I am sorry i really don't get what you mean.

> > > > > > > > > > > > > > > Forbidden...
>
> meer lezen »

[ebr...@gmail.com]

Which reply? I really dont get what you mean.
Could you please tell me if I am blocked or not. If so, please tell me
why and i will fix this.
Thats all I want. I pay a monthly fee to use Mailchimp and then i
expect t some support for this money.

Erwin

On 5 okt, 20:56, jesse <je...@mailchimp.com> wrote:

> > > > > > > > > > > > > > > Forbidden...
>
> meer lezen »

[jesse]

https://groups.google.com/group/mailchimp-api-discuss/msg/61519bc52e6982e0?dmode=source

> > > > > > > > > > > > > > > being cached too long or you hard coded an IP...
>
> read more »

[ebr...@gmail.com]

Hi Jesse,

We arent on a shred IP we have our own dedicated server.

Kind regards,

Erwin

On 10 okt, 15:41, jesse <je...@mailchimp.com> wrote:
> https://groups.google.com/group/mailchimp-api-discuss/msg/61519bc52e6...

> > > > > > > > > > > > > > >         (..... etc...
>
> meer lezen »

[jesse]

There are multiple user account connecting from that IP, so something
is being shared.


jesse

> > > > > > > > > > > > > > > > You don't have...
>
> read more »