Hello all,

Here is the state of things as we know them:

- The DDoS attack is still ongoing, and the intensity has not
decreased at all. Because of this, interaction with the site and with
the API will continue to be shaky due to the defenses that have been
put in place by our Ops team. At this point, removing any of those
defenses is not an option.

- Whitelisted IPs that have a restricted rate-limit is a *known
issue,* and we are still working on restoring increased rate-limiting.

- OAuth funkiness is a *known issue* which seems to be exacerbated by
the whole DDoS thing.

- Automatic blacklisting of "valid" or "innocent" IPs is a *known
issue* and a result of the DDoS defenses. These blacklistings are
temporary, though the amount of time they "stick" is variant upon the
number of requests being made. The best thing to do to avoid this is
throttle back your requests. We know that this may not be an option
for everyone, but if you can, it will help.

- Keep respecting 302's as you get them.

*There is no ETA on fixing any of this*
*There is no ETA on fixing any of this*

I know that sounds harsh and cold, but if you want us to be perfectly
honest with you, that's the truth. Things will continue to be rocky as
long as this attack continues. They may get worse, they may get
better. That should not be read as "we don't care about fixing it" or
"we're not going to fix it until everything blows over" but instead as
"we can't promise when things will be back to normal, but in the
meantime we are working on fixing is ASAP."

Ops is going to be working around the clock this weekend.

We will also be monitoring the situation and giving out new
information as we have it. Please remain patient with us. As much as
you want it to be fixed, we want it to be fixed more. Some of my
personal apps are completely borked as well.  We're all going to have
to ride this out together. Communications may be slowed over the
weekend, but please know that we are not ignoring the situation.


Reply via email to