someone on the ESGST thread reported the same issue.
maybe there is some problem with the extension and not SG itself.
Comment has been collapsed.
SG has a limit to how many requests you can make in x period of time. DDoS prevention.
If extension works faulty and sends too many requests - users will be blocked. So if sync does not work properly in ESGST it should not be used till bug is fixed.
I remember one time when SGtools was automatically blocked, as it was sending thousands (or more) requests due to some error.
Comment has been collapsed.
Yeah, but some limit has changed. I'm using scripts that I've used for the three years I've been here, and suddenly I'm getting this all of the time. Never had an issue before. It's making the site unusable for me.
Comment has been collapsed.
Yes, looks like cg changed some limits. And it's up to script creators to adjust their scripts, so they don't bombard SG with too many requests.
Comment has been collapsed.
same here, it's driving me crazy. i disabled the bookmark feature on esgst for now so hopefully that fixes the problem? i didn't have any giveaways bookmarked though so i don't know.
edit: disabling bookmarked giveaways definitely fixes the problem, thanks!
Comment has been collapsed.
eh, i'll take the once-a-year (if that) problem if it means i get a dramatically better overall experience 99.9% of the time. plus this issue had a really easy fix.
Comment has been collapsed.
Encountering timeouts when simply leaving or joining multiple giveaways in a short period, not using any bookmark feature (whatever that is - not aware of it!).
Not doing anything differently than I have previously, so it appears the thresholds for DDoS protection and the like might've been tweaked very recently.
Comment has been collapsed.
try going into your sync settings and disabling delisted games, giveaways, and won giveaways. you might not need all three unchecked, but i was toying around and that's what ultimately ended the 429 problem.
Comment has been collapsed.
Thanks! Was looking around for these settings, but it seems from the URL these are ESGST features? I don't have that installed, but I do use Extended Steamgifts to hide some UI elements (e.g. the featured giveaway), so perhaps that's triggering something. Might just disable it for now.
Thanks again for the reply and advice!
Comment has been collapsed.
oh yeah, those are from esgst. i just assumed that's what you were using because i thought it was only tied to esgst. that's interesting that it's triggering elsewhere as well. i don't know anything about extended steamgifts so i can't help any further with that, but i hope you get it sorted out. :)
Comment has been collapsed.
I'm getting it even when I'm using Gaffi's Steamgifts Library Checker. Script hasn't changed in years. Not checking a big group (~110 members). I can run it maybe twice and then SG locks. It's exhausting.
Comment has been collapsed.
Since ESGST's latest release was 12 days ago but problems with 429 error started yesterday and extended steamgifts users are also getting the 429 error, it seems that SG has adjusted the threshold for this recently. I suggest using less features and less tabs until the scripts have adjusted to the new threshold. For ESGST I made an enhancement request for this #1652.
Comment has been collapsed.
I'm aware of the issue on ESGST and will try to push a hotfix today.
Comment has been collapsed.
Hi everyone. To clarify, the 429 error page is new to the site. It implements some basic rate limiting features, which as you would expect, prevents users from making an unusually high number of requests in a period of time. The rates are fairly generous so they shouldn't impact users unless they're using some type of scripts which are automatically making those requests.
Comment has been collapsed.
I'm getting it when doing a library check on a group with only 110 members (and, theoretically, it should mostly just be hitting the Steam API, and only touching each user profile once during the check...but not my code, so admittedly there could be some crap code in there). If I try to check for more than a couple of games in a row (which is common when searching for the best GA for a group), it locks up and I have to wait for a timeout again. It's honestly really frustrating.
Comment has been collapsed.
In your case I can see the script loading up to 26 profiles a second. If we have a few dozen users with similar behavior we're then serving 1,000 pages a second to support less than one percent of active users. Hopefully these changes will help to encourage everyone to optimize their scripts, and I'm open to making certain changes to the site as well to help them. For example, if users are loading hundreds of profiles just to get their Steam IDs, then integrating Steam IDs into other pages could be beneficial to everyone, and it's a change that could easily be done.
Comment has been collapsed.
I don't know how the site is coded but maybe it would be easily possible for you to provide some basic API interface for at least some user or group related requests?
I can understand this would be problematic for the giveaways part as it could also be used by auto joiners but e. g. the list of users of a group including their steam ID or for oneself the list of users on the WL or BL could help in some scripts.
The script creators may also know some more examples.
Comment has been collapsed.
I think Steam has API to share group members? In any case it would be better to download data from Steam anyway, not SG. As SG often has data of long inactive users.
API was requested many times in the past, and I don't know what limits there are to not implement it. Or dangers. I'm not a programmer :P Can it be that with API more users would use scripts, so in the end site would not stop to be bombarded with requests?
Comment has been collapsed.
I am not familiar with the Steam API so I can't say why SG is used for it instead but let's take the SGtools unactivated wins check, for this at the moment 80 requests are sent to SG for my profile as my won page has 80 pages. I think knsys is caching some of the data but some other examples may not be possible to cache (for a long time)
Regarding the "bombarding" API requests just return data differently so the limitation of requests is still possible
Comment has been collapsed.
Devils advocate:
What if we'd have API that allows effortlessly download user's send / won games?
Someone could make script to look for "good users" that make a lot of non-bundled GAs, and go to pester them on Steam for free games or WL. Now they need to check profiles manually. Script would be more efficient.
Why not add ability to ESGST to automatically add users to BL if majority of sent GAs are for region restricted GAs or on ratio. Or any other criteria they'd chose. It can already check who WL / BL you, but it's limited by number of requests script can send to the SG.
Why not make script that would send requests to SG to check when user did last giveaway, and temporarily BL them if they did not make any in the past year, "as my GAs are not for the leechers".
I know those are far fetched examples, but we already have group of people that complain about leechers, not enough BLs etc. And those kind of scripts could run freely. I can't think of anything bad regarding won GAs though. Just sent ones.
Comment has been collapsed.
I can understand your objections but there are measurements to lower the extents of such exploits.
First of all I don't think people like revilheart or knsys would add functionality which go against rules, so at least the unofficially accepted scripts would not use it for anything then the intended way. The rules should state such exploits just like auto-joiners and punish them in a similar way.
Overall it would make sense to include some token to the requests which are linked to a specific user. This way you can prevent that non-users can get any data or users can get some data which are only meant for oneself (like the whitelisted user for example).
Also you could provide another token/key/whatever for script developers to use on their server side to request more sensitive data. For example knsys is doing the sgtools stuff on server side and not in the browser of the user so this requests could get more data and the user just get some intended results like "user is a good guy" but can't see the requests to steamgifts with all it's data in the DevTools.
Maybe there are other solutions and problems, I'm also not very into the topic to be honest.
But The other solution of course would be to add some features of the scripts to SG itself
Comment has been collapsed.
Thing is none of the examples above are exploits or something against the rules. But I'm afraid this kind of access to information could be used to further divide the community for "leechers" "high horse" "always region-restricted" "groups" etc.
We already have users complaining about WLs, BLs, leechers, bad users, high levels, region locks etc. Basically each users could be put into some drawer, and have threads "dedicated" to "why are you bad, and why it should be banned".
But now users can make only some general statements. With API and script that can easily scan all 1mln users to find "culprits" - they could start to say "there are 50k users above 9 level that do only group, region-locked giveaways. Why is it allowed?". And I believe it would be detrimental to the community as a whole.
Comment has been collapsed.
I can't think of anything abuse-worthy from having page for no-CV list, just like there is nothing from having bundle list. Especially that it would make it easier to communicate to users which games are there.
I can only guess, but may be that admin never had the time to code it properly. And I have no idea how much time it would take to do.
Comment has been collapsed.
Hm, true. So in this case having separate page just for that would be more of a nod to SGtools or ESGST scripts than something useful for general user.
It was long time when I cared if game has asterisk on the GA creation page, so I forgot about this detail.
Comment has been collapsed.
Yes, an API would be very useful.
See this post I made here on what data is needed:
https://www.steamgifts.com/go/comment/fi5vAyg
Comment has been collapsed.
This would really help, as hundreds of requests have to be made to user pages to retrieve their Steam IDs at the moment. Additionally, hundreds of requests also have to be made to group pages to retrieve their Steam IDs, so having group Steam IDs integrated in other pages (like https://www.steamgifts.com/account/steam/groups) would help as well.
Comment has been collapsed.
Hay! You referenced my script earlier. There is most certainly crap code in there!
With this change to SteamGifts, may I recommend seeking out another solution? I unfortunately won't be able to fix the script on my own.
Comment has been collapsed.
Ha ha ha ha...well, despite the crap code, I use your script all of the time. ππππ»
I did start to look through it, but once I saw that there were like 1300 lines of code, I realized that I didn't have time to unravel all of that right now. LOL
I know that you haven't been actively maintaining it for a bit. I like it for when I'm just checking a handful of games for a specific group to do 1-2 GAs, since it starts searching right away. I can use ESGST for the same purpose, but it has to scan and cache all of the data from the group first. This means that searching is super fast once it's done, but it can take several minutes before I can get started, and a lot of the time I'm trying to knock something out in just a few minutes in between tasks for work. So that's why I've turned to your old script so often, because it sends the query and begins to execute right away. But, it must be making too many calls to SG itself in some way, because with the new settings, I can only run it 1-3 times before getting the 429.
Comment has been collapsed.
But, it must be making too many calls to SG itself in some way,
That's exactly what it does. It loads the SG group page behind the scenes, then loads each individual SG user page from those links. It's VERY inefficient, but it worked (at the time). I struggled with properly building a cache to help with that, but - here we are today. :)
Comment has been collapsed.
Hey,
If you're checking ownership of games in a group, may I suggest you use this tool:
REDACTED
It's a server-side tool, and uses caching, so you don't need to worry about collecting the data yourself every time.
I would suggest my tool for this too (SGMT) but it currently doesn't collect Steam game ownership data (if that's what you need).
EDIT:
Turns out the tool I referenced is not available for public use, so I'm removing the link.
Comment has been collapsed.
Hey, thanks for the suggestion, but I'm not really understanding how that site works...it seems to allow me to inspect specific group members or some of my own data, but I don't see a way to tell how many/what percentage of people own a game in a group...wait, I take that back, I just figured it out. It's a little janky, but it will work in at least some cases.
The big issue I'm seeing is that it seems to be limited to just the groups in the drop-down list, which definitely doesn't cover some of the groups for which I need to be able to to make checks. So, I could use this for some things (like Jedi Training), but I'd still be stuck for others (like CBNA).
Comment has been collapsed.
Can you please lower the limits of this protection.
Even when I'm just trying to join giveaways I already run into this protection.
I just open all the giveaways in tabs I want to join, but doing it so quickly apparently is already too much for the system.
Also very useful site additions like ESGST can't be used anymore like this :(
Edit: And most recent time I ran into this blockage was just trying to browse the entered giveaways page, while having the addon ESGST active :(
Comment has been collapsed.
Hi Dyna18, it must be ESGST because I can see your account automatically loading the first page of entries for 100+ giveaways each minute when you come online. Do you know what features you're using in ESGST that would be searching for that information, or what information it's even trying to extract from those pages?
Comment has been collapsed.
prevents users from making an unusually high number of requests in a period of time. The rates are fairly generous
I got 429'ed with rate limit in my ArchiBot set at 1 request per 10 seconds with 1 open connection, I don't know what definition of "fairly generous" and "unusually high number" you're using, but it's different than the one I follow.
Could you stop destroying every single legit use case and focus on those that are actually harmful? If I wanted to make a bot that would exploit SG I'd have done it years ago without you realizing it, and no amount of rate-limits would stop me. Instead, everything you did was harming legit users opening giveaways in several tabs and otherwise using the site in a legit way.
If you want to implement rate-limiting then do it properly. Implement side-wide limit of 1 request per 2 seconds, 30 per minute or whatever else you want, announce it publicly so LEGIT users like me could adapt to them, and then start your hunt against those that do not. I don't know what values you're currently using, but they're way too high, I can't operate my group in the way I used to previously, what ArchiBot was finishing in less than a minute, each 15 minutes, now results in a constant static load to the website for 24/7, because it's unable to do its work in time, is that what you wanted? If there is one thing I can ask for then think it over and make the limits at least sane, like 1 request per 2s or something, or just ban me outright so I won't have to deal with this stupidity for good, since if you didn't realize yet, legit use cases support your users, like my group members, and not malicious individuals, those simply do not care what you're gonna say or do, they'll find a loophole anyway because they have nothing better to do than spending their whole day exploiting your site, unlike me.
You didn't listen to us when we asked you for API which would solve the problem you're trying to fix now and failing at it. I wonder if anything changed since then.
Comment has been collapsed.
Hey cg,
This rate limit is really messing with my SGMT tool :(
My tool runs as a service, collecting data to a local DB, hence no matter how many user request hit it, all go to the local DB instead of SG (as would happen if it was a client-side tool).
So the change was obviously not meant against tools like mine (which send at most a couple of hundred requests every hour).
Yet it has made my tool unusable, as it limits it as it was a regular SteamGifts user, while the tool serves whole groups of users.
I humbly ask you to consider either:
Comment has been collapsed.
So the change was obviously not meant against tools like mine (which send at most a couple of hundred requests every hour).
If I look at our logs from today, it seems that your script tries to access the site once an hour. When it does so, it loads about 650 pages in a minute. Is it possible to slow it down so it's not loading all of the pages in a single minute?
Comment has been collapsed.
I tried to add a delay, but unfortunately my attempts have hit a dead end.
For the past 6 hours, my tool has been trying to run every hour, and has been getting 403 errors on the first request.
So I'm not sure if it's the same mechanism or something else preventing it from working...
Comment has been collapsed.
I've been getting this semi-regularly, completely disconnected from my browsing habits towards the site. The only script I use is the blacklist/whitelist indicator, and the error message still'll randomly pop up even with that disabled.
Moreover, it appears on the main giveaway page as well, where the script doesn't associate icons with to begin with (and presumably thus doesn't have reason to make excessive calls, though I don't have time atm to go through the script to confirm that). It'll also rather frequently occur just when loading the website up for the first time, with a single page opened. As a sum of those issues, it has occurred on the main page on first site load without scripts active. Conversely, I can still more often than not open 20 discussion pages at once with the script active, and it doesn't blink.
Whatever is going on, I don't imagine scripts are inherently the issue, even if it is likely that they're the most prevelant trigger for the underlying issue (or have an entirely seperate issue they're based in). Is there any other reason the site would be assuming excessive data calls? As a further note, the frequency by which it occurs seems to be varying significantly day to day. An SG friend suggested that maybe there's a glitch that's associating general server load to individuals (which would at least correspond to why it seems to be most common at periods such as now, when a new Monthly is up- as per it going down for me just a minute ago).
Comment has been collapsed.
Hi Sooth, I checked the issue. About 30 minutes ago you loaded 615 pages in a single minute. These were almost all requests to pages on your blacklist over and over again. This is the issue I'm trying to fix. A lot of users are running scripts, they're not aware of how many pages they're loading in the background, and it's causing millions of unnecessary daily page views.
Comment has been collapsed.
It's peculiar that it's happening randomly with a single page, but not (causing me to get error messages) when I'm loading several at once. Anyway, thanks for the info, and sorry about the hassle. :S Do let me know if you've got any ideas for optimizing the script, if anything comes to mind. :)
Comment has been collapsed.
I'm assuming when you load a page that script is then loading every page on your entire whitelist and blacklist to find the corresponding users. So, let's say a user has 50 pages on their whitelist and blacklist. When they're using that script and browsing the site similar to a normal user, they would actually be generating 50x the traffic in the background. That would quickly raise a red flag and trigger the error. It would be far more efficient to simply cache the results locally and have the script refresh the data once a day or when you make changes to your whitelist or blacklist (when the button is clicked on profiles or on the account page).
Edit: I just quickly glanced at that script and it does appear to use local storage. I don't have time to review it too closely, but it seems to check if the data is outdated, and if so, it loads the entire whitelist and blacklist to refresh the data. That's fine, and what I mentioned above. However, it doesn't store the revised date until the data is completely refreshed. I assume what happens is that you load a page and it triggers the refresh because the data is outdated. Then you load another page and it triggers another refresh because the first one either didn't yet finish or wasn't able to finish (you navigated to a different page during the process).
Let's take the previous example where a user has 50 pages on their whitelist and blacklist. They load a page, the data is outdated, and it starts refreshing. It gets to page 44 and then the user navigates to a new page before it can finish. On the new page it then starts refreshing the data again from the beginning because the last refresh didn't complete. If the user keeps changing pages every few seconds, we could see a situation similar to yours, where it repeatedly loads the whitelist and blacklist in a single minute. Or, if the data is outdated and you open 10 tabs, each one would independently start refreshing all of the data. A simple fix could be storing a second date, the time the last refresh started. Then, the script could make sure another refresh hasn't started in the past few minutes.
Comment has been collapsed.
I don't know if I'm a heavy user or not, but it broke for me when esgst synced my profile yesterday.
i would echo the requests to make the rate higher (2x?) than what it is now. I fully understand the desire for DDoS protection, but when a legit user uses the site in a legit way, calling it "unnecessary page views" hurts. Our styles of suing the site might be very different than average, but it's still legit.
(FWIW, the only extensions I am running are ESGST (about 1/2 of the features) and tampermonkey. Tampermonkey has Touhou Giveaways Helper, RAChart Enhancer, and SGIgnore. i am also running stylus with Squished Potatoe's "SG Dark Grey" Theme).
Because of internet speeds on my end, and load times associated therewith I am also highly likely to regularly open in new tabs every giveaway on page one that looks interesting to me, tell the main page to go to page 2, and then go through those 10-to-however many tabs of gibs/discussions/etc, entering, commenting, or closing them as desired. This, coupled with the ESGST sync was the behavior that broke this site for me yesterday.
Oh, and btw, when steam had crashed the other month while ESGST was trying to sync data, it removed 400+ appids from my profile and 3 hours later added them all back.
Comment has been collapsed.
I think basic API support could decrease load. People have already built lots of extra functionality to the site. It would be easier to query from API e.g. all giveaways for particular user instead of requesting the same data page by page and parsing through it. I don't personally use scripts but can see their utility.
Comment has been collapsed.
You're right with this but this would not solve the problem that a lot of traffic on the site is generated by those scripts, so it would be better to prevent the requests at all instead of spreading them to a larger time frame :)
E. g. in my case the problem only occured because of some old functionality of ESGST which isn't even in use any more but still sent dozens and dozens of requests in the background without me even realizing.
Comment has been collapsed.
Can you let me know what functionality that is, so I can fix it?
Comment has been collapsed.
3.18 Giveaway Encrypter/Decrypter
It seems to me like it was loading all decrypted giveaways I had found and also it first requested them with giveaway/abcde/ and then there was a redirect to giveaway/abcde/gamename so it did even 2 requests for every giveaway.
I only realized that it was this feature as it was explained in the description of the giveaway I checked.
I deactivated the feature and the requests were gone, activated it again and they came back. I'm not sure if it was just from part of a backup which failed due to the restrictions or if the feature really always checks all old giveaways. Does the backup not include data if the feature for this data is disabled?
Comment has been collapsed.
Thanks, I'll look into it.
No, the backup data is not influenced by whether a feature is enabled or not. If you selected decrypted giveaways it should have them in the data. If there's nothing in the data, that could be the issue.
Comment has been collapsed.
That's true. We should make our own sg instead, with blackjack and hookers!
on a serious note: it would be much easier to adjust timings if cg bothered to announce exact rate limits
Comment has been collapsed.
I would like to be able to do that, but I have no idea what the limits are to adjust to.
They can be per second, per minute, per hour, per round hour, they may be dynamic or in a sliding window...
It would take a whole lot of time and effort to reverse engineer SG to be able to understand the exact rate limits.
Comment has been collapsed.
We'll see, I'm working on applying the limits to ESGST and seeing what can be done. It will probably only become a lot slower.
Comment has been collapsed.
Same issue right now. π
Nvm i found the reason: https://www.steamgifts.com/discussion/yLOhv/rate-limiting-limits
Comment has been collapsed.
72 Comments - Last post 3 hours ago by nigelt74
730 Comments - Last post 3 hours ago by adam1224
361 Comments - Last post 4 hours ago by Golwar
13 Comments - Last post 7 hours ago by looseangel
1,289 Comments - Last post 7 hours ago by stlpaul
304 Comments - Last post 8 hours ago by RobbyRatpoison
2,047 Comments - Last post 9 hours ago by WaxWorm
5 Comments - Last post 12 minutes ago by Carenard
97 Comments - Last post 16 minutes ago by Megamind9
16 Comments - Last post 1 hour ago by s4k1s
1,177 Comments - Last post 1 hour ago by Sh4dowKill
197 Comments - Last post 1 hour ago by samwise84
15,101 Comments - Last post 2 hours ago by Operations
350 Comments - Last post 2 hours ago by Sumnium
Hello,
Starting today, i've had this error from time to time : "429 Too Many Requests. It looks like you've sent too many requests recently. Please wait a few moments and then try again."
It looks like there is a number of requests available now until this error and a cooldown, and it's not very compatible with loading the bookmarked GAs (from ESGST). Did something change ? Thanks !
Comment has been collapsed.