Massive limit costs due to attack
How does playfab handle limits being breached due to obvious attacks?
I know it was mentioned somewhere that playfab will make attempts to limit actions based on IP but I'm seeing things like:
> 55k logins from one ip in 24 hours
> 88k entity events
While I understand I should limit unused API, sometimes you cant know whats missed until it happens. Also a lot of the docs arent quite clear as to how to limit stuff, for example, I made use of UpdatePolicy to do:
Resource = "pfrn:api--/Client/WriteEvents"
It returns success, yet shortly after, I'm still being warned about exceeding limits?
Whom do I speak with regarding billing?
Thanks for your time.
Best Answer
PlayFab limit the client requests based on IP address, the limit is 100 calls per 2 minutes. Although “55k logins in 24 hours” is an obvious anomaly, but it is not exceed the limit(about 72k requests in 24 hours). You should analyse the events data to figure out whether it is caused by a script or not. Because the case can be similar if players are using VPN service. You can ban the IP address with API BanUsers to stop the attack if you find that it was caused by script. Please note that If you ban an IP of a service(rely server) may cause massive reports from the customers. You should be very careful doing this.
As for events, the ApiPolicy can’t restrict the entity APIs, the WriteEvents is one of them. Besides, some actions will generate events automatically, such as login. So part of “88k entity events” should be generated by login. It can be reduced by banning the IP.
Regarding billing questions, you can submit a request via Contact us.
Is it possible to find out playfabid's that make a certain api call using the data analyzer?
You can filter the Events based on the EventName and PlayFabId in the Data Explorer to do that, please note that the events and APIs are not one-to-one. If you want to record events about a specific API, you can create custom events to implement it. Here is the built-in events list, you can have a look.
I think you should also check the login method to see if the custom ID has a regular pattern.
Here is a sample for your reference.
['events.all']
| where FullName_Name == "player_logged_in"
| where Entity_Id == "D85738AD34F5F820"
| sortby Timestamp
For more information about Data Explorer(Advanced mode), please refer to Getting started with Data Explorer advanced mode.
