PDA

View Full Version : Requests Disabled


Avian
03-06-2002, 08:49 AM
The abuse of the automatic request feature on Aural Moon has become so much of a problem that I have disabled the automatic handling of requests. People are spoofing their IP address to make multiple requests (10-30) at a time, sometimes monopolizing the station's time for many hours at a stretch.

When I'm around, I'll be manually sending your request through (once I've verified that you are not one of the abusers)- but if I'm not, don't expect to hear your request.

It's unfortunate that a few individuals' thoughtlessness can ruin such a great system. However, it's better than everyone spending their time listening to the music requested by the same few people.

I am taking measures to prevent this from happening again, but if folks persist on abusing the feature, I'm sure they'll find a way around it. That means that the requests could remain disabled for an extended period of time.

It amazes me that people can take a service such as ours, which does nothing but generously provide art and entertainment free of charge or advertising, and find ways to prevent it from happening. Mind boggling, really.

- Avian

P.S. One idea is to have everyone register and log in to the web site before they can make requests. But this is beyond my current knowledge of php scripting, SQL and such. If you have such skills, and would like to lend a hand, your help would be greatly appreciated!

dinosaur
03-06-2002, 11:41 AM
I hope you people are happy!
You've succeeded in eliminating one of the best features in internet music.
Who in @#&*?! do you think you are?!

We know who you are.

You're the same people who won't take your proper turn at four-way stop signs, sneeze in the salad bar, and cheat on your taxes (really, stealing from the rest of us). You're thieves and we have ways of dealing with you.
I bet you didn't know this: the purpose of the development of genetic engineering is to eliminate you and your offspring forever...and we're almost there!

Yesspaz
03-06-2002, 04:17 PM
some people should be sent off to an island with no boats and no planes, and let them degenerate whatever society they have into oblivion.

I requested a song last night, and after an hour and twnety minutes, I got off the internet. I wish somehow we could ge a feature that showed who is listening at any given time. And when Avian or Jim were on...

Yesspaz
03-06-2002, 04:19 PM
Maybe the programmers of SAM have run into this enough to know how to stop it? Just thinking and probably showing my ignorance.

Avian
03-07-2002, 06:48 AM
The only real way to do it is at the web-server side. By the time it gets to SAM, it doesn't know any better.

- Avian

Avian
03-08-2002, 09:22 AM
The requests are back on.

rocobley
04-11-2002, 10:57 AM
Are they still on? I've been trying to request songs recently & haven't gotten anywhere.

Incidentally, what about making the request facility a membership only thing like the forums? Would that work in stopping the abuse?



Roderick

Michael Rawdon
04-18-2002, 07:40 PM
I've been trying to submit requests for a week or two, never with any effect. (Either that, or the lag time is currently greater than 2-to-3 hours.) Are requests still down? A bummer if so; I've been trying to listen to some tracks by some bands whose albums I'm interested in buying... :(

Avian
04-18-2002, 10:37 PM
During the past few days, I've been taking them up and down as the abuse comes through. There are folks requesting gobs of songs in a row (particularly, one guy with Genesis).

Anyway, keep, trying - I'm going to try and keep them up more often.

- Avian

progdirjim
04-19-2002, 12:52 AM
Michael Rawdon:

What albums/artists are you trying to listen to and what time of day? I'll try to get some on if I'm DJing at the time...

Occasionally the lag time for requests gets up to two hours, but not often. Usually Avian or myself is DJing during peak hours, and we try to keep the request list from backing up too far.

Keep trying, and thanks for listening.

Michael Rawdon
04-19-2002, 02:02 PM
Lately I've been requesting Spock's Beard and Iluvitar. I'll probably go for I.Q. and the Flower Kings next. Thanks for the offer!

I think I've listened to enough Transatlantic that now I just need to go buy one of their albums. :D

I'm usually listening between 10 am and noon, and 1 pm and 6 pm, Pacific Time.

(Ironically, recently I was slowly cranking through the 76-92 Genesis collection, but I think I've listened to it all now. Which means I won't be requesting "Feeding the Fire" every other hour anymore. :) )

One last thought: It would be nice, when the request system is down, if we could get some feedback from the site to that effect. Whenever I've placed a request, the window that pops up tells me it was successfully submitted, even though the request system appeared to be down at that time (since my song didn't get played in the ensuing 2-to-3 hours). Just a thought; I dunno how easy that would be to do...

Avian
04-19-2002, 05:11 PM
Well, when the request system is "down" I just mean that it's not handling them automatically. They sill go into a request "bin" and Jim and I do our best to still play them.

But I'll try to post a note when that happens. Thanks!

- Avian

vern ali quinox
04-25-2002, 10:35 AM
Just a comment on the request limiting stuff...

It appears that the 1-request-per-hour limit is imposed per IP address -- a fact which I accidentally discovered from a pc which sits behind a firewall using network address translation (NAT). (If I'm completely wrong on how it works, please disregard the rest of this post.)

With the way NAT is configured on that network, each outbound TCP connection gets its own source IP/port assigned to it, so successive HTTP requests can appear to come from multiple systems even though it's just one browser generating them.

The problem is that if the rule is just '1 request per hour per ip address', then anybody behind a NAT firewall that works as described above can make as many requests as there are addresses in their outbound NAT pool. For folks listening on large networks using NAT (which is rather common), that could be a significant number (>100).

Adding a cookie with a 1-hr timeout per request might make it slightly less easy to circumvent the intent of the 1-request-per-hr limit. Sure, folks could delete the cookie, but if you kept the 1-per-address rule in place as well, you'd at least make it require a bit more effort for folks to circumvent the intent of the policy.

Short of using cookies, even limiting the number of requests per address block (say, class-C sized blocks) per hour might help reduce the abuse, since NAT typically uses contiguous address blocks.

This is a common problem with any network-based authentication mechanisms that are intended to be transparent to the user -- while it's trivial to determine how many IP addresses are hitting your server, it is less easy to figure out how many machines are really behind that, and even harder to map all the way back to humans sitting at keyboards. Short of prompting the user to identify themselves, there's nearly always going to be a way to abuse the intended policy.

Avian
04-25-2002, 02:25 PM
Thanks for the information! That would explain a great deal. We're still left with the problem, however.

There is new version coming out of the software that we use that might address this.

Until then, we'll try and get to the requests manually.

Avian

rocobley
04-29-2002, 09:02 AM
I repeat the suggestion I made earlier on:-

Would making requests a members only service like the forum work?



Cheers

Avian
04-29-2002, 07:08 PM
It would, but I don't have the web expertise or the time to pull it off. I've seen this on other radio stations, and if I can get the time, I'll try and implement it.

Avian