Blocked requests

Yesterday we implemented a new protective service on our servers that will block requests if you’re sending too many at once to our servers. We did this because as it has developed through the years, Tribal Wars has become more and more complex due to the features we’ve added. Things like dynamic groups and the farm assistant have to process a lot of data in the background and so take a little while longer to load than the average web page.

Whenever you load a page in the game or perform any action, whether it be viewing the rankings, opening the rally point, sending troops via the map, or renaming an incoming attack or village name, your browser sends a request to our servers. Each world has multiple servers available to process your requests. On each server there are a number of “workers”, waiting impatiently to handle a request as soon as we receive it. Once a worker receives that request, it is 100% dedicated to handling that for you. It can’t handle another player’s request until it’s done with yours. If you’re loading something that takes a little while longer to process, such as a very complicated dynamic group or the farm assistant when you have over 2000 looting reports on your account, then the worker is busy until it’s done processing all of that data.

The number of workers available is a finite resource. We scale the amount depending on how popular the world is, ¬†how old it is, and so forth. No matter the size of the world, there’s always enough workers to ensure that your request is served immediately if everyone is playing normally.

The problems start to occur when one person suddenly starts consuming more resources than they should be by sending a very large amount of requests at once. For example, if you use a poorly implemented script that attempts to tag 1000 commands at once. That means your browser sends all 1000 requests to our servers in one go, as fast as your browser and network stack can handle it. The average computer¬†isn’t capable of sending 1000 requests that quickly, but can still handle maybe 50-100 per second. That means 50-100 workers on our servers are dedicated just to you. No other player can use them. Usually that’s fine, but what happens if multiple players start doing this? We can eventually reach the point where there are no workers left to process “normal” requests from everyone else.

The same thing happens if you use a browser addon or script to open 200 new tabs at the same time. That’s still a huge amount of requests.

There’s actually a term for this, a “Denial of service” attack. Although unintended, one person sends so many requests that the server has less resources to provide stable game play to the rest of the world.

So if you see a message in-game that you’re sending too many requests, you’ll need to reconsider what you’re doing. If you previously opened 200 tabs in one second, you’ll need to find a way to space it out a little. If you have a script that mass renames villages or tags things, make sure it’s being a good net citizen and add a timeout between each request. This is a necessary measure to ensure the server remains stable for everyone. One person or one group of players should not be able to hinder the progress of others by attacking the server – even if they are doing so unintentionally.

This protection also protects you from having server issues when people intentionally try to harm our servers. Sadly, this happens more often than you’d think.

So far we’ve seen that this protection has only kicked in for a very small amount of players, as little as 0.1%. For example, on the most recent Dutch world there have only been a handful of blocked requests, and these were for:

  • Illegally automatically sending requests to the loot assistant
  • Using a script to mass scrape data from the map
  • Sending hundreds of attack tagging requests in one second
  • Illegally automatically using the premium exchange



Comments are closed.