Well, this is interesting.

I've been running http://jsonip.com for 4-5 years.

Right now, it's averaging 10 million requests a day.

I don't do any logging other than total bandwidth usage, in and out. I have been getting numerous noticed from my host because I haven't bothered to update the usage alarm levels. I'll adjust that when it matters.

Basically, I don't give a shit what you're using it for. Only one time in the last 4 years have I had to explicitly take action against an abusive user. If you're the dipshit with the misconfigured squid proxy a few years ago that got the 418 You're a teapot response, you know who you are.

Btw jsonip is a node.js service. It's been working at scale, just fine, and will continue to in the future.

That sounds pretty cool. Out of interest, that works out at an average of 115 requests per second. How many Node servers do you have serving that if you don't mind me asking?

Probably one. This means it has roughly 8ms/request and likely works because it's not computationally bound.

I have a free API which provides business rating info about the business behind a web site.[1] Try:

   http://www.sitetruth.com/fcgi/rateapiv3.fcgi?url=ycombinator.com&format=json&key=guest

It gets modest usage. We can limit usage based by "key", but currently don't have to. It does have fair queuing; if you submit a large number of requests from the same IP address, you won't delay requests from other IP addresses. This is enough to deal with anything short of a determined DDOS.

[1] http://www.sitetruth.com/doc/sitetruthapi.html

How was the service “abused” by malware? There's plenty of other ways to get computer's external IP address from public or private-but-always-accessible sources, and a bit less to get some location data. I doubt the shutdown creates any significant problems for nefarious users.

A lot of the history of the internet seems to repeat this theme, idealistic engineers make assumptions that other people are going to be nice and considerate only to discover that there are a lot of assholes out there.

I'm not sure that's quite accurate. The assumption that most people are nice and considerate is a fair one; the problem is that engineers often fail to understand how few assholes it takes to ruin something.

Possibly in part because in physical life, the assholes have to show up. While online they just need to be online.

Thus often it seems like a pack of sharks smelling blood in the water from beyond the horizon.

It only takes one rotten apple to spoil the barrel.

There was another post along these lines about running some kind of pastebin clone but I can't find it.

Possibly Remy Sharp's "The Toxic Side of Free" series about running JSBin - https://remysharp.com/2015/09/14/jsbin-toxic-part-1

Yes, thanks!