Server blacklisted from Facebook? - facebook-graph-api

Yesterday we installed a new plugin on our site to allow our posts to be posted to our Facebook page automatically. Well early morning Monday's and some testing code was left in that made the call a couple of thousand times in about an hour. Over 24 hours later, Facebook still returns:
{"error":{"message":"(#1) An error occured while creating the share","type":"OAuthException","code":1}}
The post is going to {page_id}/feed and using the extended access_token, which doesn't expire for pages.
I know this is related to the IP of the server, as I can perform a post via curl on our other servers without and problems (just copy and pasting over the curl arguments). So I was wondering if anyone has experienced this before and if there is a policy to get your server removed from the blacklist, or is it just a wait it out type thing?
TIA!

Related

GAE Error | Server Encountered an Error and couldn't complete your request. Please try again after 30 seconds

We have an app running on Google App Engine with Python 2.7 runtime which can be assessed using Google Login, implemented using users API endpoint.
We are getting an error "Server Encountered an Error and couldn't complete your request. Please try again after 30 seconds" whenever user tries to open the web app.. The error is thworn on App Engine side, since the 500 error happens on that line where this call is made 'GET https://appengine.google.com/_ah/conflogin'.
This happens for both mobile(majorly) and web. It shows the same error when we try after the specified time.
However when we clear the browser cookies, cache, history etc etc it starts working. Not sure why. But we cannot users to clear all such stuffs all time as they might loose the information that they browsed.
We tried various cases for login(multiple login, single login, incognito mode) but couldn't figure the root cause of the problem.
Have anyone faced such issues before? If yes please share how you solved it.

How do I get Alexa Voice Service registration code?

How do I get a registration code or otherwise solve this problem?
While writing this question, I realized the crux of this problem is the bottom-most part of this question: I'm not getting the popup I'm supposed to get and when I enter the URL in a browser it says invalid registration code.
I'm attempting to develop an Alexa Voice Service application. Website/companion service only. I have gone through the Reference Implementation Guide twice and have double checked that all of the setup has been done correctly.
This is the server error I get: invalid registration code. I never did anything with a registration code and can't seem to find anything about a registration code (relevant to Alexa) anywhere after googling quite a bit.
Listening on port 3000
error: { [InvalidRegistrationCode: The provided registration code was invalid.]
name: 'InvalidRegistrationCode',
message: 'The provided registration code was invalid.',
status: 401 }
Error: Can't set headers after they are sent.
Here's the client output:
vlcj: (DefaultMediaPlayer.java:183)
addMediaPlayerEventListener(listener=com.amazon.alexa.avs.AVSAudioPlayer$1#4b3a4950)
There was a problem connecting to the Companion Service. Trying again in 2 seconds. Please make sure it is up and running.
[DEBUG] joining on thread Thread[Timer-0,5,com.amazon.alexa.avs.AVSApp]
There was a problem connecting to the Companion Service.
Trying again in 2 seconds. Please make sure it is up and running.
The AVS launcher opens too, and when I record something and send it I get:
com.amazon.alexa.avs.AVSException: 403 Invalid Access Token
The instructions mention (at the very bottom of the reference guide) that I need to:
Please register your device by visiting the following website on any system and following the instructions: https://localhost:3000/provision/************** That URL is supposed to pop something up once the companion service but that hasn't happened.
Any thoughts on how can I fix this?
I was following a good document Project: Raspberry Pi + Alexa Voice Service at https://github.com/amzn/alexa-avs-raspberry-pi . It describes all steps very well.
Please take a look at the following steps:
3 - Getting started with Alexa Voice Service
3.1 Register for a free Amazon Developer Account
3.4 Register your product and create a security profile.
6 - Enable Security Profile
This thread on the Amazon developer forums seems related: http://forums.developer.amazon.com/forums/thread.jspa?threadID=11327&tstart=0
Quoted response:
There are a number of potential issues causing that error.
You might be sending an invalid scope. Are you sending "alexa:all" as
the scope? Or, your security profile might not be correctly linked. Is
it selected in the dropdown on the developer portal?
Are you getting an access token from the companion service, or is the
text box blank? If you're not getting an access token, check that your
device serial number matches between the companion service and the
java client. If you're getting an access token, the problem is more
likely with your security profile.
You should also look at these threads to see if they're helpful...
(links removed due to reputation requirement)
If that doesn't help, you'll probably have more luck asking the AVS team directly on their forum site.

504 gateway timeout django site with nginx+fastcgi

we added ability for admin users to change server date&time through the portal. Changing the date&time back is working fine, but changing forward(more than fastcgi_read_timeout) is returning '504 gateway timeout' even though server time successfully changed behind the scenes.
Please advice how to handle this?
Thanks.
I had a very similar issue with another project. Maybe it is best to submit the date&time credentials (I assume you would be using NTP servers IPs to do this) through the portal asynchronously via a JavaScript AJAX request. Then, let the server then do its thing with the date&time.
Meanwhile, have the client side JavaScript, continuously probe the server with interval AJAX requests (perhaps every 5 seconds) to get back a response message on the server time. That way, each subsequent AJAX request initiates a new Nginx session and if the first fails/timeouts, then try a second time, if that fails, then try a third time, and so on.
This worked on our system. However, I do not know if your product has login/authentication credentials. If it does, then the user may have to log back in once all set and done because a change in time may also expire their log-in session. I don't think this is such a big deal though because theoretically they should only need to change the date/time once in a while if not just one time only. So it shouldn't have too much of an impact on the user experience.
tags: nginx, NTP, timeout, 504

OpenGraph Debugger reporting bad HTTP response codes

For a number of sites that are functioning normally, when I run them through the OpenGraph debugger at developers facebook com/tools/debug, Facebook reports that the server returned a 502 or 503 response code.
These sites are clearly working fine on servers that are not under heavy load. URLs I've tried include but are not limited to:
http://ac.mediatemple.net
http://freespeechforpeople.org
These are in fact all sites hosted by MediaTemple. After talking to people at MediaTemple, though, they've insisted that it must be a bug in the API and is not an issue on their end. Anyone else getting unexpected 500/502/503 HTTP response codes from the Facebook Debug tool, with sites hosted by MediaTemple or anyone else? Is there a fix?
Note that I've reviewed the Apache logs on one of these and could find no evidence of Apache receiving the request from Facebook, or of a 502 response etc.
Got this response of them:
At this time, it would appear that (mt) Media Temple servers are returning 200 response codes to all requests from Facebook, including the debugger. This can be confirmed by searching your access logs for hits from the debugger. For additional information regarding viewing access logs, please review the following KnowledgeBase article:
Where are the access_log and error_log files for my server?
http://kb.mediatemple.net/questions/732/Where+are+the+access_log+and+error_log+files+for+my+server%3F#gs
You can check your access logs for hits from Facebook by using the following command:
cat <name of access log> | grep 'facebook'
This will return all hits from Facebook. In general, the debugger will specify the user-agent 'facebookplatform/1.0 (+http://developers.facebook.com),' while general hits from Facebook will specify 'facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php).'
Using this information, you can perform even further testing by using 'curl' to emulate a request from Facebook, like so:
curl -Iv -A "facebookplatform/1.0 (+http://developers.facebook.com)" http://domain.com
This should return a 200 or 206 response code.
In summary, all indications are that our servers are returning 200 response codes, so it would seem that the issue is with the way that the debugger is interpreting this response code. Bug reports have been filed with Facebook, and we are still working to obtain more information regarding this issue. We will be sure to update you as more information becomes available.
So good news, is that they are busy with it solving it. Bad news, it's out of our control.
There's a forum post here of the matter:
https://forum.mediatemple.net/topic/6759-facebook-503-502-same-html-different-servers-different-results/
With more than 800 views, and recent activity, it states that they are working hard on it.
I noticed that https MT sites don't even give a return code:
Error parsing input URL, no data was scraped.
RESOLUTION
MT admitted it was their fault and fixed it:
During our investigation of the Facebook debugger issue, we have found that multiple IPs used by this tool were being filtered by our firewall due to malformed requests. We have whitelisted the range of IP addresses used by the Facebook debugger tool at this time, as listed on their website, which should prevent this from occurring again.
We believe our auto-banning system has been blocking several Facebook IP addresses. This was not immediately clear upon our initial investigation and we apologize this was not caught earlier.
The reason API requests may intermittently fail is because only a handful of the many Facebook IP addresses were blocked. The API is load-balanced across several IP ranges. When our system picks up abusive patterns, like HTTP requests resulting in 404 responses or invalid PUT requests, a global firewall rule is added to mitigate the behavior. More often than not, this system works wonderfully and protects our customers from constant threats.
So, that being said, we've been in the process of whitelisting the Facebook API ranges today and confirming our system is no longer blocking these requests. We'd still like those affected to confirm if the issue persists. If for any reason you're still having problems, please open up or respond to your existing support request

OAuthException (#368) The action attempted has been deemed abusive or is otherwise disallowed

I'm trying to post a feed on my wall or on the wall on some of my friends using Graph API. I gave all permissions that this application needs, allow them when i make the request from my page, I'm having a valid access token but even though this exception occurs and no feed is posted. My post request looks pretty good, the permissions are given. What do I need to do to show on facebook app that I'm not an abusive person. The last think I did was to dig in my application Auth Dialog to set all permission I need there, and to write why do I need these permissions.
I would be very grateful if you tell me what is going on and point me into the right direction of what do I need to do to fix this problem.
Had the same problem. I figured out that Facebook was refusing my shortlinks, which makes me a bit mad...but I get the point because its possible that shortlinks can be used to promote malicious content...so if you have shortlinks as part of your test, replace them w the full url...
I believe this message is encountered for one of the two reasons :
Your post contains malicious links
You are trying to make a POST request over a non-https connection.
The second one is not confirmed but I have seen that behavior. While same code in my heroku hosted app worked fine, it gave this #368 error on my 000webhost hosted .tk domain which wasn't secured by SSL
Just in case anyone is still struggling with this, the problem occurs when you put URLs or "action links" that are not in your own app domain, if you really need to post to an extarnal page, you'll have to post to your app first, then redirect from there using a script or something. hope that helps.
also it's better in my opinion to use HTTPS links, as sometimes i've seen a behaviour where http links would be rejected, but that's intermittent.
I started noticing that recently as well when running my unit tests. One of the tests I run is submitting a link that I know Facebook has blocked to verify that I handle the error correctly. I used to get this error:
Warning: This Message Contains Blocked Content: Some content in this message has been reported as abusive by Facebook...
But starting on July 4th, I started receiving this error instead:
(#368) The action attempted has been deemed abusive or is otherwise disallowed'
Both errors indicate that Facebook doesn't like what you're publishing.