
Ask HN: How to deal with Telegram bot API spam? - throwaway34565
We&#x27;ve got a slight problem we are trying to fix today dealing with Telegram Bot servers API, https:&#x2F;&#x2F;core.telegram.org&#x2F;bots , spam putting a heavy strain on our servers.<p>We run a service for processing web hooks for various other services like Slack and Telegram. We have rate limits in place to ensure that no one user can take up too many resources and affect services.<p>The problem is we are getting a ton of requests from Telegram server IP address blocks to our servers for services which don&#x27;t exist anymore. It mostly looks innocuous like forgotten test services or development services constantly echoing hello.<p>Normally we would simply add the offending IP address to be blocked on the system level. In this case however; if we start adding Telegram server IP addresses all Telegram services will go down for all our users.<p>Has anyone else dealt with this issue? Is there a good way to contact Telegram for sort of thing? We don&#x27;t really understand why their Bots API is sending us so many requests.
======
rajeshpant
How do you rate limit your API's?

One of the approaches is to assign a unique token(has based on IP, time, TTL
etc) for every new session. Implement this on a front layer before hitting
your API servers.

------
mgliwka
The appropriate email address seems to be abuse@telegram.org. Other channels
(i.e. in app support) in contrast are being run by volunteers not affiliated
with Telegram.

~~~
throwaway34565
I reached out to abuse@telegram.org and have been waiting for a bit to hear
back.

I think the problem might be related to the retry logic when the Telegram Bot
API fails to get a valid response. Possibly Telegram is retrying the failed
request forever.

We've started to block some of the most offending telegram IP addresses and
are reaching out to any paying customers running Telegram bots.

