Reeder is making excessive requests to RSS feeds all at one time

Resolved

The behavior reflects the same qualities of a DDoS attack. However, it can't be classified as such, since we have no reason to believe intentions are malicious. But the issue causes a degradation in the performance of RSS feeds for its users.

Furthermore, the user agents appear to be slightly different among the many requests, which looks to be intentional to circumvent our rate limits and IP detection. See user agent examples of most recent logs below:

Reeder/5040002 CFNetwork/1410.0.3 Darwin/22.6.0Reeder/4020.89.01 CFNetwork/1126 Darwin/19.5.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Safari/605.1.15 Reeder/5.4
Reeder/5040002 CFNetwork/1490.0.4 Darwin/23.2.0
Reeder/5020205 CFNetwork/1335.5 Darwin/21.6.0
Reeder/5040002 CFNetwork/1492.0.1 Darwin/23.3.0
Reeder/5040104 CFNetwork/1335.5 Darwin/21.6.0
Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
Reeder/5030102 CFNetwork/1406.0.4 Darwin/22.4.0
Reeder/5020205 CFNetwork/1492.0.1 Darwin/23.3.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15 Reeder/5.4
Reeder/5040104 CFNetwork/1490.0.4 Darwin/23.2.0
Reeder/4020.89.01 CFNetwork/1490.0.4 Darwin/23.2.0
Reeder/4020.89.01 CFNetwork/1410.1 Darwin/22.6.0
Reeder/4020.89.01 CFNetwork/1410.0.3 Darwin/22.6.0
Reeder/5040002 CFNetwork/1240.0.4.5 Darwin/20.6.0
Reeder/3.2.40 CFNetwork/1335.0.3.4 Darwin/21.6.0
Reeder/4020.89.01 CFNetwork/1335.0.3.4 Darwin/21.6.0
Reeder/5040103 CFNetwork/1335.5 Darwin/21.6.0
Reeder/5040002 CFNetwork/1474 Darwin/23.0.0
Reeder/5020205 CFNetwork/1474.1 Darwin/23.0.0
Reeder/5040002 CFNetwork/1458.2.2 Darwin/23.0.0
Reeder/5040002 CFNetwork/1474.1 Darwin/23.0.0
Reeder/5040002 CFNetwork/1485 Darwin/23.1.0
Reeder/5020205 CFNetwork/1490.0.4 Darwin/23.2.0
Reeder/3.2.40 CFNetwork/1126 Darwin/19.5.0

• 12/06/2023 10:17 AM:

  The requests seem to be coming from the Reeder app, so we've filled out their support form informing of the issue and requesting support for a resolution.

• 01/12/2024 2:33 PM:

  Filled out support form a second time re-requesting help to resolve.

• 04/23/2024 10:02 AM:

  The app appears to be using different IP addresses and still making excessive requests, despite our response headers to hold off. Each IP makes ~18 requests in the exact same millisecond—sometimes done right after another.

  IPs are being banned, but the server still takes a hit before the ban happens.

  Number of recent bans in logs as of 8:47 AM EST:

  IP	Date banned	User agent
  91.148.243.169	2024-04-21 08:12:04.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.238.98	2024-04-19 03:29:04.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.238.159	2024-04-17 09:50:24.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  86.76.213.19	2024-04-17 04:47:37.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.193	2024-04-15 06:02:24.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.213	2024-04-11 04:02:57.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.223	2024-04-09 17:49:41.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  31.53.236.107	2024-04-07 13:46:39.000 -0400	Reeder/5040002 CFNetwork/1492.0.1 Darwin/23.3.0
  91.148.242.215	2024-04-06 05:00:10.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.233.50	2024-04-04 07:22:48.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.216	2024-04-03 04:01:58.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.212	2024-03-31 12:48:40.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.221	2024-03-28 12:16:34.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.214	2024-03-27 11:27:05.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.220	2024-03-25 07:53:06.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.210	2024-03-24 11:43:13.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.209	2024-03-22 12:22:38.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  109.156.126.244	2024-03-21 13:04:20.000 -0400	Reeder/5040002 CFNetwork/1492.0.1 Darwin/23.3.0
  91.148.242.222	2024-03-21 05:33:48.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.205	2024-03-20 12:06:22.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  147.148.13.183	2024-03-18 14:44:16.000 -0400	Reeder/5040002 CFNetwork/1492.0.1 Darwin/23.3.0
  91.148.242.218	2024-03-18 08:22:16.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.211	2024-03-16 10:12:13.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.242.219	2024-03-13 09:48:53.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.224.74	2024-03-11 09:06:17.000 -0400	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  84.247.48.242	2024-03-08 07:23:47.000 -0500	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.233.37	2024-03-06 11:39:56.000 -0500	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.224.65	2024-03-03 04:44:04.000 -0500	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.233.42	2024-03-02 03:34:07.000 -0500	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  91.148.228.16	2024-03-01 05:55:49.000 -0500	Reeder/5040002 CFNetwork/1335.5 Darwin/21.6.0
  86.186.180.241	2024-02-28 16:46:56.000 -0500	Reeder/5040002 CFNetwork/1492.0.1 Darwin/23.3.0

• 05/31/2024 6:59 PM:

  Reeder IP addresses are still getting blocked due to the aggressive amount of requests, averaging a couple of IP addresses per hour. Still haven't received any response back after multiple attempts of reaching out about the issue.

• 06/06/2024 7:02 AM:

  Even though the user agent website shows that user agents with a similar structure are from an iOS app called "Reeder", we're unable to determine definitively if the official Reeder app is the cause of these requests. As a result, we've removed the app from the summary and description of this issue until we're able to confirm.

  We've found that many of the aggressive requests are using IP addresses provided by Huawei Cloud, which is a China-based cloud service provider. We're compiling evidence in preparation to contact this company directly to report the abuse.

• 11/26/2025 9:10 AM:

  This issue has been resolved and is now being mitigated by restricting the application's requests through our abuse protection. Because Reeder is not a verified reader, it will continue to be automatically restricted when excessive requests are made—even if those requests are made across multiple IP addresses and regardless of their User Agent.

  If you are a Reeder user and donating at least $25 or more per month to help with server costs, please contact us for a special token that can be added to the application that will remove these restrictions.