Well, this is interesting.<p>I've been running <a href="http://jsonip.com" rel="nofollow">http://jsonip.com</a> for 4-5 years.<p>Right now, it's averaging 10 million requests a day.<p>I don't do any logging other than total bandwidth usage, in and out. I <i>have</i> been getting numerous noticed from my host because I haven't bothered to update the usage alarm levels. I'll adjust that when it matters.<p>Basically, I don't give a shit what you're using it for. Only <i>one time</i> in the last 4 years have I had to explicitly take action against an abusive user. If you're the dipshit with the misconfigured squid proxy a few years ago that got the 418 You're a teapot response, you know who you are.<p>Btw jsonip is a node.js service. It's been working at scale, just fine, and will continue to in the future.
I have a free API which provides business rating info about the business behind a web site.[1] Try:<p><pre><code> http://www.sitetruth.com/fcgi/rateapiv3.fcgi?url=ycombinator.com&format=json&key=guest
</code></pre>
It gets modest usage. We can limit usage based by "key", but currently don't have to. It does have fair queuing; if you submit a large number of requests from the same IP address, you won't delay requests from other IP addresses. This is enough to deal with anything short of a determined DDOS.<p>[1] <a href="http://www.sitetruth.com/doc/sitetruthapi.html" rel="nofollow">http://www.sitetruth.com/doc/sitetruthapi.html</a>
How was the service “abused” by malware? There's plenty of other ways to get computer's external IP address from public or private-but-always-accessible sources, and a bit less to get some location data. I doubt the shutdown creates any significant problems for nefarious users.
A lot of the history of the internet seems to repeat this theme, idealistic engineers make assumptions that other people are going to be nice and considerate only to discover that there are a lot of assholes out there.