Home
Support Forums

Bot attack - traffic spike overcharge

Hello,

I’m running a few websites on Netlify with the apwine.fi domain (e.g. https://apwine.fi, https://app.apwine.fi, https://docs.apwine.fi) and some of them have seemingly been attacked recently. Although there’s only a couple thousands unique visitors, we’ve hit dozens of millions of page views and more than 2TB of bandwidth (on https://apwine.fi and https://app.apwine.fi). This means that even though we’re on the Business plan, we’ve still been overcharged over 5 times what we usually pay - and it keeps rising every week.

The concerning part is that there is no default block for this kind of bot attack, and that I am not able to see any more details in the Analytics dashboard either.
I’ve looked into adding a Cloudfare DNS to prevent such overcharging, but it seems Netlify doesn’t support it. I haven’t found a way to block these attacks with the netlify.toml config either, so I would really appreciate any tips / guidance / help on this issue. If you could please look into your logs and let me know what kind of traffic this is (e.g. user agent) that would greatly help.

Thank you!

Hi @ulydev,

We have sent you an email to the email address associated with this Netlify Forums account, and we’ll communicate with you through that email to continue resolving this issue.
(Please note that for security reasons, we will not contact you at email addresses not listed in your Netlify account.)

Also, please let us know with a reply here if you don’t receive a message from us.

Hi,
Thanks for the reply. The information that was provided to me through support is the country of origin and number of requests, which I’m sorry to say was unfortunately not useful at all - I’m already getting those through the Analytics dashboard.

I’m looking for advice specifically on how to block these requests and any additional info that I don’t already have and which may help establishing an efficient request filter.
Also I would appreciate if we continue the discussion here since that may help other users in the same situation - I only found a few topics on Netlify forums although this could be a recurring problem.

Thanks :slight_smile:

Hi @ulydev,

Yes, the information might not be particularly useful, but unfortunately at the moment, there’s nothing the user can do to prevent such attacks.

We do have Edge Handlers in development that could solve this issue, but yes, at the moment there’s nothing possible.

I see… Regarding the billing, do you have any way to prevent this overcharge from happening again? Is there a way to waive it? This is unfortunately not sustainable at all for us, we might have to switch if there’s no way to prevent it / remove it. Thanks.

Hey there,

do you have any way to prevent this overcharge from happening again?

Yup! You could, today, make use of Functions to vet your traffic. It’ll require some engineering but it’s not beyond the realms of possibility :slight_smile: Plenty of ideas dotted around these forums!

For more devoted DDoS protection, our Enterprise plan would be a good fit.

Long term, we’re continuously invested in projects to help protect customers against abusive traffic patterns. They’re becoming evermore sophisticated so it’s a constant game of whack-a-mole.

As for your billing concern, we can continue that discussion in your Helpdesk ticket :+1:.

1 Like