I’m running a few websites on Netlify with the apwine.fi domain (e.g. https://apwine.fi, https://app.apwine.fi, https://docs.apwine.fi) and some of them have seemingly been attacked recently. Although there’s only a couple thousands unique visitors, we’ve hit dozens of millions of page views and more than 2TB of bandwidth (on https://apwine.fi and https://app.apwine.fi). This means that even though we’re on the Business plan, we’ve still been overcharged over 5 times what we usually pay - and it keeps rising every week.
The concerning part is that there is no default block for this kind of bot attack, and that I am not able to see any more details in the Analytics dashboard either.
I’ve looked into adding a Cloudfare DNS to prevent such overcharging, but it seems Netlify doesn’t support it. I haven’t found a way to block these attacks with the netlify.toml config either, so I would really appreciate any tips / guidance / help on this issue. If you could please look into your logs and let me know what kind of traffic this is (e.g. user agent) that would greatly help.