I’m running a few websites on Netlify with the apwine.fi domain (e.g. https://apwine.fi, https://app.apwine.fi, https://docs.apwine.fi) and some of them have seemingly been attacked recently. Although there’s only a couple thousands unique visitors, we’ve hit dozens of millions of page views and more than 2TB of bandwidth (on https://apwine.fi and https://app.apwine.fi). This means that even though we’re on the Business plan, we’ve still been overcharged over 5 times what we usually pay - and it keeps rising every week.
The concerning part is that there is no default block for this kind of bot attack, and that I am not able to see any more details in the Analytics dashboard either.
I’ve looked into adding a Cloudfare DNS to prevent such overcharging, but it seems Netlify doesn’t support it. I haven’t found a way to block these attacks with the netlify.toml config either, so I would really appreciate any tips / guidance / help on this issue. If you could please look into your logs and let me know what kind of traffic this is (e.g. user agent) that would greatly help.
We have sent you an email to the email address associated with this Netlify Forums account, and we’ll communicate with you through that email to continue resolving this issue.
(Please note that for security reasons, we will not contact you at email addresses not listed in your Netlify account.)
Also, please let us know with a reply here if you don’t receive a message from us.
Hi,
Thanks for the reply. The information that was provided to me through support is the country of origin and number of requests, which I’m sorry to say was unfortunately not useful at all - I’m already getting those through the Analytics dashboard.
I’m looking for advice specifically on how to block these requests and any additional info that I don’t already have and which may help establishing an efficient request filter.
Also I would appreciate if we continue the discussion here since that may help other users in the same situation - I only found a few topics on Netlify forums although this could be a recurring problem.
I see… Regarding the billing, do you have any way to prevent this overcharge from happening again? Is there a way to waive it? This is unfortunately not sustainable at all for us, we might have to switch if there’s no way to prevent it / remove it. Thanks.
do you have any way to prevent this overcharge from happening again?
Yup! You could, today, make use of Functions to vet your traffic. It’ll require some engineering but it’s not beyond the realms of possibility Plenty of ideas dotted around these forums!
For more devoted DDoS protection, our Enterprise plan would be a good fit.
Long term, we’re continuously invested in projects to help protect customers against abusive traffic patterns. They’re becoming evermore sophisticated so it’s a constant game of whack-a-mole.
As for your billing concern, we can continue that discussion in your Helpdesk ticket .
Plenty of ideas dotted around these forums!
.