Huge bandwidth Spike - DDoS?

I’ve recently received notifications that I’m using up my 1TB bandwidth within a few days. Our homepage is very heavy, but still, to use that amount in such a short time is a bit crazy.

When I looked at Netlify Analytics I noticed I’m getting 5 million hits from Russia.

I’ve now put in a Netlify Edge function which returns ‘you are not allowed to view this site’ when the location is Russia, but it looks as though they are hitting my site 3x per second, so I’m pretty sure I’m going to end up paying for more edge functions.

There isn’t any real consistency in the IP addresses as far as i can see (some repeated but not many)

Is there a better way of protesting myself and the website from this kind of attack?
(pro account user)

Hey there! Thanks for reaching out to us. I’m wondering if it’s possible you have a second account, because when I look up TheJuniperStudio I’m not seeing more than 26GB out of the allotted 1TB for bandwidth in this billing cycle. Are you reporting that you’re 25% of the way through your bandwidth? If so, then this is the right account and we’ll continue here!

The best method of protection here is indeed using the Edge Function to block this traffic. I was able to also pull up a User Agent report to see if we could get more insight, as you already have looked into the IP’s.

The top UA for this traffic was:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4590.2 Safari/537.36 Chrome-Lighthouse

at 24.64GB

compared to the 2nd UA who only used 7.4GB.

I hope this is helpful! If you end up going over a ton in edge functions please reach out to us, as we may be able to compensate you for a verified DDOS attack!

Let me know if you have any other questions. Thanks!

Hi, this is indeed on a different account, a client we work with. The account is apexgroup. We are seeing the issue with both and .com sites within that account.