Hi Netlify, I am the OP of this post Netlify just sent me a $104K bill for a simple static site
and we have been communicating via email in the last few days. We appreciate Netlify’s quick actions. However, most of my questions there were still unanswered so I am posting here hoping to get more attention. So as I said in our email, at this point we are more concerned about the attacker behind this. And it would be very helpful if you can provide the following information so that we can investigate the attack further:
Full list of source IPs hitting that mp3 file
A few dozen samples of the request headers
Any indication that would make it appear that it’s a crawl (repeated request to a single URL is very different)
Connection duration
Number of simultaneous requests
Egress chart over time
Which PoP served the requests (if they have localized DNS)
Since the dashboard in Netlify doesn’t offer these information I have to ask for them here. Please also let me know if I can do anything to assist your investigation. Thank you!
Hey there @laubonghaudoi Absolutely, we are actively working on your request in the helpdesk, we’ll continue to work on it over there. We’ll be responding to you there. Thank you.
Following. I’d like to know what happens with this, as this is very concerning for myself and all my clients - what other safeguards or solutions does Netlify have available to prevent something like this from happening to begin with?
Confirming that I have received the IP address info from Netlify support. We are actively analyzing the data and reaching out to GCP for more information. Meanwhile I want to know, has Netlify also done any analysis or investigation on your end?