I am the OP of that $104K bill post and I have some follow-up questions

Hi Netlify, I am the OP of this post Netlify just sent me a $104K bill for a simple static site
and we have been communicating via email in the last few days. We appreciate Netlify’s quick actions. However, most of my questions there were still unanswered so I am posting here hoping to get more attention. So as I said in our email, at this point we are more concerned about the attacker behind this. And it would be very helpful if you can provide the following information so that we can investigate the attack further:

  • Full list of source IPs hitting that mp3 file
  • A few dozen samples of the request headers
  • Any indication that would make it appear that it’s a crawl (repeated request to a single URL is very different)
  • Connection duration
  • Number of simultaneous requests
  • Egress chart over time
  • Which PoP served the requests (if they have localized DNS)

Since the dashboard in Netlify doesn’t offer these information I have to ask for them here. Please also let me know if I can do anything to assist your investigation. Thank you!

3 Likes

Hey there @laubonghaudoi Absolutely, we are actively working on your request in the helpdesk, we’ll continue to work on it over there. We’ll be responding to you there. Thank you.

1 Like

Following. I’d like to know what happens with this, as this is very concerning for myself and all my clients - what other safeguards or solutions does Netlify have available to prevent something like this from happening to begin with?

1 Like

@kristopherray There’s a post by Netlify’s CEO on X that addresses some of that (albeit perhaps not to the level of detail you may want):

For keeping an eye on anything new that’s put in place you could track this “feature request” thread:

2 Likes

Thank you! Yes let’s keep our communication in our email thread and let this public thread be an open place for discussion.

Following. I’d like to know what happens with this.

1 Like

It’s unlikely this post would be updated further as it’s being worked-on in the helpdesk. Are you looking for something specific?

Confirming that I have received the IP address info from Netlify support. We are actively analyzing the data and reaching out to GCP for more information. Meanwhile I want to know, has Netlify also done any analysis or investigation on your end?