For at least a year now I’ve had monthly emails from Netlify telling me that I’ve used >50% of my bandwidth allowance, or sometimes even more – this month I reached over 75%.
This was always strange to me as I was hosting a small personal site with no large file downloads. It was clear to me that I was not using 75-100GB a month.
However this finally became obviously incorrect when I moved my site to a new VPS. My domain has not pointed at Netlify since early January, and yet in February’s billing cycle I used over 75GB of the 100GB free plan allowance. Checking my account now I can see that I am still racking up bandwidth usage.
I’ve never publicised or linked to the Netlify domain (danpalmer.netlify.app), so a malicious hot-link on a different popular enough site seems unlikely, and that’s the only thing I can think of that would cause substantial bandwidth usage.
What’s going on?!
The only other cause I can think of is that an internal Netlify system, perhaps for monitoring, is polling the site and using up the bandwidth, bypassing the public domain. While I’m on the free plan and can’t really complain if Netlify only gives a much lower effective amount of bandwidth, this would be bad for anyone paying for additional bandwidth.
Is there anywhere I can see the referrers for traffic, or get debug logs that might indicate what’s going on? I can see there’s a paid analytics product, but as I’ve moved on from Netlify and am only trying to satisfy my curiosity I’m not going to sign up just to figure this out.
After further investigation it looks like your site has a lot of traffic from a single IP over the past week specifically from one person. So its possible it is an attack.
If you want you can publish an empty site or we could deactivate the site for you if you are not using it; this would prevent more bandwidth usage.
@SamO thanks for looking this up, could you provide the details – if you don’t want to share publicly then feel free to email me on my account email address.
It’s possible this is non malicious, in which case I’d like to be able to put the necessary redirects in place on my new hosting or get in touch with whoever might be linking to the site.
IP, domain, maybe user agent, or even just the URLs being hit. Any of that would be beneficial in figuring out what’s going on. Any more context you can provide.
While I can imagine this runs afoul of “privacy concerns”, it’s amusing to know that you cannot get access details for “your own website”.
@danpalmer If they’re hitting the publicly accessible pages, you could deploy code to grab their IP yourself, circumventing this kind of “privacy theatre”.
I could put up a JavaScript snippet to log things, but that assumes that it’s being loaded in a browser.
I think a more likely case is someone hotlinking an image, or maybe linking to one of a handful of JSON files. Another possibility is that something is polling my RSS feed hard. None of those would show up with a JS snippet.
The weird thing is that I never used the Netlify domain. I’ve never shared it or even used it myself. I’ve always gone via my domain. This raises a question of a bug in Netlify’s systems that has caused that to leak in some form. This leads me back to the suspicion that the bandwidth could be from an internal Netlify system, such as a monitoring service.
I’m skeptical of privacy concerns. If I were running the web server myself I would have these logs, Netlify as a host is an implementation detail and doesn’t change the privacy relationship I have with users of my site.
@danpalmer I’m sure you’re aware, since you’ve already tried a few things, but you could also attempt to track with a fake image or fake html file performing a redirect/proxy elsewhere.
That’s precisely my own point, the idea that a “modern hosting solution” provides less visibility than one from 20 years ago is fairly amusing.