Web service that was charged more than 3 million yen in 72 hours by mistake in setting Firebase



Firebase is one of the services operated by Google and it is often used for development of web services, smartphone applications, etc. because it makes it easy to use functions like server. Entrepreneur Nicola also used Firebase to create a web service, but since I made a mistake, I posted a blog posting a charge of over 3 million yen in 72 hours I will.

How we spent 30k USD in Firebase in less than 72 hours
https://hackernoon.com/how-we-spent-30k-usd-in-firebase-in-less-than-72-hours-307490bd24d

Mr. Nikola operates a cloud funding site named Vaki in Colombia, but on that site political cloud funding " #UnaVacaPorDeLaCalle " became very popular. The number of sessions exceeded 2 million in 48 hours since the start of this cloud funding, and it seems that the page was loaded by 20 million times. The following image seems to have analyzed the page of Vaki with Google Analytics, but you can confirm that there are nearly 2,000 people "En este momento (people currently visiting the site)".



Although the site continued to run without going down despite this many accesses, it turned out that it took some 30 seconds or more for some users to load the page, Nicolas' team decided to investigate the cause I will embark on. Although I tried such as updating Angular of the framework which made the site over two days, I was not able to get the result but after that I was surprised by the charged amount when I looked at the Firebase dashboard . On the page displaying the charge of Firebase, it was shown that a charge of 30,000 dollars (about 3.3 million yen) occurred in 72 hours, and the graph seemed to jump like a mountain like the image below is.



As a result of investigation, it turned out that the design of the code for displaying the total amount supported by the cloud funding was wrong. Normally it would have been better to load the document saved as "total amount" once, but this time it was implemented as "to load all payment data and total on the client" about. For example, in the image below, 1666 people support a total of 244,875 dollars, but instead of reading the number 244876 one time and reading it, read the respective support amounts 1666 times and add them together I showed the total amount.



This is the same structure on the page of the list, so that we had to access all the payment data and a huge amount of access occurred. Although loading the page itself was about 20 million times, access to Firebase was over 4.6 billion times.



Since Firebase is provided using Google's server, there is a merit that it is effective, but there is also a disadvantage that the usage fee can not be stopped because it scales even if you accidentally misunderstand it It makes me realize.

Nikora commented that he contacted Google and got subsidy by getting subsidy for startup, but "It is very important to debug all access to the server before release" I will.

in Note,   Web Service,   Web Application, Posted by log1d_ts