Feb 28, 2024 23:00:00

A record that a request of 15 million yen was suddenly received from a cloud computing company due to a DDoS attack

Reddit user

Atsh received $104,500 (approximately 15.7 million yen) from Netlify , a cloud computing company that provides hosting services, due to a DDoS attack launched on his site due to network bandwidth overload. I am reporting that I have received a claim.

In February 2024, Mr. Atsh received an email from Netlify stating that ``$104,500 in billing is overdue.'' Mr. Atsh said, ``At first I thought it was a joke or a common scam email, but when I actually checked the Netlify dashboard, I found out that a $104,500 charge had actually been made to a site I run. 'I did it,' he said. Below is part of the email actually delivered to Mr. Atsh.

According to Mr. Atsh, his site only receives about 200 visitors a day, which can basically be covered by Netlify's

free tier , and in the four years he has been implementing Netlify, his monthly traffic has increased. It has never exceeded 10GB. However, as a result of a DDoS attack against Mr. Atsh's site, there was a total of 190 TB of traffic over four days, and the peak traffic on February 16, 2024 reached 60.7 TB in one day.

Netlify stipulates that charges due to excess bandwidth will be ``$55 (approximately 8,200 yen) for every 100GB,'' so as a result, Mr. Atsh was billed $104,500. .

When Mr. Atsh contacted Netlify support, it turned out that the excessive traffic this time was due to a DDoS attack, as Mr. Atsh suspected. However, Netlify told Mr. Atsh, ``Such cases are common, and we normally offer a 20% discount to customers who have been overcharged due to a DDoS attack.However, in Mr. Atsh's case, Since the amount is too large, we will reduce the price to 5000 dollars (approximately 750,000 yen), which is 5% of the invoice amount.'' Below is the email sent to Mr. Atsh from Netlify support.

Mr. Atsh was angry at Netlify's response. “Given that Netlify is a serverless platform, why doesn’t it have protection against DDoS attacks?Also, there should be a mechanism in place to alert users when usage spikes, but the mailbox ``I checked and found no information,'' and ``I think this is close to a scam.''

According to Mr. Atsh, the perpetrator of the DDoS attack concentrated on the files of Mr. Atsh's site. Mr. Atsh said, ``Certainly, I am also responsible for not using an audio file sharing service like

SoundCloud and leaving the 3.44MB audio file on the site as it is,'' and ``Still, this kind of DDoS 'No site or user property should be left unprotected from attack.'

Mr. Atsh has not paid any fees to Netlify at the time of writing the article. Furthermore, Mr. Atsh said, ``I learned from this incident and will never use Netlify again,'' and reported that he has migrated to Cloudflare.

In addition, on the online bulletin board Hacker News, Netlify CEO

Matt Bielman reports that ``This charge of $5,000 against Mr. Atsh has been invalidated.'' Biermann added, ``At Netlify, our policy is not to forcefully shut down sites operating on the free tier during periods of spikes in traffic, but rather to waive charges for subsequent users. We apologize for the inconvenience in the initial response from support.'

After that, Mr. Atsh received a notification from Netlify that the charges would be waived. Atsh said, ``I'm curious about who was in charge of this attack.''