Vercel usage goes unrealistically overboard
Answered
piscopancer posted this in #help-forum
I monitor the usage of my site projects every month since last year but i must have done something to my project, namely mkrs, that now there is 24GB of outcoming data and 5.5mln writes to Data Cache. How can i check the history of these responses to investigate on the size of those responses? This is either a bug on Vercel or I in fact exceeded writes to the Data Cache 25 times
Answered by joulev
someone ddos'd your /search/[slug] page
it most likely is cached for each unique slug
so 500,000 different slug values means 500,000 cache writes
it most likely is cached for each unique slug
so 500,000 different slug values means 500,000 cache writes
77 Replies
someone ddos'd your /search/[slug] page
it most likely is cached for each unique slug
so 500,000 different slug values means 500,000 cache writes
it most likely is cached for each unique slug
so 500,000 different slug values means 500,000 cache writes
Answer
@joulev someone ddos'd your /search/[slug] page
it most likely is cached for each unique slug
so 500,000 different slug values means 500,000 cache writes
how can it even be? Can i see their server ip or any other information about them and take measures to stop it? That needs to be dealt with
eg, i never did this request
story of this site is that i parse another site's information to read their pages including reverso context and bkrs.info, both translation services/dictionaries. I assume one of them decided on "fighting back" or somthing oh god that's hilarious
@piscopancer how can it even be? Can i see their server ip or any other information about them and take measures to stop it? That needs to be dealt with
unless you had it logged, no i doubt you can retrieve it
i have axiom set up, then i can simply see requests coming in with quite some info like
{
"request": {
"ip": "xxx.xxx.xxx.xxx",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
},
"vercel": {
"environment": "production",
"geo": {
"city": "Singapore",
"country": "SG",
"latitude": "1.2868",
"longitude": "103.8503",
"region": ""
},
"projectId": "prj_u8Atd55Oiw8LObdxF0AJDCF3u4h2",
"route": "/blogs",
"source": "web-vital",
"userName": "joulev"
},
"webVital": {
"id": "v3-1716972824026-6571316516484",
"label": "",
"name": "TTFB",
"startTime": 0,
"value": 767
}
}wow, ip should be vital info
because my vercel logs show none of ips
intereseting, my site is used by like 5 of my friends who learn chinese but logs show that a bunch of requests is made within a second... is it 100% case of ddos then?
everything points to an attack now
yes it is a ddos
what can i do?
from your experience
i mean... no way 5 of your friends can make 500,000 write requests to the cache in a reasonable amount of time right?
@piscopancer what can i do?
well, protect your site from ddos, naturally
ok, got it, but first i should remove the deployment
removing it wont help, vercel will still charge you if you are on a paid plan
on a free plan then maybe just disable all the apps first and wait till the end of the month
i mean i do not want to overwhelm vercel with bots
i am on hobby plan
imagine what they think about me and my profanity and ignorance
i thought vercel had their own tool for parrying ddos
well that tool, as expected from a premium service, is only available to paid customers
oh noo
last time i checked, it was for enterprise plan only
1k/mo or more
vercel do not give me the tool that would have protected their own servers from bots and.... 24gb of data to be sent
thanks a lot
ok
i am going to read cloudflare docs and remove mkrs deployments because i do not want my site avaliable now
@piscopancer vercel do not give me the tool that would have protected their own servers from bots and.... 24gb of data to be sent
to be fair, vercel do give you the tool, except you have to pay
and if you dont use the tool, you also have to pay (for paid plans) or have your apps suspended (for free plans)
normal business tactic
and if you dont use the tool, you also have to pay (for paid plans) or have your apps suspended (for free plans)
normal business tactic
my design mkrs.vercel.app should have been suspended a long ago, but it's still running with 24gb of data sent already
why...
are they "not in the mood" to suspend it
anyway, that's none of my worries right now
i should integrate cloudflare as soon as possib;e
i think suspension is only for when your app consumes a lot of resource (i suppose 500k is more than the limit but still not enough for them to do it yet), or do it repeatedly (say this month you hit limit, next month also hit, then high chance they will send you a warning email)
well, maybe that's still not sufficient
i've seen not one, not two, not three. probably at least ten separate incidents of ddos on vercel already
Netherland Dwarf
@joulev i thought vercel has a firewall now?
Everything from cloudfare now vercel has since next 15
Netherland Dwarf
In recent they allow you to ban ip address or ban by user agent
@Netherland Dwarf https://youtu.be/t-U6vTrx_9Y?si=ETpcon_uWwWe8xm6
wow looks like i was just in time to get ddosed for the first time and have vercel introducing firewall
Ban ip/ua is good to stop an ongoing ddos but I doubt it will be effective against future ddos. Vercel already has ddos protections for all projects prior to this new firewall thing but as shown it wasn’t effective in this case
when joulev directed me to turn on challenging mode, it was Firewall tab where this button reside
Even Cloudflare isn’t truly effective. My company is still ddos’d every week, despite it staying behind cloudflare. So Vercel ddos protection for hobby team doesn’t look sufficient
@joulev Even Cloudflare isn’t truly effective. My company is still ddos’d every week, despite it staying behind cloudflare. So Vercel ddos protection for hobby team doesn’t look sufficient
why would your company be ddosed? are these malicious people envious or competitors?
or personal hatred? xd
We don’t know but it’s usually competitors
But it’s just normal occurrence now so we don’t worry much. We just cache things in a way that no matter how much you hit, we only run expensive processes once in a while (ISR)
Not applicable to OP’s case though
And we don’t host on Vercel :P don’t wanna get bankrupted
Cloudflare Pages instead
heh
Netherland Dwarf
@joulev so by default verce pages are cached doesnt that prevent ddos or memory usuage?
In the vase of pisco the OP case he had 500 caches
From the ddos
@Netherland Dwarf <@484037068239142956> so by default verce pages are cached doesnt that prevent ddos or memory usuage?
in the OP case the pages are cached but the ddos made the site cache too many things
and cache items are counted in the bill
cache does nothing to prevent ddos. cache only helps reduce computation time, which is also metered in the bill, and downtime
Netherland Dwarf
Oh okay thank you- i think im going to make a post on this as i have more questions on the proper way to handle these ddos attacks