Thank you for preventing auto-pause after the Nov 24 attack. I’ve kept all recommended protections active and monitoring daily.
Second Attack - Dec 8, 2024:
Project: multivest-engine
Plan: Hobby (Free Tier)
Attack Summary:
-
Edge Requests: Massive spike (~3.9M requests in one day vs normal <1,000/day)
-
Fast Data Transfer: Significant data transfer spike
-
Pattern: Sudden burst from single location, then immediately stopped
-
Behavior: Clearly automated/bot traffic, not legitimate users
Current Status:
-
Edge Requests: Exceeded 1M monthly limit
-
Fast Data Transfer: Exceeded 100 GB monthly limit
-
Post-Attack: Traffic returned to normal levels immediately
Protections Active:
-
WAF rate limiting and bot blocking rules implemented Nov 24 (enhanced since Nov 24)
-
Optimized caching headers
-
robots.txt and X-Robots-Tag headers
-
Source maps disabled
-
Attack Challenge Mode enabled
Requests:
-
Can auto-pause be prevented again given this is a second attack?
-
When do free tier limits reset? (Billing section shows blank in dashboard)
-
Can these attack spikes be credited/waived as they’re clearly malicious?
-
Any additional recommendations to prevent future attacks?
Both attacks followed the same pattern: sudden spike, single source, then stops. This suggests coordinated bot attacks rather than legitimate traffic.
I’m continuing to monitor and maintain all protections. Thank you for your support.