Hi Vercel team,
I’m a solo developer working on my first Saas project (pulsarmind.app). I’ve been building & testing it for 4-5 months on Vercel’s free plan with zero issues.
Yesterday I have decided it is a time to start beta to validate app, so i have purchased domain through vercel, set up necessary things and invited my cousin as 1st beta tester. Everything worked great so i went sleep with a plan to start looking for potential beta users on social media apps. Well, as a someone who is doing this for the 1st time i have not thought of AI bots, firewall and protection of app. Overnight, my project was paused due to exceeded limits:
- Function Invocations: 2.2M / 1M
- Edge Requests: 1.5M / 1M
- Fast Origin Transfer: 30 GB / 10 GB
After investigating Vercel Observability, I found the cause:
- ClaudeBot (Anthropic): 882K requests
- GPTBot (OpenAI): 125K requests
This was entirely AI crawler traffic, not real users. My app has only 2 registered users and 3 database records.
I have prepared the following fixes:
- Blocking known AI crawlers in middleware with 403 response
- Added robots.ts disallowing all AI crawlers
- Added pattern matching to catch redirect loops
I have also already enabled Vercel Firewall with AI Bot blocking, IP blocking for the top offending addresses, rate limiting and custom rules blocking weird path patterns.
The timing is frustrating. I was about to start my beta the next morning. Now I’m looking at a 30-day wait before I can validate whether the product is even worth continuing. If a one-time reset is something that’s possible here, I’d really appreciate it.
Either way, thank you for reading this far.