[▲ Vercel Community](/) · [Categories](/categories) · [Latest](/latest) · [Top](/top) · [Live](/live) [Help](/c/help/9) # Vercel doesn't recognize 160k requests in a day by one IP as a bot 35 views · 3 likes · 7 posts Servinlp (@servinlp) · 2026-03-02 <!-- Questions that get answered the fastest are the ones with relevant info included in the original post. Be sure to include all detail needed to let others see and understand the problem! --> I just got notified that our plan was already at 75% of our usage and when looking into it, it seems one of our websites is being targeted in a DDOS attack as the 160k requests that have happened in the last day have been from one IP address. My question is, how the hell does Vercel not look at this and think, hey this might not be right? Or am I thinking to highly of Vercel now? <!-- Current versus Expected behavior --> <!-- Code, configuration, and steps that reproduce this issue --> <!-- Project information (URL, framework, environment, project settings) --> Pauline P. Narvas (@pawlean) · 2026-03-02 Vercel does have automatic DDoS protection at multiple layers, but some sophisticated bots can bypass basic detection. You should do this immediately: **Enable Attack Challenge Mode** It is specifically designed for situations like this, it's your best immediate defense against ongoing attacks while preserving legitimate traffic. https://vercel.com/docs/vercel-firewall/attack-challenge-mode Additional steps: - Check Observability → Edge Requests to identify the attacking IP and patterns - Create custom WAF rules to block the specific IP: Firewall → Custom Rules → Add Rule - Set up Spend Management alerts to prevent hitting your limit - Consider enabling the Bot Protection Managed Ruleset for ongoing protection https://vercel.com/docs/vercel-firewall/vercel-waf/custom-rules Anshuman Bhardwaj (@anshumanb) · 2026-03-02 Hi @servinlp, welcome to the Vercel Community! I'm sorry that you're facing this. Could you share the project ID and team ID where this is happening? I'll have our Firewall team take a look at it as to why the DDoS protection wasn't activated. Servinlp (@servinlp) · 2026-03-02 · ♥ 1 Project ID is prj_UuVpRqtbvKvmaXuo9WU8CFVwC4f6 Team ID is team_AJwuTX39g6monkXBZ32LV9tS Servinlp (@servinlp) · 2026-03-02 · ♥ 1 I’ve for now been able to stop it by enabling Bot Protection and adding a custom rule for that specific IP address which seems to work (for now). But I’m currently still monitoring. Pauline P. Narvas (@pawlean) · 2026-03-02 · ♥ 1 Cool - keep us updated! Anshuman Bhardwaj (@anshumanb) · 2026-03-02 Thanks @servinlp for sharing these details. As I can see, the traffic rose once and then stayed there. I think maxing around ~9K requests per hour. While not much when we compare it to other DDoS attacks, I think it certainly was an off pattern for your projects. I'll share this feedback with our team. I see that your Firewall rules are correctly dodging this traffic now.