Not use a hosting provider that charges by the amount of traffic?
This appears to be an extreme edge case but overall there is nothing preventing you from waking up to such a huge bill if your site turns into the most popular page on the internet over night.
I didn’t even think commercial host providers would do this.
The only service I knew about that had limit to transferred amount of data was grex.org, a non-commercial public unix shell. It had limit of 10MB/day for your web page, but it also didn’t allow stuff like images.
However, that wasn’t anything commercial. And I think before the shutdown it was just a single computer sitting in someone’s basement.
Our support team has reached out to the user from the thread to let them know they’re not getting charged for this.
It’s currently our policy to not shut down free sites during traffic spikes that doesn’t match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
Apologies that this didn’t come through in the initial support reply.
Would Netlify forgive the bill if this didn’t go viral?
How do you plan to address this issue so that it never happens again?
Everyone here knew someone from Netlify would come and say OP wouldn’t have to pay. That was a given. Now we want to know the important answers.
Answer by CEO:
Yes. We’ve forgiven lots and lots of bills over the last 9 years and they haven’t gone viral
While I’ve always favored erring towards keeping people’s sites up we are currently working on changing the default behavior to never let free sites incur overages
You can put the site behind cloudflare for DDOS protection. Unfortunately, it’s not good for user privacy and it will make the site difficult to access over VPNs, proxies, and TOR.
Netlifiy is very expensive for bandwidth and the free bandwidth can be exceeded very quickly. I would look for something with a hard bandwidth cap. Then your site will just go offline if the bandwidth is exceeded.
Unfortunately, it’s not good for user privacy and it will make the site difficult to access over VPNs, proxies, and TOR.
Difficult, but not impossible (unless the site owner also goes and futher implements additional measures like ASN blocking for known proxies/VPNs/etc), just solve a captcha and you should be on your way pretty much.
I use Netlify to host my frontend projects and portfolio. Does anyone have a way to prevent something like this?
Not use a hosting provider that charges by the amount of traffic?
This appears to be an extreme edge case but overall there is nothing preventing you from waking up to such a huge bill if your site turns into the most popular page on the internet over night.
I didn’t even think commercial host providers would do this.
The only service I knew about that had limit to transferred amount of data was grex.org, a non-commercial public unix shell. It had limit of 10MB/day for your web page, but it also didn’t allow stuff like images.
However, that wasn’t anything commercial. And I think before the shutdown it was just a single computer sitting in someone’s basement.
Not that it helps but the CEO claims they forgive for this type of attack/event. https://news.ycombinator.com/item?id=39521986
And later they were asked if they would have responded if it didn’t go viral. https://news.ycombinator.com/item?id=39522029
Question:
Answer by CEO:
You should take a look at GitHub Pages
You can put the site behind cloudflare for DDOS protection. Unfortunately, it’s not good for user privacy and it will make the site difficult to access over VPNs, proxies, and TOR.
Netlifiy is very expensive for bandwidth and the free bandwidth can be exceeded very quickly. I would look for something with a hard bandwidth cap. Then your site will just go offline if the bandwidth is exceeded.
Difficult, but not impossible (unless the site owner also goes and futher implements additional measures like ASN blocking for known proxies/VPNs/etc), just solve a captcha and you should be on your way pretty much.
I recommend hosting your projects on Cloudflare Pages, as it is a free service provider to the best of my knowledge.
From their FAQ:
It’s insane that a bill like this cannot be prevented.
Its not a bug, it’s a feature.