Serverless to Homeless - Case study

Mehul - Codedamn

14 Mar 202410:28

Summary

TLDRThe video discusses a case where a user received a $100,000 bill from Netlify for a static website, highlighting the issue of unexpected costs with cloud service providers. It explores the possibility of a Distributed Denial of Service (DDoS) attack and the lack of automatic DDoS protection, comparing bandwidth costs across different providers. The video emphasizes the importance of being aware of service tiers and potential expenses, and ends with Netlify waiving the charges after public discussion, raising questions about trust and transparency in cloud platforms.

Takeaways

📈 A user received a $100,000 bill from Netlify for a static website, highlighting a potential issue with cost management and unexpected expenses.
🚀 Static websites are typically expected to have minimal costs, with some providers offering pro plans that include unlimited bandwidth within certain tiers.
💸 Overshooting the included resources in a plan, such as serverless compute or bandwidth, can lead to significant charges based on the provider's rates.
🌐 The incident at Netlify (nlii) involved a single day with 60 terabytes of bandwidth usage, which is highly unusual and indicative of a possible DDoS attack.
💰 Comparing costs, Netlify charges $55 for 100 GB of bandwidth, which is significantly more expensive than cloud providers like Hetzner or AWS.
🛡️ Lack of automatic DDoS protection can be a vulnerability; however, some providers offer emergency DDoS modes to help mitigate such attacks.
🔧 The user's website was affected by a DDoS attack focused on a single file, possibly an audio clip, leading to massive data transfer.
🌐 Netlify's response suggested hosting music on third-party platforms to reduce bandwidth usage, which may not be ideal for all users needing to host certain assets.
🤝 Netlify CEO eventually responded to the situation on Hacker News, stating that the user would not be charged for the excessive bandwidth usage.
📉 The incident raised concerns about the trustworthiness of platform providers and the potential for being unknowingly targeted by DDoS attacks.

Q & A

What was the initial bill amount that the user received from Netlify?
-The user initially received a bill for almost $104,000 in USD from Netlify.
What type of website incurred such a high bill?
-The high bill was for a simple static website, which typically should have minimal to no hosting costs.
How did the user initially react to the bill?
-The user initially thought it was a joke or a scam, but after checking their dashboard, they realized it was a legitimate overdue bill.
What is the usual cost for a pro plan on platforms like Netlify or Vercel?
-The usual cost for a pro plan on platforms like Netlify or Vercel is around $20 a month, with an uninterrupted tier included.
What caused the user to exceed the plan's bandwidth limit?
-The user was charged for exceeding the bandwidth limit due to a spike in traffic, with 60 terabytes of bandwidth used in a single day.
How does the cost of bandwidth on SaaS platforms like Netlify compare to cloud providers?
-SaaS platforms like Netlify charge significantly more for bandwidth compared to cloud providers. For example, Netlify charges $55 for 100 GB, while cloud providers like Hetzner and AWS have much lower rates or even offer free tiers for certain amounts of traffic.
What is the issue with automatic DDoS protection on these platforms?
-Automatic DDoS protection is difficult to implement because it's challenging to differentiate between legitimate and malicious traffic during a distributed denial-of-service attack.
What did Netlify suggest as a solution to prevent such high costs in the future?
-Netlify suggested hosting music on third-party platforms like YouTube, Bandcamp, or SoundCloud to reduce bandwidth usage, regardless of the site's popularity.
How did the user feel about Netlify's response to the situation?
-The user disagreed with Netlify's response, feeling that the platform was placing blame on the user and not providing adequate solutions for such incidents.
What was the final outcome for the user who received the $100,000 bill?
-Netlify's CEO responded on Hacker News, stating that 100% of the charges were removed and that their policy is not to shut down free sites during traffic spikes that don't match attack patterns.
What concerns do users have about the transparency and fairness of billing practices on these platforms?
-Users are concerned that they cannot verify the legitimacy of the charges or protect themselves from potential fraudulent activities by the platform, as the databases and billing systems are controlled by the platform companies.