“Since the user opened a ticket with us this past Sunday, we’ve been actively researching this situation. Initially, we thought it might have resulted from a DDoS attack, which we stated in our first response. After some investigating, it looks as though the spike in traffic was not caused by a DDoS after all,” Dorian Kendal, CMO at Netlify, told Cybernews.
Instead, now they believe that this was a sustained download event of an mp3 file over a stretch of multiple days.
“We’re working directly with the user to better understand what’s happening on their end, so we can uncover what caused the dramatic increase in downloads,” Kendal said.
I'm confused, what is this supposed to mean? Some sort of non-distributed DOS attack? How would working with the customer help there? If they're susceptible to a denial of service, isn't that entirely an internal problem?
Fair point. DOS is perhaps the wrong word for it. But from that quote, it sounds like it's a similar behaviour to DOS tactics which involve finding ways to transform a relatively simple request into a large amount of work (or in this case, network traffic) for the server.
They are saying that it wasn't a ddos at all but organic use. The user was notified but did nothing. So they think their notifying stuff isn't good enough.
Sorry, but what exactly is a "sustained download event" supposed to be? It sounds like they're describing some sort of DOS-like attack that isn't a DDOS, where a user manages to force the server to serve up way more data over a sustained period of time than would be reasonable for downloading a single MP3 for normal use.
But maybe that's not what they mean. It's very unclear.
Sorry, but what exactly is a "sustained download event" supposed to be?
I'm pretty sure they're describing something akin to what many small site owners have referred to as 'the hug of death'. If you're a small site that blows up on the front page of lemmy (or an actually large community site), you're going to experience sustained traffic that your site isn't capable of handling (be that at the computer resource or financial level in this case).
Normally the hug of death' just takes you offline when your provider can't handle the load or you blow past your providers thresholds. In this case, that threshold didn't appear to exist and it just kept adding to the bill.
Basically, it was a giant uptick in use that was likely made by human beings instead of a DDoS botnet, and they're still investigating where it came from
I am too. Is the agreement to charge per mb downloaded? Do they not have some sort of "turn it off if I hit this max?* feature?
I usually avoid hosting solutions like this just because of this shit. I wanna know how much I'll owe before the month starts even. Anything else feels like gambling.
Of course they do but they can make 104k if they don't turn it on.
There are plenty of bandwidth restricted hosting sites out there. Sounds like that is what you want. Maximum speed regardless if that's used 24/7 or not. If more users request your site than that bandwidth allows - oh well.