High bill for Sanity
Hello all,
Recently, the invoices of our Sanity started to increase (see image 1). The used framework is Next.js (hosted on Netlify). First, we paid less than 50 euros, but now we get wills of 300 or even 700 euros. It seems that the Bandwidth (see image 2) and the API CDN requests (see image 3) have increased, causing this explosive bill.
I started working on converting the website from Page Router to App Router on December, 20th (and I have to find my Theo Twitch clip to see when I was done), but the Sanity increase already started in November, so the conversion will likely not be the cause. According to Google Analytics, there is no increase of traffic on the website. It even seems that less people visited the website than the months before.
What could possibly the problem? Please ask if you want the domain address of some snippets of code.
Thanks in advance
Ben
6 Replies
Okay, I shipped on December, 27th.
Okay guys, some update on this... I downloaded the Sanity logs of the last 7 days and wrote a script that analyzed the data. This analysis script counted every occurence of a specific URL, IP, User-Agent, HTTP Status Code, etc. When this script was done, I looked at the count numbers and found out that there was one IP that did 11 million requests with his Firefox browser. The IP was coming from Ede, The Netherlands.
Luckily, I had written a script that logged the IP address of customers when they opened the invoice. The IP was logged, so that we could filter out salesmen that accidently opened they invoices themselves. I put the found IP address in our CRM and voila: one customer popped up, located Veenendaal, The Netherlands. (See image)
I asked my sales colleague to contact the customer. The customer confirmed that his computer had the page open for some months, so this was likely still the bugged version from November. He also asked my colleague why his Firefox was so slow and if it had something to do with the battery we sold him, but it was actually that one Firefox tab that made 1000 requests a minute. The customer closed the tab and we saw a decline in traffic.
End good, all good.
Seeing my tiny town getting mentioned and then circled around so unexpectedly got me freaked out ngl
This is a crazy story by the way. Over 2k euros evaporated because of an opened tab. Doesn't it mean you are very susceptible to intentional exploitations?
Well, I fixed the bug already in December. I think the only possibility to fix this if I couldn't contact the customer, is asking Sanity to block the IP...
As I understand, you mean the bug on the client, but what if I just replicatex the request your client 've been sending and I'll start making thousands expensive requests a minute? There seems to be no limiters on your backend
Possibly, but Sanity has some CORS settings. Maybe that does some things.
Else, if that doesn't help, everyone using Sanity API on client-side is actually fucked.