If your domain name is attacked or abused for data transmission, high bandwidth or traffic spikes may occur. In this case, you may receive bills that are higher than expected. High bills that are generated by malicious attacks or data transmission abuse cannot be waived or refunded. This topic describes how to prevent high bills from being generated.
Dynamic Content Delivery Network (DCDN) is a service that accelerates content delivery and provides basic protection capabilities to ensure the stability of DCDN points of presence (POPs). If no extra security measures are implemented, DCDN cannot identify all attacks or ensure service stability in case of website attacks.
High bills can be generated in the following scenarios:
Scenario 1: Your domain name is under attack
If your domain name is attacked, you are charged for the bandwidth resources that are consumed to defend against the attacks.
Scenario 2: Your website is abused for data transmission
If your website is abused for data transmission, the bandwidth usage may spike. This scenario is similar to Scenario 1. You are charged for the bandwidth resources that are consumed.
Potential risks: high bills caused by attacks or attack-like activities
If an attack occurs, you are charged for the bandwidth resources and data transfer.
If your domain name is abused for data transmission, high bandwidth or traffic spikes may occur. This is similar to an attack, and you are charged for bandwidth resources and data transfer.
If your domain name is under attack, the domain name is added to a sandbox. In this case, DCDN cannot ensure service stability for the accelerated domain name. For more information, see Introduction to sandboxes.
Potential consequences: bills that are higher than expected
If your domain name is under attack or abused for data transmission, the bills may be higher than expected and your account balance may be exhausted.
DCDN charges you based on the resources that you use. In some cases, the service may not be suspended when the account balance reaches 0 due to different billing cycles (by hour, by day, or by month) or bill delays. Bills for DCDN are generated 3 to 4 hours after each billing cycle ends. Therefore, overdue payments may occur or the amount due in a single bill may exceed the overdraft limit.
Alibaba Cloud CDN provides service suspension protection. If you enable service suspension protection, Alibaba Cloud CDN is not suspended before the grace period ends. The grace period or overdraft limit is determined based on your account tier and purchase history. The overdraft limit is reset every month.
To ensure that your DCDN service runs as expected and prevent unexpected high bills, we recommend that you enable protection features to manage network traffic. For more information, see Mitigation settings. The following table describes the features that can be used to manage network traffic.
Enable access control
Referer-based hotlink protection
You can configure a Referer whitelist to allow only requests from specific domain names, such as domain names that are related to your website system. This way, you can identify and filter visitors to prevent unauthorized use of website resources. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
The URL signing feature allows points of presence (POPs) to work with your origin servers to protect origin resources from unauthorized use. This method is more secure and reliable. For more information, see Configure URL signing.
IP address blacklist or whitelist
After malicious attacks or traffic spikes occur, you can use the real-time log analysis and real-time log delivery features to check whether an IP address frequently accesses the domain name. For more information, see and Real-time log delivery. If a malicious IP address is identified, you can configure an IP blacklist or whitelist to block the IP address. For more information, see Configure an IP address blacklist or whitelist.
User-Agent blacklist or whitelist
After malicious attacks or traffic spikes occur, you can use the real-time log analysis and real-time log delivery features to check whether the User-Agent header of a malicious request is a specific value. For more information, see and Real-time log delivery. If the User-Agent header of the malicious request is a specific value, you can configure a User-Agent blacklist or whitelist to block requests that contain the User-Agent header with the specific value. For more information, see Configure a User-Agent blacklist or whitelist.
Enable traffic management
If the daily peak bandwidth of your domain name is greater than 10 Gbit/s and you want to throttle DCDN bandwidth for the domain name, submit a ticket.Important
Bandwidth throttling applies to the overall bandwidth of all services that are hosted by the domain name. To ensure the accuracy of bandwidth throttling, the bandwidth limit must be greater than or equal to 10 Gbit/s.
After the bandwidth limit such as 10 Gbit/s is reached, DCDN limits the bandwidth of the accelerated domain name. The response to all requests is slower, and packet loss may also occur.
Bandwidth throttling is triggered by the real-time monitoring data of the accelerated domain name, which has a delay of approximately 10 minutes. Therefore, bandwidth throttling starts approximately 10 minutes after the bandwidth limit is reached. In this case, the bandwidth of the accelerated domain name may exceed the limit.
If you want to monitor the peak bandwidth of domain names in real time, you can use CloudMonitor. After the bandwidth of a domain name reaches the specified threshold, you are notified of the potential risks by text message, email, or DingTalk message. For more information, see the product page of CloudMonitor.
Spending management and alerts
You can use the following features to monitor and limit the expenses of your Alibaba Cloud CDN service. To configure the features, move your pointer over Expenses in the top navigation bar of the Alibaba Cloud CDN console and select User Center.
Low capacity alerts: If you enable this feature, Alibaba Cloud CDN sends an alert when the balance of your Alibaba Cloud account is less than the alert threshold that you specified.
Service suspension protection: If you disable this feature, Alibaba Cloud CDN immediately stops running after a payment becomes overdue to prevent high overdue payments.
High bill alerts: If you enable this feature, Alibaba Cloud CDN sends an alert by text message when a daily bill exceeds the alert threshold that you specified.
To ensure the integrity of the statistics and the accuracy of bills, DCDN issues the bill approximately 3 hours after a billing cycle ends. The point in time at which the relevant fees are deducted from your account balance may be later than the point in time at which the resources are consumed within the billing cycle. DCDN is a distributed service. Therefore, Alibaba Cloud does not provide the consumption details of Alibaba Cloud CDN resources in bills. Other DCDN providers use a similar approach.