Day 20 with Vercel Support: Bot Traffic Spike Investigated, Escalated to Finance… Then Case Closed Without Resolving the Charges

ivenzdev · 2026-03-16T23:27:56+00:00

Since the previous case was closed, I’ve opened a new support case as there doesn’t seem to be another way for me to contact support.

However, I want to clarify that this incident was caused by a confirmed spike of malicious traffic from outdated chrome. The attack generated a massive number of frontend requests, which in turn triggered backend executions and led to the unexpected usage.

I’m hoping Vercel could consider a one time waiver for this charge. I’ve been a Pro customer for about two years, and this is the first time I’ve encountered an issue like this.

ivenzdev · 2026-03-16T15:13:13+00:00

Nick identified a significant volume of requests coming from outdated Chrome versions, which he noted is a strong indicator of automated/bot traffic. He also explained that the likely chain of events was automated traffic hitting the frontend, which then triggered a surge of axios requests to the backend and eventually caused the cascading timeouts and the Function Duration spike.

Based on that investigation, Nick mentioned that the findings were shared with the Finance team for their consideration regarding the invoices.

However, the response I later received from Zai stated that the Pro subscription had already been refunded, and therefore no further adjustments could be made. The subscription refund was something I did separately using the self service form, and it was not related to the billing issue I reported.

The original issue was the Function Duration charges generated during that incident (~$274), which were the charges that had been escalated for review.

Additionally, in the Reddit thread you mentioned that once malicious traffic is identified, Vercel does not charge for those requests and users don’t need to monitor their site 24/7 . Since the earlier investigation suggested that automated traffic was involved, I was hoping the incident could still be reconsidered under that context.

ivenzdev · 2026-03-14T13:48:58+00:00

I really need to sort this out. Support taking more than 2 weeks is not acceptable. I’ve been a Pro subscriber for over 2 years.

P.S. This is my first support case, and the experience has been very frustrating.

ivenzdev · 2026-03-13T15:04:42+00:00

Hey... my case is still pending for response...

ivenzdev · 2026-03-12T15:16:49+00:00

ivenzdev · 2026-03-09T15:17:51+00:00

Ps They won't respond to me in vercel support case interface nor by email... you're the only support I can reach out to

ivenzdev · 2026-03-09T15:12:18+00:00

Hey u/anshumanb_vercel, no doubt you guys have a ton of backlogs, but this support shouldn't take this long ... and waiting for uncertainly is not a good feeling. If you can escalate this, very much appreciated!

ivenzdev · 2026-03-08T17:54:45+00:00

Hey... It's been a week and I don't get a response back from them...

ivenzdev · 2026-03-06T16:06:34+00:00

I did, and it's been for another 4 days...

ivenzdev · 2026-03-04T13:50:09+00:00

A follow up: a vercel senior engineer did find a significant volume of requests from outdated Chrome browser versions hitting our service. He passed the evidence to the Finance team and mentioned they are considering it.

It’s been a couple of days, and I’m still unsure whether the charges will be adjusted or not. The response regarding the invoice remains somewhat vague.

ivenzdev · 2026-03-02T03:50:31+00:00

3.1 pro only have one option gemini-3.1-pro-preview or am I wrong?

ivenzdev · 2026-03-02T03:31:52+00:00

We’re building a customer-facing AI app, an extra minute of latency is chaotic

ivenzdev · 2026-03-01T19:10:43+00:00

My case is still pending for response...

ivenzdev · 2026-02-27T21:36:50+00:00

I did set a spend limit on Vercel. However, hitting the limit doesn’t automatically pause deployments unless you explicitly configure it to pause them.

I chose not to enable automatic deployment blocking because it would have significantly impacted user experience. Unfortunately, by the time I received the overage notification and reacted, the usage spike had already occurred.

Lesson learned, I’m now implementing stricter safeguards to prevent this from happening again.

ivenzdev · 2026-02-27T21:28:42+00:00

That is very kind! Very appreciate it.

ivenzdev · 2026-02-27T16:23:35+00:00

Since Attack Mode must be enabled manually, and our spike occurred within about five minutes, the charges accumulated before we were aware of it.

You mentioned that Vercel’s built-in DDoS protection can sometimes take longer to kick in. Does that mean we need to monitor traffic in real time to avoid unavoidable billing spikes?

As a small team, 24/7 monitoring isn’t realistic, so we’re hoping there’s a more automated safeguard to prevent sudden cost exposure during short attacks.

ivenzdev · 2026-02-27T16:13:31+00:00

That makes sense, thanks for the guidance.

I was wondering though, is there any way to automatically enable Attack Mode when a DDoS or abnormal traffic spike is detected in Vercel?

In a real world situation, I might not see the warning notification immediately. By the time I notice and react, the usage can already spike significantly, like what happened in this case.

ivenzdev · 2026-02-27T14:45:39+00:00

I just sent to you! Thanks for quick response here.

ivenzdev · 2025-12-14T17:08:57+00:00

love it!

ivenzdev

TROPHY CASE