DDoS used all bonus funds

COR3Infra 20

Hello,

Over the weekend, all the bonus $ 200 was debited, how to find out in more detail what happened and why DDoS takes so much money and how it to disable it, I am just starting to develop the project and investigation Azure. Where can I see in more detail what happened and how to disable paid services

Michael Cameron 607 Reputation points

2024-05-27T20:47:27.84+00:00

I think the first place you need to go is here https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit

Once you have set a spending limit you could explore the cost reporting to try and work out what you used your credit on but at least this stops any excessive spending.

Let me know if this helps.
Sander van de Velde | MVP 32,736 Reputation points MVP

2024-05-27T21:02:30.6+00:00

No, this spending limit is set by Microsoft for certain types of subscriptions (like the free version of MSDN version).
KapilAnanth-MSFT 46,676 Reputation points Microsoft Employee

2024-05-28T12:31:34.24+00:00
@COR3Infra ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Azure DDOS is offered in two tiers,

IP Protection tier

Network Protection tier

and you can compare their pricing in Azure DDoS Protection pricing

In either case, you should delete the DDOS resource

NOTE : The DDoS protection costs will still be charged if you only disable the DDoS protection from a virtual network, without deleting the DDoS protection plan itself.

You can follow the steps mentioned by Sander van de Velde to check cost incurred and validate which resource(s) were charged.

P.S :

By default, DDOS tiers are not enabled. They should be explicitly created by a user.

Even without IP Protection or Network Protection, Services running on Azure are inherently protected by the default infrastructure-level DDoS protection

See : Are services unsafe in Azure without the service?

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
COR3Infra 20 Reputation points

2024-05-29T06:53:10.75+00:00

Thank you very much for the quick answers. This is very important information for me.
KapilAnanth-MSFT 46,676 Reputation points Microsoft Employee

2024-05-29T06:56:52.16+00:00

@COR3Infra , Glad we could be of assistance.

Thanks for your continued contribution on Q&A and appreciate much for taking the time to share your feedback.

Accepted answer

Sander van de Velde | MVP 32,736 Reputation points MVP

2024-05-27T21:24:17.5333333+00:00

Hello @COR3Infra,

welcome to this moderated Azure community forum.

You ran into an unfortunate situation. There are multiple angels to this story though.

In a production subscription, the Azure resource spendings are not limited, your production must not be interrupted when suddenly more resources are used.

So, you are lucky you encountered this in a subscription with a spending limit.

Normally you need to set warnings and alerts when you spend more than you expected:

Next, check the DDOS protection offered by Azure (together with the Application Gateway).

The Azure portal also offers elaborate views and forecasts on the costs, typically per resource group of subscription:

Take some time to drill through the cost management per subscription or per resource group.

There are even some free training modules on this topic.

Depending on the resource, you can either disable or delete them if you really want to limit the cost impact (like disabling an Azure Function or disabling a database).

Better is to design your architecture with hacking attempts and how to protect yourself in mind already.

If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.
Please sign in to rate this answer.

1 person found this answer helpful.
COR3Infra 20 Reputation points

2024-05-29T06:53:01.45+00:00

Thank you very much for the quick answers. This is very important information for me.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

DDoS used all bonus funds

0 additional answers

Your answer