How I Stopped a Sudden CDN Traffic Surge with Quick Security Tweaks

Last night I received repeated Tencent Cloud SMS alerts about CDN auto‑renewal, which prompted me to check the CDN statistics. The data showed a sudden, multi‑fold increase in bandwidth (around 60 MB) and traffic.

By examining real‑time monitoring for each domain, I identified the problematic domain and observed the high bandwidth and traffic usage.

Immediate actions taken:

Enabled the traffic anti‑theft configuration in the "Access Control" section, though it initially seemed ineffective because the attacking IP might not yet be in the database.

Downloaded logs from the logging service and discovered that many identical requests originated from a single IP address in Jiangsu: 114.226.31.16 .

Added this IP to the blacklist for the affected domain via the "Access Control" settings.

The result was immediate: bandwidth and traffic dropped sharply.

To ensure the issue stayed resolved, I applied additional configurations:

Anti‑leech whitelist : limited which sites could use my image resources, preventing further abuse of my image hosting.

UA blacklist : blocked requests with a null User‑Agent, which were the majority of the malicious traffic, ensuring that even if the IP changed, the requests would still be denied.

Usage‑cap setting : configured a usage ceiling in the advanced settings so that the CDN would automatically stop when the traffic exceeded a defined limit, providing a safety net against future spikes.

These measures quickly restored normal traffic levels and allowed me to sleep peacefully.

For others running their own sites, it’s important to monitor traffic anomalies, analyze logs to pinpoint malicious sources, and configure appropriate CDN protections such as access control blacklists, anti‑leech rules, UA filtering, and usage caps.