this post was submitted on 03 Aug 2024
7 points (60.0% liked)

Selfhosted

40041 readers
624 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I am considering hosting something and am concerned about DDOS attacks.

I am morally opposed to cloudflare because I think they are an unethical and shitty company.

What privacy focused solutions are there to reduce the likelihood of a successful DDOS attack?

you are viewing a single comment's thread
view the rest of the comments
[–] just_another_person@lemmy.world 18 points 3 months ago* (last edited 3 months ago) (1 children)

You're being downvoted because you're asking another "I want everything, but works exactly to my needs, only the way I want it, and cheap." kind of question.

Cloudflare exists for a reason, as does every other DDOS mitigation platform. If there was a better or cheaper solution, they would be out of business already.

Best you're probably going to do for self-hosting is going to be blackholing abusive connections, but even then you're only going to be able to mitigate so much. Differentiation of mass amounts traffic still takes a massive amount of time and compute.

To add for people who might not be up on the technical aspects: DDOS mitigation works only if you have absolutely enormous amounts of bandwidth and compute resources to intercept and scrub the traffic.

It's not some magic wand someone is waving at a server and poof the DDOS disappears; it still comes into a datacenter, hits a server and is then mitigated before making it to your actual host.

So you have to invest in enough bandwidth and hardware to outscale the largest DDOS you're expecting, which is going to be far less than what's going to REALLY happen, and it has to be available even when nothing is going on.

It's expensive to offer, expensive to run, and only really gets "affordable" at the scale of someone like Cloudflare or Akamai or a hyperscaler.

It's either private, good, or cheap: pick one, maybe two.