Selfhosted

60093 readers

762 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.
Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

Using a VPS for ddos protection? (lemmy.dbzer0.com)

submitted 1 week ago by kylian0087@lemmy.dbzer0.com to c/selfhosted@lemmy.world

19 comments fedilink hide all child comments

Hello guys, so I have been self hosting a bunch of stuff for some years now. But I want to increase the protection of the services I host.

I was thinking of using a VPS just for ddos protecting my services like game servers, web servers, email etc.

Any suggestion on how to set this up well? I was thinking of routing all traffic from the VPS back home with wireguard. My connection is gigabit so I don't think the performance impact will be too big, any suggestion on which proxy, VPS and other things to use?

you are viewing a single comment's thread
view the rest of the comments

[–] Maroon@lemmy.world 5 points 1 week ago* (last edited 1 week ago) (1 children)

If you see my old posts, you'll see that I had this exact concern.

I have since learnt that pulling a DDoS attack is actually quite resource intensive / expensive to the deployer as well, and unless you believe that you are being targeted because of something very valuable you host or that you have a technically inclined enemy who is specifically out to get you, you should be fine. Have a good think about your threat model.

With regard to bots, scrapers and the likes, yes, they are a real pain. That can be tackled with Anubis + BadBotBlocker + Fail2Ban + some custom rate limits.

I assume you are a lot more experienced than me based on the number of things you have listed to have self hosted. I feel a well configured reverse proxy with the tools I suggested will take care of 95% of all your not and scraper related worries.

[–] lemongarlic@lemmy.world 1 points 1 week ago (1 children)

Wouldn't anubis be effective against DDOS attacks?

[–] non_burglar@lemmy.world 1 points 1 week ago (1 children)

No, Anubis creates a throttle to stop ai scrapers from taking down https web resources.

[–] lemongarlic@lemmy.world 1 points 1 week ago (1 children)

Sure but I would think Anubis would also somewhat stop DDOS attacks since clients need to pass Anubis to access the website and across a DDOS swarm that would use up significant resources.

[–] non_burglar@lemmy.world 3 points 1 week ago* (last edited 1 week ago)

DDOS attacks do not always happen on https, though. You can overwhelm a system with DNS, NTP, or even just malformed packets. Anubis would do nothing for this.