Selfhosted

60074 readers

657 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

Using a VPS for ddos protection? (lemmy.dbzer0.com)

submitted 1 week ago by kylian0087@lemmy.dbzer0.com to c/selfhosted@lemmy.world

19 comments fedilink hide all child comments

Hello guys, so I have been self hosting a bunch of stuff for some years now. But I want to increase the protection of the services I host.

I was thinking of using a VPS just for ddos protecting my services like game servers, web servers, email etc.

Any suggestion on how to set this up well? I was thinking of routing all traffic from the VPS back home with wireguard. My connection is gigabit so I don't think the performance impact will be too big, any suggestion on which proxy, VPS and other things to use?

you are viewing a single comment's thread
view the rest of the comments

[–] Maroon@lemmy.world 5 points 1 week ago* (last edited 1 week ago) (1 children)

If you see my old posts, you'll see that I had this exact concern.

I have since learnt that pulling a DDoS attack is actually quite resource intensive / expensive to the deployer as well, and unless you believe that you are being targeted because of something very valuable you host or that you have a technically inclined enemy who is specifically out to get you, you should be fine. Have a good think about your threat model.

With regard to bots, scrapers and the likes, yes, they are a real pain. That can be tackled with Anubis + BadBotBlocker + Fail2Ban + some custom rate limits.

I assume you are a lot more experienced than me based on the number of things you have listed to have self hosted. I feel a well configured reverse proxy with the tools I suggested will take care of 95% of all your not and scraper related worries.

[–] lemongarlic@lemmy.world 1 points 1 week ago (1 children)

Wouldn't anubis be effective against DDOS attacks?

[–] non_burglar@lemmy.world 1 points 1 week ago (1 children)

No, Anubis creates a throttle to stop ai scrapers from taking down https web resources.

[–] lemongarlic@lemmy.world 1 points 1 week ago (1 children)

Sure but I would think Anubis would also somewhat stop DDOS attacks since clients need to pass Anubis to access the website and across a DDOS swarm that would use up significant resources.

[–] non_burglar@lemmy.world 3 points 1 week ago* (last edited 1 week ago)

DDOS attacks do not always happen on https, though. You can overwhelm a system with DNS, NTP, or even just malformed packets. Anubis would do nothing for this.