this post was submitted on 13 Jul 2023
5 points (100.0% liked)

Self Hosted - Self-hosting your services.

11440 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
 

I self host all of my services but utilize a VPS as a gateway for access. Primarily to allow access to a media server and file storage for friends and family.

Recently I’ve been shut down by my VPS provider on multiple occasions because they claim my server was DDoS’d at 2gigabits/s. I don’t see any evidence of this in my logs.

Regardless, I set up Traefik proxy to geoblock any IPs outside of my country. Literally a few mins after doing so and confirming via VPN that it was working I got shut down and received an email that my network was severed temporarily due to a DDoS Blackhole event.

The questionable nature of their detection system aside, it’s got me wondering…does ip blocking actually help mitigate DDoS attacks?

The server still needs to process the incoming connection before it filters it, so I’m assuming the attack is still accomplishing it’s intent which is to overload the server. Can somebody more knowledgeable provide some insight?

you are viewing a single comment's thread
view the rest of the comments
[–] DrJenkem@lemmy.blugatch.tube 3 points 1 year ago (5 children)

Setup cloudflare, I believe the free tier includes ddos protection. Then setup your ingress to only allow cloudflare IPs, either with iptables or even better if your vps supports it with a network policy.

[–] brownmustardminion@lemmy.ml 3 points 1 year ago (4 children)

I appreciate the tip but as a privacy minded self-hoster I try to avoid companies like cloudflare. Surely there has to be a way to diy DDoS protection?

[–] deadbeef@lemmy.nz 2 points 1 year ago

A 2 gigabit event isn't big enough to be considered a real attack, a service like cloudflare can sink a 2 terrabit attack every day of the week.

Building a DDoS protection service ( that isn't just black holing traffic ) starts with having enough bandwidth to throw away the attack volume plus keep your desired traffic working and have a bit of overhead to work your mitigation strategies.

What this means is to DIY a useful service you start by buying a couple of terrabits of bandwith in 'small' chunks of a hundred gigabits or so in most peering locations around the globe and then you build a proxy layer like cloudflare on top of it with a team of smart dudes to automate outsmarting the bad guys.

I don't like cloudflare either, but the barriers to entry in this industry are epic.

load more comments (3 replies)
load more comments (3 replies)