this post was submitted on 03 Aug 2024
7 points (60.0% liked)

Selfhosted

40727 readers
469 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I am considering hosting something and am concerned about DDOS attacks.

I am morally opposed to cloudflare because I think they are an unethical and shitty company.

What privacy focused solutions are there to reduce the likelihood of a successful DDOS attack?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 4 months ago (1 children)

Use your common sense. They're not going to expend any significant resources to keep up a free website.

They have a small capacity available for mitigating DoS for free accounts together, while resources last. If you happen to fit in that capacity at any given time that's nice, if you don't, you go down.

[–] [email protected] 1 points 4 months ago (1 children)

Do you have a source for all your claims?

Everything I can find online says that cloudflare DDOS protection is unlimited and unmetered on their free plan. https://www.cloudflare.com/plans/

But honestly, even if you are not prioritised I doubt Cloudflare will ever run out of resources due to ddos attacks. And if they did the whole internet is pretty much down anyways.

[–] [email protected] 1 points 4 months ago (1 children)

Then why do they offer a separate, distinct DDoS mitigation feature on the enterprise plans? And did you notice they call them "mitigation" and not "protection"? 🙂

Look at the description of each one, the free one "stops illegitimate traffic at the edge". Meaning they'll serve from cache, it's not getting through to your actual site. You can get caching from any CDN service, it doesn't have to be CF. All CDN services are distributed and will try to serve for as long as possible because their whole purpose is to deal with traffic spikes.

And if you want to know for how long CF (or any service) will serve from cache and how far they'll go for an account (especially a free account), you want to check the terms of service not the plans. The plans are made to sell to you, the fine print is in the terms.

Anyway, I really don't understand people's obsession with DDoS, particularly self-hosting people. The chances of their little website ever being the target of a DDoS are astronomical. Many of them don't take proper backups, and don't worry about theft or fire or electric spikes, which are far more likely, but go frantic when they hear about features they'll never use.

[–] [email protected] 1 points 4 months ago

Because that is a different feature.

And did you notice they call them "mitigation" and not "protection"? 🙂

Yeah, typo on my part.

You claim that Cloudflare doesn't live up to their words. Please cite where in the terms of services it says that the DDOS mitigation is limited on the free plan or sources of free customers being affected by this. Or are you just saying "read the fine print" without having read them yourself and you are just using that as some magic way to win all arguments?

Anyway, I really don't understand people's obsession with DDoS, particularly self-hosting people. The chances of their little website ever being the target of a DDoS are astronomical. Many of them don't take proper backups, and don't worry about theft or fire or electric spikes, which are far more likely, but go frantic when they hear about features they'll never use.

Yeah, I absolutely agree and I have said that to some in this post. But it's even more worthless to argue about the free plan. It's not like some private person is ever gonna be DDOSed so aggressively that Cloudflare would even notice. If an enterprise (like where I work) is in real need of ddos protection they would already be on the enterprise plan or they would be forced to it by Cloudflare.