this post was submitted on 12 Aug 2023
-18 points (36.4% liked)

Selfhosted

39937 readers
410 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
-18
ADMIN, isn't it time to move from lemmy.world? (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by peregus@lemmy.world to c/selfhosted@lemmy.world
44 comments fedilink hide all child comments
 

Every time I try to access this community, ther's some kind of problem with the server. If you have a look at the status page, it's almost all orange/red. The problem aren't DDoS attack since the server is behind Cloudflare protection. Admin/mods, why don't you move this community to a different ~~server~~ instance? I'm not accusing anybody, I know that maintain a server can be a challenging sometimes, I just want to enjoy this community!

Please!

@Loki

you are viewing a single comment's thread
view the rest of the comments
[–] krayj@sh.itjust.works 2 points 1 year ago* (last edited 1 year ago) (1 children)

By claiming that the problem isn't DDOS, you're just advertising your ignorance. Cloudflair is outstanding for protecting static web content against DDOS, and Lemmy.world is well protected against that. The problem is certain dynamic pages and api calls that can only be rendered from costly realtime dynamic database operations...those are the url that the DDOS attackers are focusing on and those are the kinds of content that cannot be easily protected by cloudflair.

Your premise, though, is still accidently correct. The way to mitigate instances being targeted by DDOS is to spread the user base and community hosting across a vast number of instances so that no one instance is such a rewarding target for DDOS attack.

[–] peregus@lemmy.world 1 points 1 year ago

You're right about my ignorance about Lemmy, I'm a user on this federated ...thing and I know nothing ahout the Lemmy server. Being in a selfhosted community your answer is what I was expecting (maybe with less attack). The API are used only by the federated instance or also by the smartphone apps? For what I see, it seems to be the former, and, if it really is so, the API calls could be allowed only by those server and blocked from everyone else, Cloidflare WAF can do this. I know that the servers are a lot, but it could be possible to insert in the WAF all the IPs of the federated instances. ...or not?