Welcome to 2025

if you can provide me a better way to keep my homelab from getting DDoSed every five minutes then by all means, please share it

Just put it behind a wireguard server and don't expose any ports?
If you absolutely must expose some stuff, get a cheap 3$/mo vps that connects via wireguard to your home and setup a reverse proxy? They almost all come with DDoS protection.
- Conservatives will get really upset once they realize you are changing genders
- What's a good VPS provider for privacy enthusiasts?
@DaPorkchop@lemmy.ml @memes@lemmy.world Is that an actual issue or a hypothetical one? I've never had an attack in 10 years of publicly hosting stuff.
- As someone else who used to host via an open port, you get random connections all the time. Almost constantly and the request paths make it obvious they are scanning for vulnerabilities. Via cloud flare the number of those requests is much lower, as they have to know at least the DNS to do so, (and can't guess it from a presented SSL cert.)
- It's the reason I set up cloudflare in the first place, so yeah. I was getting SYN flood-ed to the point that my router would just crash almost immediately, and after rebooting it the attack would resume after a minute or two.
https://anubis.techaro.lol/
You don't need Cloudflare.
- That doesn't help against a SYN flood.
- Awesome project, but that's just one of many features CF offers. Most people I suspect rely on tunnels more than bot protection.
Is you homelab getting ddosed constantly?
I had had it for years and never ever got ddosed.
Are you sure it's actually ddos and not just the typical bots scanning for vulnerabilities? Which are easy defended for by keeping updated.
It's weird as a DDOS is not something that's just happens, it's a targeted attack. It's a rare occurrence that someone decided to attack a homelab.
- I spent multiple days getting SYN flooded to the point my router would crash and reboot over and over, and it stopped the moment I set up cloudflare and asked my ISP to change my IP. This was the instance which pushed me over the edge, but there had been smaller attacks lasting a few minutes each for years leading up to this.
Anubis:3
Host your own cloud worthy anti DDOS solution with fail2ban /s
- Honest question, why the /s?
i dont understand why people hate cloudflare so much. Do they see the cloudflare logo when a server is down and assume its CFs fault?
If you didn't piss off one of the big bot groups, then you have likely a configuration issue.
Crowdsec+pangolin maybe? I would actually like to hear people's thoughts on this.

I deadass got a cloudflare error after reopening this post:

cloudflare ddos protection is cetralization?

About 20% of global traffic is routed through Cloudflare so unfortunately Cloudflare is very much a massive case of centralization.
A Cloudflare outage would affect a huge number of websites and services and they have some degree of control over the way you host your and use their services.
- Yeah, did people forget the last big Cloudflare outage already? A good chunk of all big services went down simultaneously. Discord, Amazon, Twitter and even the PS and Xbox consoles networks lmao.
- How long before a website not behind something Cloudflare is considered suspicious or unwanted
- Isn't it pretty easy to just disable cloudflare?
Yes, use a competitor at least.

Don't forget your SSL certificate to prevent man-in-the-middle attacks. 🤪

Don't forget to have the SSL certificate supplied and managed by Cloudflare, of course 🤫
- mTLS would solve your entire man in the middle problems.

Though I'm not a big fan of centralization, I use cloudflare. Their DDoS protection is unmatched, they have scraping protection, and just in case they decide to screw their users over, switching to another service is trivial.

moms 🙄

I mean I don't really have a choice because i don't see a better way to put my home server on a url because I live in a dorm and can't port forward or get a static ip

This is what I use: https://github.com/fosrl/pangolin
Creates a wireguard connection from your home server to a vps, which then exposes it to the public using a traefik reverse proxy.
If you don't have a static IP, how did you get a domain?
- That's what they're saying. They're dependent on cloudflare who offer a DNS service that routes traffic to one of their static ips, down a tunnel initiated by the server without an IP address.
- I use cloudflares tunneling service cloud flared which allowes me to have the service running on my home server and then cloudflare will automatically make the subdomains point towards the ip

Mole vpn

I unfortunately use cloudflare. They apparently charge the same price they pay for domain names.

What better options do we have? I really want to know.

Alright who actually ARE cloudflare? I'm seeing them on every website but idk who they are

I use Cloudflare Turnstile because hosting without it is just begging for bots to join my service.

Yeah well if it weren't for all of the LLM bots and scrapers in general and of course all the Russian and Chinese hackers (they may mostly be script kitties, but they're still annoying), we wouldn't need cloud flare. But they do exist so we don't really have a choice.