847
Welcome to 2025 (content.federation.network)

Welcome to 2025
@memes@lemmy.world

top 50 comments
sorted by: hot top controversial new old
[-] DaPorkchop_@lemmy.ml 136 points 3 weeks ago

if you can provide me a better way to keep my homelab from getting DDoSed every five minutes then by all means, please share it

[-] wildbus8979@sh.itjust.works 63 points 3 weeks ago* (last edited 3 weeks ago)

Just put it behind a wireguard server and don't expose any ports?

If you absolutely must expose some stuff, get a cheap 3$/mo vps that connects via wireguard to your home and setup a reverse proxy? They almost all come with DDoS protection.

[-] jim3692@discuss.online 8 points 3 weeks ago

Conservatives will get really upset once they realize you are changing genders

[-] MummysLittleBloodSlut 6 points 3 weeks ago

What's a good VPS provider for privacy enthusiasts?

[-] sol6_vi@lemmy.makearmy.io 4 points 2 weeks ago

I use Hetzner. Its fine. Boring/10 would use it again I guess?

[-] daniel@federation.network 30 points 3 weeks ago

@DaPorkchop_@lemmy.ml @memes@lemmy.world Is that an actual issue or a hypothetical one? I've never had an attack in 10 years of publicly hosting stuff.

[-] purplemonkeymad@programming.dev 18 points 3 weeks ago

As someone else who used to host via an open port, you get random connections all the time. Almost constantly and the request paths make it obvious they are scanning for vulnerabilities. Via cloud flare the number of those requests is much lower, as they have to know at least the DNS to do so, (and can't guess it from a presented SSL cert.)

[-] sobchak@programming.dev 12 points 3 weeks ago

Yeah, I see random https and other connections all the time blindly scanning for vulnerabilities. Not enough to cause any real problems though. One time I publicly exposed redis or rabbitmq (can't remember which) and didn't set a password, so someone set a password for me :). That's about the worst that's happened to me.

[-] DaPorkchop_@lemmy.ml 5 points 3 weeks ago

It's the reason I set up cloudflare in the first place, so yeah. I was getting SYN flood-ed to the point that my router would just crash almost immediately, and after rebooting it the attack would resume after a minute or two.

[-] daniel@federation.network 9 points 3 weeks ago

@DaPorkchop_@lemmy.ml @memes@lemmy.world Hm weird, I don't see why they would spend their resources attacking random people without any kind of demand. Even at work I've never seen one happening.
I still believe Cloudflare has most of its customers because of fearmongering tbh.

[-] Alaknar@sopuli.xyz 7 points 3 weeks ago

It's a bit like saying "having a password on your account is fearmongering, why would anyone try to access your data".

It's only fearmongering until you get attacked, and it's already too late when you do. Better to be proactive.

[-] daniel@federation.network 9 points 3 weeks ago

@Alaknar@sopuli.xyz @memes@lemmy.world Being proactive doesn't mean you have to hide your personal service behind a billion dollar company. That is precisely the kind of overreaction triggered by fearmongering. If you don't know how to secure access points or harden configurations, no service will be able to do it for you as if by magic. Not to mention your responsibility towards your users, who may not want to be tracked by a third-party company without their knowledge every time they visit your site (or half of the internet by now).

load more comments (1 replies)
[-] pulsewidth@lemmy.world 6 points 3 weeks ago

Get a router that has flood protection? This is like.. Extremely basic network protection.

OpenWRT has had configurable syn-flood protection (enabled by default) since like 2010.

[-] DaPorkchop_@lemmy.ml 3 points 2 weeks ago

Even if the SYN packets were being ignored, the connection would still be unusable if there's enough incoming traffic for most legitimate packets to get dropped. And as mentioned in other comments, the router in question is a shitty ISP router which can't be replaced (although I do have a much fancier router with OpenWRT running behind that).

[-] expr@programming.dev 17 points 3 weeks ago
[-] DaPorkchop_@lemmy.ml 11 points 3 weeks ago

That doesn't help against a SYN flood.

[-] expr@programming.dev 4 points 3 weeks ago

From what I understand elsewhere in the thread, I believe that's just a matter of router configuration.

[-] daq@lemmy.sdf.org 2 points 2 weeks ago

Awesome project, but that's just one of many features CF offers. Most people I suspect rely on tunnels more than bot protection.

[-] daniskarma@lemmy.dbzer0.com 15 points 3 weeks ago* (last edited 3 weeks ago)

Is you homelab getting ddosed constantly?

I had had it for years and never ever got ddosed.

Are you sure it's actually ddos and not just the typical bots scanning for vulnerabilities? Which are easy defended for by keeping updated.

It's weird as a DDOS is not something that's just happens, it's a targeted attack. It's a rare occurrence that someone decided to attack a homelab.

[-] DaPorkchop_@lemmy.ml 8 points 3 weeks ago

I spent multiple days getting SYN flooded to the point my router would crash and reboot over and over, and it stopped the moment I set up cloudflare and asked my ISP to change my IP. This was the instance which pushed me over the edge, but there had been smaller attacks lasting a few minutes each for years leading up to this.

[-] gagootron@feddit.org 11 points 3 weeks ago

What kind of router to you have? A good router should not crash from any amount WAN traffic. But yes, if you host anything you will get scanned even harder than usual.

[-] DaPorkchop_@lemmy.ml 3 points 3 weeks ago

A shitty ISP-supplied modem/router which I have to use :|

[-] pulsewidth@lemmy.world 3 points 3 weeks ago

Where are you? I bet there's at least a few local ISPs that would allow you to use a user-supplied router.

[-] DaPorkchop_@lemmy.ml 3 points 2 weeks ago

There are better ISPs around, but my parents (who are the ones paying for it) don't want to switch providers because... reasons? At any rate it isn't happening any time soon, but once I move out I'll finally be able to switch to Init7 and be done with it all :)

load more comments (2 replies)
[-] MummysLittleBloodSlut 12 points 3 weeks ago
[-] mlg@lemmy.world 9 points 3 weeks ago

Host your own cloud worthy anti DDOS solution with fail2ban /s

[-] monogram@feddit.nl 3 points 3 weeks ago

Honest question, why the /s?

load more comments (3 replies)
[-] lefixxx@lemmy.world 3 points 3 weeks ago

i dont understand why people hate cloudflare so much. Do they see the cloudflare logo when a server is down and assume its CFs fault?

load more comments (2 replies)
[-] mlg@lemmy.world 97 points 3 weeks ago

I deadass got a cloudflare error after reopening this post:

[-] lefixxx@lemmy.world 28 points 3 weeks ago

cloudflare ddos protection is cetralization?

[-] ne0phyte@feddit.org 67 points 3 weeks ago

About 20% of global traffic is routed through Cloudflare so unfortunately Cloudflare is very much a massive case of centralization.

A Cloudflare outage would affect a huge number of websites and services and they have some degree of control over the way you host your and use their services.

[-] skepller@lemmy.world 35 points 3 weeks ago

Yeah, did people forget the last big Cloudflare outage already? A good chunk of all big services went down simultaneously. Discord, Amazon, Twitter and even the PS and Xbox consoles networks lmao.

[-] InFerNo@lemmy.ml 13 points 2 weeks ago

How long before a website not behind something Cloudflare is considered suspicious or unwanted

load more comments (2 replies)
load more comments (1 replies)
[-] MonkderVierte@lemmy.zip 7 points 2 weeks ago

Yes, use a competitor at least.

[-] bjoern_tantau@swg-empire.de 28 points 3 weeks ago

Don't forget your SSL certificate to prevent man-in-the-middle attacks. 🤪

[-] pulsewidth@lemmy.world 9 points 3 weeks ago

Don't forget to have the SSL certificate supplied and managed by Cloudflare, of course 🤫

[-] hornedfiend@sopuli.xyz 2 points 2 weeks ago

mTLS would solve your entire man in the middle problems.

[-] lena@gregtech.eu 20 points 2 weeks ago

Though I'm not a big fan of centralization, I use cloudflare. Their DDoS protection is unmatched, they have scraping protection, and just in case they decide to screw their users over, switching to another service is trivial.

[-] proper@lemmy.world 8 points 3 weeks ago
[-] wintervoid 6 points 2 weeks ago

I mean I don't really have a choice because i don't see a better way to put my home server on a url because I live in a dorm and can't port forward or get a static ip

[-] Vittelius@feddit.org 2 points 2 weeks ago* (last edited 2 weeks ago)

This is what I use: https://github.com/fosrl/pangolin

Creates a wireguard connection from your home server to a vps, which then exposes it to the public using a traefik reverse proxy.

[-] jimitsoni18@lemmy.zip 2 points 2 weeks ago

If you don't have a static IP, how did you get a domain?

[-] ErmahgherdDavid@lemmy.dbzer0.com 2 points 2 weeks ago

That's what they're saying. They're dependent on cloudflare who offer a DNS service that routes traffic to one of their static ips, down a tunnel initiated by the server without an IP address.

load more comments (3 replies)
load more comments (1 replies)
[-] yamamoon@lemmings.world 3 points 2 weeks ago

I unfortunately use cloudflare. They apparently charge the same price they pay for domain names.

What better options do we have? I really want to know.

[-] Friendlybirdseggs@sopuli.xyz 3 points 2 weeks ago
load more comments
view more: next ›
this post was submitted on 15 Sep 2025
847 points (100.0% liked)

memes

17631 readers
1562 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/Ads/AI SlopNo advertisements or spam. This is an instance rule and the only way to live. We also consider AI slop to be spam in this community and is subject to removal.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS