Post AIGks6CeAz9kXyT7sO by michcio@raru.re
 (DIR) More posts by michcio@raru.re
 (DIR) Post #AIGfVzBH6WFMcuSmUS by wolf480pl@mstdn.io
       2022-04-09T09:01:06Z
       
       0 likes, 1 repeats
       
       How to not use CloudFlare when you're getting DDoS-ed?
       
 (DIR) Post #AIGks6CeAz9kXyT7sO by michcio@raru.re
       2022-04-09T10:01:04Z
       
       0 likes, 0 repeats
       
       @wolf480pl it's still going? damn
       
 (DIR) Post #AIHMcdcHySGxnnW84u by wolf480pl@mstdn.io
       2022-04-09T17:04:08Z
       
       0 likes, 0 repeats
       
       Like seriously. I know I'm not the only one who thinks too much of the internet traffic goes through CloudFlare, and I'm sure many people host their own websites without CF.What do you guys do to defend from a DDoS (other than a pure-bandwidth one) ?
       
 (DIR) Post #AIHMrZOpw1j14ELSfg by woffs@mastodon.sdf.org
       2022-04-09T17:06:46Z
       
       0 likes, 0 repeats
       
       @wolf480pl wait till it's over or phone the upstream provider to filter some packets
       
 (DIR) Post #AIHN5Czw1KU5dzCWJM by bortzmeyer@mastodon.gougere.fr
       2022-04-09T17:09:15Z
       
       0 likes, 0 repeats
       
       @wolf480pl I'm not an user of them but https://deflect.ca/ seems an interesting non-capitalist alternative.
       
 (DIR) Post #AIHNB8mAdA8KHraiwq by bortzmeyer@mastodon.gougere.fr
       2022-04-09T17:10:16Z
       
       0 likes, 0 repeats
       
       @woffs @wolf480pl Many cheap hosters/connectivity providers have no phone number and do not provide this sort of service.
       
 (DIR) Post #AIHNHP1r7DDsQrujGS by bortzmeyer@mastodon.gougere.fr
       2022-04-09T17:11:28Z
       
       0 likes, 0 repeats
       
       @wolf480pl Having a purely static Web site is enough for the majority of dDoS. For the most serious ones, waiting until the bot renter runs out of money is often the most reasonable solution.
       
 (DIR) Post #AIHwA495rCyO25XJi4 by selfisekai@donotsta.re
       2022-04-09T23:42:20.414991Z
       
       0 likes, 0 repeats
       
       @wolf480pl I think the most important thing here is, what kind of traffic do you get? a lot of requests for assets? make sure to use a CDN for all assets. for dynamically generated pages? cache what you can. requests for some database changes? setup captchas. you also might consider setting up a WAF. (note: I haven't gone through a DDoS on my own services)