Hello guys, so I have been self hosting a bunch of stuff for some years now. But I want to increase the protection of the services I host.
I was thinking of using a VPS just for ddos protecting my services like game servers, web servers, email etc.
Any suggestion on how to set this up well? I was thinking of routing all traffic from the VPS back home with wireguard. My connection is gigabit so I don’t think the performance impact will be too big, any suggestion on which proxy, VPS and other things to use?
You must log in or register to comment.
If you see my old posts, you’ll see that I had this exact concern.
I have since learnt that pulling a DDoS attack is actually quite resource intensive / expensive to the deployer as well, and unless you believe that you are being targeted because of something very valuable you host or that you have a technically inclined enemy who is specifically out to get you, you should be fine. Have a good think about your threat model.
With regard to bots, scrapers and the likes, yes, they are a real pain. That can be tackled with Anubis + BadBotBlocker + Fail2Ban + some custom rate limits.
I assume you are a lot more experienced than me based on the number of things you have listed to have self hosted. I feel a well configured reverse proxy with the tools I suggested will take care of 95% of all your not and scraper related worries.
Wouldn’t anubis be effective against DDOS attacks?
Don’t. Ddos will overwhelm any single server, do you really think a 1/10/25Gb interface can handle a small 50Gb/s attack?
What you can do is host a VPS with a company that has ddos protections, but I doubt that is standard, and ddos protection works best from a network operator level not a host one.
Depends on what kind of DDoS OP wants to defend against. Defending against an AI crawler DDoS is entirely possible with a tiny VPS. I’ve been doing that for the past ~1.5 years on a €4/month CX23 Hetzner VPS.
That’s what I meant. Hosting the VPS at a company with ddos protection. So the VPS can take the hit instead of my home connection.
You could do it that way. You could use something like Cloudflare Tunnels/Zero Trust where you’d get DDoS protection for tunneled hostnames http/https. If you’re looking for raw tcp/udp arbitrary ports protection, they have a paid Spectrum protection plan.
I don’t know your specific situation, but after all these years of self hosting, I can’t say as I’ve ever experienced a DDoS attack. Not saying they don’t happen or that it isn’t a concern. I’ve experienced someone hacking my server, but I was super green back then and undoubtedly didn’t have the proper protections in order.
Most of your reputable, well established VPS vendors like Digital Ocean, Linode, Vultr, offer DDoS protections. Some like Hetzner offer multiple tiers of DDoS protection.
Why would someone DDoS you?
Been hosting Public Websites and Gameservers since 2020 from my residential connection and never got ddosed in that time
Lulz
monies
I have a setup similar to this, but not for ddos protection. If I were to get ddossed at a network level, my home connection wouldn’t feel much of it, as my VPS quickly gets overloaded. I have been “ddossed” at an application level though, I hate AI web scrapers. Since the entire line from VPS to my home network is 1gbps, that alongside most of my server cpu resources got oversaturated with fake traffic.
(I say ddosed in quotes, because I’m not sure of the intentions of these AI webscrapers. Thousands of requests per second on a server that’s usually seeing maybe 5 isn’t “normal” traffic either.)
