Hello guys, so I have been self hosting a bunch of stuff for some years now. But I want to increase the protection of the services I host.
I was thinking of using a VPS just for ddos protecting my services like game servers, web servers, email etc.
Any suggestion on how to set this up well? I was thinking of routing all traffic from the VPS back home with wireguard. My connection is gigabit so I don’t think the performance impact will be too big, any suggestion on which proxy, VPS and other things to use?
If you see my old posts, you’ll see that I had this exact concern.
I have since learnt that pulling a DDoS attack is actually quite resource intensive / expensive to the deployer as well, and unless you believe that you are being targeted because of something very valuable you host or that you have a technically inclined enemy who is specifically out to get you, you should be fine. Have a good think about your threat model.
With regard to bots, scrapers and the likes, yes, they are a real pain. That can be tackled with Anubis + BadBotBlocker + Fail2Ban + some custom rate limits.
I assume you are a lot more experienced than me based on the number of things you have listed to have self hosted. I feel a well configured reverse proxy with the tools I suggested will take care of 95% of all your not and scraper related worries.
Wouldn’t anubis be effective against DDOS attacks?
No, Anubis creates a throttle to stop ai scrapers from taking down https web resources.
Sure but I would think Anubis would also somewhat stop DDOS attacks since clients need to pass Anubis to access the website and across a DDOS swarm that would use up significant resources.
DDOS attacks do not always happen on https, though. You can overwhelm a system with DNS, NTP, or even just malformed packets. Anubis would do nothing for this.