Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
torginus 9 hours ago

What happens if you don't use Cloudflare and just host everything on a server?

Can't you run a website like that if you don't host heavy content?

How common are DDOS attacks anyway, and aren't there local (to the server), that analyze user behavior to a decent accuracy (at least it can tell they're using a real browser and behaving more or less like a human would, making attacks expensive).

Can't you buy a list of ISP ranges from a GeoIP provider (you can), at least then you'd know which addresses belong to real humans.

I don't think botnets are that big of a problem (maybe in some obscure places of the world, but you can temp rangeban a certain IP range, if there's a lot of suspicious traffic coming from there).

If lots of legit networks (as in belonging to people who are paying an ISP for their network connections) have botnets, that's means most PCs are compromised, which is a much more severe issue.

dewey 9 hours ago | parent | next [-]

Botnets use real residential connections not just data centers. So your static list of “real people” doesn’t really make a difference.

dijit 9 hours ago | parent | prev | next [-]

Yeah, you can.

Lots of people use raspberry pi’s for this, which is a smidge anaemic for some decent load (HN Hug Of Death)- even an Intel N100 is more grunt, for context.

This makes people think that their self hosting setup can never handle HN load; because when they see people talking about self hosting the site goes down.

rainonmoon 8 hours ago | parent [-]

Most people shouldn't use a Pi because most people can't configure a web server securely. A VPS would be a better option for just about everybody trying to "self-host" whether they put Cloudflare in front of it or not.

dijit 8 hours ago | parent [-]

in both cases you're setting up a webserver.

I guess you're concerned about lateral network movement? Justified, but as long as it's patched it's going to be just as secure.

rainonmoon 8 hours ago | parent [-]

You're right, but with an asterisk. I don't care if my DO droplet gets popped with an RCE. I do care if someone establishes persistence in my home.

1718627440 5 hours ago | parent [-]

You can have different networks in your physical home.

justsomehnguy 9 hours ago | parent | prev [-]

> What happens if you don't use Cloudflare and just host everything on a server?

It works.

> Can't you run a website like that if you don't host heavy content?

Even with a heavy content - question is how many visitors do you have. If there is one once an hour you would suffice on a 100Mbit/Unlim connection.

> How common are DDOS attacks anyway

Extremely rare. 99% of sites never experience it, 1% do have some trouble because somebody nearby is being DDoS'ed.

> and aren't there local (to the server), that analyze user behavior to a decent accuracy (at least it can tell they're using a real browser and behaving more or less like a human would, making attacks expensive).

No point, you can't do anything anyway - it's a denial of service so there are gigabytes of trash flowing your way.

> Can't you buy a list of ISP ranges from a GeoIP provider (you can), at least then you'd know which addresses belong to real humans.

No point. If you are not being DDoS'ed then you just spent money and time (ie money) on useless preventive measure you never use. And when (if) it would come you can't do anything anyway, because it's a distributed denial of service attack.

> I don't think botnets are that big of a problem (maybe in some obscure places of the world, but you can temp rangeban a certain IP range, if there's a lot of suspicious traffic coming from there).

It's not a DDoS if you can filter at the endpoint.