Thank you for the amazing job, as always! Cloudflare is a solid solution :)
this post was submitted on 22 Jul 2023
2356 points (100.0% liked)
Lemmy.World Announcements
29079 readers
272 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news 🐘
Outages 🔥
https://status.lemmy.world/
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to info@lemmy.world e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email report@lemmy.world (PGP Supported)
Donations 💗
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 2 years ago
MODERATORS
Sure but maybe something less centralized/proprietary would be preferable
Such as?
Nothing. DDoS mitigation is inherently an ISP or someone like cloudflare. You will not have success against anybody who knows what they are doing without their help.
load more comments
(18 replies)
Well for now we'll have to stick around with cloudflare. I'd just would like to see something managed by a decentralized network. I don't know if it exists, it's more of a sentiment or a general idea.
If you don't know what a content delivery network is, here : https://www.cloudflare.com/learning/cdn/what-is-a-cdn/
A CND is very costly to run in an effective way. And because it is an intermediary server between the user and content server, the market is already pretty full. So competing with the CDN giants is practically impossible in a decentralised manner.
Because of what a CDN does (cache website elements closer to the user, protect the website against ddos...), it cannot be a cheap weak server, or it's the one which will get overwhelmed by the ddos, or even the users.
Another limiting factor is that in decentralisation, that means different companies, and so many separate plans to pay, which is just impossible for a company.
If it was decentralized, a company would have to go and pay 100 different companies (which is more expensive, du to the server costs and each companies having their own staff to may (even if it's just 1 person per company)) just to offer a quick access to the users around the world, which is just impossible.
A CDN isn’t a great comparison to DDOS mitigations. CDN spreads the load amongst multiple locations that are distinct entities. Any one can be down and the rest functions fine. They generally exist on separate domains and are not inherently codependent.
DDOS requires an inline solution. A layer acting as a man in the middle to deflect or absorb the traffic destined to Lemmy.world, for example. That’s not something that can be readily be decentralized while there’s only one ingress to Lemmy.world.
load more comments
(2 replies)
load more comments
(19 replies)
That's easier said than done, DDoS mitigation requires a large amount of servers that are only really useful to persist an active DDoS attack. It's why everyone uses Cloudflare, because of the amount of customers they serve there's pretty much always an active attack to fend off. Decentralization wouldn't work great for it because you would have to trust every decentralized node not to perform man in the middle attacks. But if you know of any such solution I'd love to hear it.
load more comments
(16 replies)
Is “decentralised” the new “blockchain”?
Well, no. Unlike the blockchain, decentralized platforms aren't snake oil.
load more comments
(7 replies)
load more comments
(5 replies)
load more comments
(15 replies)
Don't forget. Donate to them. There are no ads here. So we have to maintain the staff and servers.
Lemmy World
https://www.patreon.com/mastodonworld?utm_campaign=creatorshare_fan
Lemmy Devs
https://www.patreon.com/dessalines?utm_campaign=creatorshare_fan
load more comments
(6 replies)
Imagine hosting a service for anyone else to use it, free of charge, no ads, free & open API, yet some idiots think it's fair to (D)DOS it.
There are more "interesting" targets, worst case - Reddit, who thinks everyone is just a number/noise.
Just leave Lemmy alone. :(
we will all still be here when their hyperactivity wears off.
with the old Reddit simulator, personally I'm not going anywhere anytime soon. This place has a great user base and it feels so old-school.
load more comments
(1 replies)
load more comments
(12 replies)
I don't understand why people want to take down websites. Especially sites like Lemmy, which isn't exactly sticking it to anyone because no one owns it!
Are they just Reddit groupies?
For most hackers or wanna-bes (often called Script Kiddies, that is, people (generally young, even children thus the "Kiddies") who are not technologically inclined enough to be real hackers and see a tutorial online on how to run pre-written scripts that repeatedly perform various functions), the answer to "Why do you do it?" is often:
-
"Because I was bored."
-
"Because I can."
Very rarely are other reasons given.
load more comments
(2 replies)
Some people enjoy causing suffering to others. On the internet they are termed trolls. Irl people usually just call them assholes. Most people have encountered them before.
I think they are far more common and likely than anyone giving two shits about reddit.
load more comments
(19 replies)
In case you haven't considered this, some helpful advice. To keep them from the lemmy.world door after the CDN installation
- Change the public IP addresses
- rotate your certificates
- block all traffic appart from the CDN and only allow a limited known good IP addresses (like yours and your support team). These steps will make your server harder to find, hopefully they move on.
load more comments
(2 replies)
Good News
Most of these ‘attacks’ are targeted at the database
A major PostgreSQL performance issue, logic mistake, was discovered today in lemmy_server and is an easy fix. Details: https://lemmy.world/post/2008987
load more comments
(1 replies)
Growing pains. This server and the platform will be better for it. If not for these script kids, some other attacker would eventually be motivated to try it.
old.lemmy.world still exposes your hetzner server to the internet, just a quick heads up.
Thank you as always for the transparency. This instance is going to be the most targeted because of its size. Y’all dealing with this is hard but you’re going to figure things out that will help the other instances.
It's not. People hate large companies that have a dominant position in their industry. Usually, that's fair. However, in the case of DDoS protection, you have to have a large overbearing presence to be able to have the capacity to withstand such attacks. People don't know how to see through what's typically true for what's true in this case. Do I like having a dominant player in an industry? Not particularly. Do I understand why it's necessary in this case? Yes.
Anything we can do as "users" to help, other than donating?
Hmm, best would be if those kids find a real hobby so they stop bothering us. On the other hand, it helps us understand Lemmy better and secure it.
load more comments
(1 replies)
load more comments
(1 replies)
Come on everyone, let's be better than this. Ruud literally said script kids, why do yall have to go and blame reddit? The Lemmy gets more attention, and chaotic dumbasses do their thing. You don't have to do any mental gymnastics to tie it back to spez.
load more comments
(4 replies)
Wonder why this wasn't done earlier. Hopefully we'll see less of the 404-type pages that has plagued this instance.
load more comments
(10 replies)
That's for for always keeping everyone up date. Sucks that you have these people wanting to DDOS a free community of people, I don't get it.
Either way thank you. Now to just somehow find a decentralized version of CloudFlare so we don't have to deal with there trackers that they have.
load more comments
(1 replies)
Excellent! CDN and DDoS protection are essential. Also would recommend looking into load balancing if you haven’t.
load more comments
(13 replies)
Thank you for your hard work, and for keeping us updated on the situation.
I hope lemmy.world can avoid using Cloudflare which goes against the spirit of Fediverse as it's just an objectively evil company.
load more comments
(14 replies)
Thank you! I will donate tomorrow
Be aware that you use another server so you might consider donating to them instead.
I have an account on yours too, but I might split it between both indeed :)
load more comments
(7 replies)
Cloudflare isn’t bad per se, but having huge amounts of the public internet behind a centralized provider is bad for the flexibility and resiliency of the internet as a whole.
load more comments
(1 replies)
Man I would love to know how/why doing that is enjoyable to some people. Like how sad and pathetic is your life that that is what is fun to you?
On the plus side watching you all tackle and solve these problems gives me confidence in the long term viability of Lemmy and the fediverse. The transparency and often detailed technical discussion definitely helps a lot too.
Cloudflare is a solid choice IMO. Thanks again for hosting this!
view more: next ›