Comment on Is cloudflare breaking the internet or fixing it?

rufus@discuss.tchncs.de ⁨5⁩ ⁨months⁩ ago

• You999@sh.itjust.works ⁨5⁩ ⁨months⁩ ago

  But the DDoS protection and attack prevention is mostly snake-oil for most people.

  I wouldn’t say it’s snake oil for most people because of how cheap it costs to execute a DDoS attack, all it takes is for you to piss off one person for it to be worth it. Although you do not have to use cloudflare there are plenty of other protection services out there.

  And a side note, I can’t believe how hard it is to find statistics on how many DDoS attacks have happened that’s not from someone with a vested interest in the matter. I’d figure the FBI/IC3 or CISA would have better statistics on the matter.

  source

  • rufus@discuss.tchncs.de ⁨5⁩ ⁨months⁩ ago

    I think the correct way to handle this is to include a bad-bot blocker in your webserver. There are plenty scripts and addons available for the common software stacks.

    There are also local and privacy-respecting Web Application Firewalls like ModSecurity, Janusec, Vulture Project (I haven’t yet tested them) which could maybe do the same thing.

    We’re all subject to these crawlers, bots and vulnerability scanners. I also run 3 small websites including mail and a few other services. I rarely block some bot that downloads images over and over again. Other than that, the traffic they cause isn’t that much compared to a single other service like Matrix chat or some Fediverse software that causes lots of HTTP requests all day long. It runs without Cloudflare or ither third-party services for years on my slow home internet connection. Back then even on a single board computer (like the Raspberry Pi.)

    source
• WormFood@lemmy.world ⁨5⁩ ⁨months⁩ ago

  I run a small personal blog/portfolio website that doesn’t get more than a hundred or so human visits per day, but it gets hammered with bot traffic, not just malicious bots but tons of different search indexers and scrapers, many of which don’t respect robots.txt

  after setting up cloudflare I noticed a very significant drop in malicious traffic and in bandwidth use, which also corresponded to less bandwidth and CPU usage for my VPS.

  I know cloudflare has recently had a few bad customer service stories but for small and medium sized websites their service is invaluable

  my own personal criticism of cloudflare is that, as a VPS user, I get hit by cloudflare challenges more. but now that they’ve moved to hcaptcha it’s not too bad

  source

  • rufus@discuss.tchncs.de ⁨5⁩ ⁨months⁩ ago

    I think the correct way to handle this is to include a bad-bot blocker in your webserver. There are plenty scripts and addons available for the common software stacks.

    There are also local and privacy-respecting Web Application Firewalls like ModSecurity, Janusec, Vulture Project (I haven’t yet tested them) which could maybe do the same thing.

    We’re all subject to these crawlers, bots and vulnerability scanners. I also run 3 small websites including mail and a few other services. I rarely block some bot that downloads images over and over again. And fail2ban blocks a lot of brute-forcing attempts. Other than that, the traffic they cause isn’t that much compared to a single other service like Matrix chat or some Fediverse software that causes lots of HTTP requests all day long. It runs without Cloudflare or other third-party services for years on my slow home internet connection. Back then even on a single board computer (like the Raspberry Pi.)

    So my experience is a bit different. And that I can run 3 websites on a RasPi on a 15MBit connection just fine and other people need Cloudflare for a 1000MBit VPS makes me think it’s snake-oil. But yeah, I agree if you block the bots, they stop after some time. That’s also my experience. But the traffic isn’t that much in the first place and there are better ways to do it in my opinion.

    source