I self host all of my services but utilize a VPS as a gateway for access. Primarily to allow access to a media server and file storage for friends and family.
Recently I’ve been shut down by my VPS provider on multiple occasions because they claim my server was DDoS’d at 2gigabits/s. I don’t see any evidence of this in my logs.
Regardless, I set up Traefik proxy to geoblock any IPs outside of my country. Literally a few mins after doing so and confirming via VPN that it was working I got shut down and received an email that my network was severed temporarily due to a DDoS Blackhole event.
The questionable nature of their detection system aside, it’s got me wondering…does ip blocking actually help mitigate DDoS attacks?
The server still needs to process the incoming connection before it filters it, so I’m assuming the attack is still accomplishing it’s intent which is to overload the server. Can somebody more knowledgeable provide some insight?
Setup cloudflare, I believe the free tier includes ddos protection. Then setup your ingress to only allow cloudflare IPs, either with iptables or even better if your vps supports it with a network policy.
I appreciate the tip but as a privacy minded self-hoster I try to avoid companies like cloudflare. Surely there has to be a way to diy DDoS protection?
Can you go IPv6 only with dynamic dns + recycling ip every day? My raspberry pi doesn’t get bot traffic. I have 22, 80, 443 and a few other ports open on public ipv6 address.
Blocking doesn’t really help with DDOS, since the traffic is still hitting the server and from the standpoint of the VPS provider it doesn’t look much different.
Some VPS providers offer DDOS protection as an addon, but just moving to a different provider might solve it. If you’re just hosting stuff for friends/family it doesn’t seem like there would be much reason to DDOS your IP, unless the IP was recycled from something before that people are still attacking.