Amazon bots DOSing me by downloading all of the content in all of my public repositories. At least my rate limiting is keeping that under control. I guess I should probably blacklist their IPs
Discussion
maybe you want to require auth on your repos
Also kind of a bummer, it should be easy for people to download my stuff. It's completely manageable right now, but AI is clearly scraping my repos
AI is such cancer... i'd be blacklisting cloud service IP ranges altogether personally. Anyone who is running stuff from that in containers or whatever probably isn't nice people. actual users who like nostr and stuff will not be using google cancer or amazon cancer services
Your right, but I use my own private VPN from a VPS for my outgoing traffic and I get blocked from so many things now. I couldn't use YouTube, Spotify, Facebook etc, if I wanted to anymore.
yeah, i get small problems, mostly just captcha from cloudflare but my VPS seems to not be in the shitlist
probably because it's kinda expensive but it's quality infra, Sofia, Bulgaria, which had a huge influx of remote support service companies and an existing extensive high speed ethernet network (often strung across between buildings by gangsters back in the day, selling access to pirate movie caches), but it is on the high side of expensive
still, i have 500mbit down now and i get all of that via the tunnel so i no complain
This is stuff you host from home?
I am getting fiber tomorrow and trying to figure out the pitfalls of self hosting any thing. I am guessing if I make any DNS records that point to my home IP I am going to get hammered.
Yessir from my main wan traffic.
I've been hosting stuff (like my website) publicly since 2010, and maybe 1 or 2 times have I had any actually major DOS issues. This is far from major, I have many resource exhaustion protections in place.
Also, I do not recommend pointing DNS directly to your home public IP. I pay for a public VPS and use nginx stream proxying to tunnel IP traffic back home. 1 for a layer of privacy, 2 for isolation, 3 so I don't have to terminate SSL until it hits my network, so my certs are only stored locally. Also in the case of DOS events I can just log into the VPS to disable routing, and I get my internet back. If I ever lose my VPS I can possibly purchase from another company and copy/paste my nginx config and be back up hopefully within a few hours if I need it.
i use wireguard tunnels and my own bespoke reverse proxy... and it lets me test my stuff live on the internet from my dev box
Yeah, this is what I was thinking of doing. Probably with wire guard. I haven't ever used nginx though. How much vps do you need to route a gigabit? Do you do filtering at your vps? Packet inspection?
Nginx is a fantastic tool! I have 2TB/month of traffic for my VPS and I don't come anywhere near hitting that. No, my VPS is a dumb TCP forwarder that's all it does. I just have some IP based limits, that's all.