Today, like the past few days, we have had some downtime. Apparently some script kids are enjoying themselves by targeting our server (and others). Sorry for the inconvenience.
Most of these ‘attacks’ are targeted at the database, but some are more ddos-like and can be mitigated by using a CDN. Some other Lemmy servers are using Cloudflare, so we know that works. Therefore we have chosen Cloudflare as CDN / DDOS protection platform for now. We will look into other options, but we needed something to be implemented asap.
For the other attacks, we are using them to investigate and implement measures like rate limiting etc.
I hope lemmy.world can avoid using Cloudflare which goes against the spirit of Fediverse as it’s just an objectively evil company.
There are thousands of reasons from centralizing internet, abusing their market power, implementing barriers on web automation that can only be bypassed by the priviledged to fingerprinting and tracking users across the whole internet. It’s a major for-profit market capture corporation - it’s evil by design.
Then you give them an effective DDoS protection measure instead of posting things without evidence.
What would the alternative be? DDOS protection inherently benefits from a centrally controlled network for defense, and also from a single entity handling as many of the defenses as possible so they can see them all being used.
I guess I could trivially see the need for a not-for-profit version of this, but that’d still be a central entity, just mandated by law and funded from taxpayer money or something.
But back to the question, what is the alternative? There’s a good reason everyone goes with Cloudflare, it’s about defending from DDOS attacks, and they do it better than others.