I understand that people enter the world of self hosting for various reasons. I am trying to dip my toes in this ocean to try and get away from privacy-offending centralised services such as Google, Cloudflare, AWS, etc.
As I spend more time here, I realise that it is practically impossible; especially for a newcomer, to setup any any usable self hosted web service without relying on these corporate behemoths.
I wanted to have my own little static website and alongside that run Immich, but I find that without Cloudflare, Google, and AWS, I run the risk of getting DDOSed or hacked. Also, since the physical server will be hosted at my home (to avoid AWS), there is a serious risk of infecting all devices at home as well (currently reading about VLANS to avoid this).
Am I correct in thinking that avoiding these corporations is impossible (and make peace with this situation), or are there ways to circumvent these giants and still have a good experience self hosting and using web services, even as a newcomer (all without draining my pockets too much)?
Edit: I was working on a lot of misconceptions and still have a lot of learn. Thank you all for your answers.
Why would anyone ddos you? Ddos costs money andor effort. Noone is going to waste that on you. Maybe dos but not ddos. And the troll will go away after some time as well. There’s no gain in dosing you. Why would anyone hack your static website? For the lulz? If everything is https encrypted on your local net how does a hacker infest everything on your network?
DDOS can happen just from a script hammering on an exposed port trying to brute force credentials.
This is nonsense. A small static website is not going to be hacked or DDOSd. You can run it off a cheap ARM single board computer on your desk, no problem at all.
What?
I’ve popped up a web server and within a day had so many hits on the router (thousands per minute) that performance tanked.
Yea, no, any exposed service will get hammered. Frankly I’m surprised that machine I setup didn’t get hacked.
I can’t say I’ve seen anything like that on the webservers I’ve exposed to the internet. But it could vary based on the IP you have if it’s a target for something already I suppose.
Frankly I’m surprised that machine I setup didn’t get hacked.
How could it if all you had was a basic webserver running?
Don’t leave SSH on port 22 open as there are a lot of crawlers for that, otherwise I really can’t say I share your experience, and I have been self-hosting for years.
Am I missing something? Why would anyone leave SSH open outside the internal network?
All of my services have SSH disabled unless I need to do something, and then I only do it locally, and disable as soon as I’m done.
Note that I don’t have a VPS anywhere.
I’ve been self-hosting a bunch of stuff for over a decade now, and have not had that issue.
Except for a matrix server with open registration for a community that others not in the community started to use.
It is easy to get hacked if you make stupid mistakes. Just don’t make them.
Is this some sort of insider I am not aware of? I always see these kind of replies and I never understand them. Why even write anything if you don’t have anything meaningful to add to the conversation? This is a genuine question to both of you. I mean, yes, it might be true that everything is fine and dandy if you follow good security practices? But how does that help a beginner? Its like saying driving a car with manual transmission is easy. You just need to know the numbers from 1 to 6 and that a higher number makes the car go faster. Even though this might be technically true, it doesn’t help anybody.
Use a firewall like OPNsense and you’ll be fine. There’s a Crowdsec plugin to help against malicious actors, and for the most part, nothing you’re doing is worth the trouble to them.
The DDOSED hype on this site is so over played. Oh my god my little self hosted services are going to get attacked. Is it technically possible yes but it hasn’t been my experience.
99% of people think they are more important than they are.
If you THINK you might be the victim of an attack like this, you’re not going to be a victim of an attack like this. If you KNOW you’ll be the victim of an attack like this on the other hand…
