We use an open-source rust based captcha in lemmy internally. HCaptcha is def not as bad as google, but its still a silicon valley company, and doesn’t offer a self-hostable version, and isn’t open source in the slightest. Cloudflare is absolutely awful, we’ll never use it.
For most things, ddos protection isn’t gonna be necessary, they’re targeted attacks. For most servers, simple nginx rate limiting, ufw, and fail2ban or https://github.com/crowdsecurity/crowdsec are good enough… there are good guides for doing other things too like disabling password-based ssh logins.
Good VPS’s will offer anti-ddos protection, we were getting hit here pretty hard until we moved to ovh. Cloudflare should never be an option though, that gives them all form submits, including passwords, all client-server data unencrypted.
Very interesting and very nice. I appreciate this hard stance which made me see Lemmy uniquely among all these Reddit alternatives that pop up everyday.
One interesting thing is that most toxic ignorant Redditors so affectionate about their racism hatred or love of corporate capitalism never consider trying to pollute Lemmy.
I pity people who fall for their trap. Most victims often are otherwise intelligent, but only are socially discriminatory or unintelligent. Followers often are not a pure extension of one’s ideology.
We use an open-source rust based captcha in lemmy internally. HCaptcha is def not as bad as google, but its still a silicon valley company, and doesn’t offer a self-hostable version, and isn’t open source in the slightest. Cloudflare is absolutely awful, we’ll never use it.
What’s an alternative to cloudflare? Not getting ddossed is good
For most things, ddos protection isn’t gonna be necessary, they’re targeted attacks. For most servers, simple nginx rate limiting, ufw, and fail2ban or https://github.com/crowdsecurity/crowdsec are good enough… there are good guides for doing other things too like disabling password-based ssh logins.
Good VPS’s will offer anti-ddos protection, we were getting hit here pretty hard until we moved to ovh. Cloudflare should never be an option though, that gives them all form submits, including passwords, all client-server data unencrypted.
Very interesting and very nice. I appreciate this hard stance which made me see Lemmy uniquely among all these Reddit alternatives that pop up everyday.
One interesting thing is that most toxic ignorant Redditors so affectionate about their racism hatred or love of corporate capitalism never consider trying to pollute Lemmy.
I caught a QAnon guy trying to start a group here lol. Luckily we banned him and his community before he dragged anybody else over here.
I pity people who fall for their trap. Most victims often are otherwise intelligent, but only are socially discriminatory or unintelligent. Followers often are not a pure extension of one’s ideology.