There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Is it practically impossible for a newcomer selfhost without using centralised services, and get DDOSed or hacked?

I understand that people enter the world of self hosting for various reasons. I am trying to dip my toes in this ocean to try and get away from privacy-offending centralised services such as Google, Cloudflare, AWS, etc.

As I spend more time here, I realise that it is practically impossible; especially for a newcomer, to setup any any usable self hosted web service without relying on these corporate behemoths.

I wanted to have my own little static website and alongside that run Immich, but I find that without Cloudflare, Google, and AWS, I run the risk of getting DDOSed or hacked. Also, since the physical server will be hosted at my home (to avoid AWS), there is a serious risk of infecting all devices at home as well (currently reading about VLANS to avoid this).

Am I correct in thinking that avoiding these corporations is impossible (and make peace with this situation), or are there ways to circumvent these giants and still have a good experience self hosting and using web services, even as a newcomer (all without draining my pockets too much)?

Edit: I was working on a lot of misconceptions and still have a lot of learn. Thank you all for your answers.

Auli ,

The DDOSED hype on this site is so over played. Oh my god my little self hosted services are going to get attacked. Is it technically possible yes but it hasn’t been my experience.

tills13 ,

99% of people think they are more important than they are.

If you THINK you might be the victim of an attack like this, you’re not going to be a victim of an attack like this. If you KNOW you’ll be the victim of an attack like this on the other hand…

gamermanh ,
@gamermanh@lemmy.dbzer0.com avatar

Many of us also lived through the era where any 13 year old could steal Mommy’s credit card and rent a botnet for that ezpz

My MC server a decade ago was tiny and it still happened every few months when we banned some butthurt kid

markstos ,

DDoSing cost the attacker some time and resources so there has to something in it for them.

Random servers on the internet are subject to lots of drive-by vuln scans and brute force login attempts, but not DDoS, which are most costly to execute.

deafboy ,
@deafboy@lemmy.world avatar

Of course security comes with layers, and if you’re not comfortable hosting services publically, use a VPN.

However, 3 simple rules go a long way:

  1. Treat any machine or service on a local network as if they were publically accesible. That will prevent you from accidentally leaving the auth off, or leaving the weak/default passwords in place.
  2. Install services in a way that they are easy to patch. For example, prefer phpmyadmin from debian repo instead of just copy pasting the latest official release in the www folder. If you absolutely need the latest release, try a container maintained by a reasonable adult. (No offense to the handful of kids I’ve known providing a solid code, knowledge and bugreports for the general public!)
  3. Use unattended-upgrades, or an alternative auto update mechanism on rhel based distros, if you don’t want to become a fulltime sysadmin. The increased security is absolutely worth the very occasional breakage.
  4. You and your hardware are your worst enemies. There are tons of giudes on what a proper backup should look like, but don’t let that discourage you. Some backup is always better than NO backup. Even if it’s just a copy of critical files on an external usb drive. You can always go crazy later, and use snapshotting abilities of your filesystem (btrfs, zfs), build a separate backupserver, move it to a different physical location… sky really is the limit here.
JigglySackles ,

DDOS against a little self hosted instance isn’t really a concern I’d have. I’d be more concerned with the scraping of private information, ransomware, password compromises, things of that nature. If you keep your edge devices on the latest security patches and you are cognizant on what you are exposing and how, you’ll be fine.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •