We use an open-source rust based captcha in lemmy internally. HCaptcha is def not as bad as google, but its still a silicon valley company, and doesn’t offer a self-hostable version, and isn’t open source in the slightest. Cloudflare is absolutely awful, we’ll never use it.
Just curious - I have no interest in giving QAnon conspiracies more oxygen - but on what basis were they banned? Being disastrously misinformed, on its own, does not appear to be against the Code of Conduct (and nor should it be).
I can’t see anything in the text that would disallow that other than “mod doesn’t like it” - if so, it’s rather similar to what Reddit’s being accused of in this post. So far my experience is that opinions on this Lemmy federation are even more homogeneous than they are on Reddit - the prevailing view is just different. Again, this post has been a good example. It’s all a little disappointing.
For most things, ddos protection isn’t gonna be necessary, they’re targeted attacks. For most servers, simple nginx rate limiting, ufw, and fail2ban or https://github.com/crowdsecurity/crowdsec are good enough… there are good guides for doing other things too like disabling password-based ssh logins.
Good VPS’s will offer anti-ddos protection, we were getting hit here pretty hard until we moved to ovh. Cloudflare should never be an option though, that gives them all form submits, including passwords, all client-server data unencrypted.
deleted by creator
We use an open-source rust based captcha in lemmy internally. HCaptcha is def not as bad as google, but its still a silicon valley company, and doesn’t offer a self-hostable version, and isn’t open source in the slightest. Cloudflare is absolutely awful, we’ll never use it.
deleted by creator
That’s the goal :smiling face:
I caught a QAnon guy trying to start a group here lol. Luckily we banned him and his community before he dragged anybody else over here.
deleted by creator
Just curious - I have no interest in giving QAnon conspiracies more oxygen - but on what basis were they banned? Being disastrously misinformed, on its own, does not appear to be against the Code of Conduct (and nor should it be).
deleted by creator
I can’t see anything in the text that would disallow that other than “mod doesn’t like it” - if so, it’s rather similar to what Reddit’s being accused of in this post. So far my experience is that opinions on this Lemmy federation are even more homogeneous than they are on Reddit - the prevailing view is just different. Again, this post has been a good example. It’s all a little disappointing.
deleted by creator
If that’s the way you see it, fair enough. It’s been a pleasure.
What’s an alternative to cloudflare? Not getting ddossed is good
For most things, ddos protection isn’t gonna be necessary, they’re targeted attacks. For most servers, simple nginx rate limiting, ufw, and fail2ban or https://github.com/crowdsecurity/crowdsec are good enough… there are good guides for doing other things too like disabling password-based ssh logins.
Good VPS’s will offer anti-ddos protection, we were getting hit here pretty hard until we moved to ovh. Cloudflare should never be an option though, that gives them all form submits, including passwords, all client-server data unencrypted.
Whoa! I looked it up. OVH offers quite a lot there. That’s awesome! Will definitely consider moving my setup there. Appreciate the tip.
deleted by creator