It depends on the exact attack, as this determines the defense method.
Generally speaking, if it was:
- "brute force" on the service, then fail2ban + a harder firewall will
be enough to deal with it β a good admin will handle it without any
problems.
- SYN flood attack β Hetzner claims it automatically blocks traffic
above 500 kpps. If that's true, great, but if Hetzner doesn't block it,
the only solution is to change the hosting.
- SYN flood attack <500 kpps β a good admin can defend against such an
attack.
Could you clarify which version of the attack you're referring to?
Regarding Cloudflare Spectrum, it will help, but it's a very expensive
service, not for a non-profit organization.
There's nothing free on Cloudflare that can block traffic on port 22, so
before you suggest anything, read up on it.
There is no such thing as Free DDoS protection for git.
On 7.10.2025 18:07, lukaro wrote:
I guess the Arch Linux team already uses blocking mechanisms like fail2ban. If
the DDoS was that easy to block, we probably wouldn't even notice it. It's
probably volumetric DDoS that needs to be blocked upstream or something. And I
hope the AUR does not need to rely on Clownflare for that, hopefully they find
another solution / provider. But I trust they do their best to resolve these
issues as fast as possible.
