Hasn't someone with contacts at Cloudflare reached out around a month
and a half ago about offering those for free?
Given the usual stance of CF regarding open source and the likes, I
don't think it would be a long shot to at least ask for it.
Now, if it's a matter of not wanting to rely on one provider only that's
fine, but it would be nice to have some info :)
Kind regards,
fermino
On 10/7/25 2:22 PM, Bartosz Bartczak wrote:
It depends on the exact attack, as this determines the defense method.
Generally speaking, if it was:
- "brute force" on the service, then fail2ban + a harder firewall will
be enough to deal with it – a good admin will handle it without any
problems.
- SYN flood attack – Hetzner claims it automatically blocks traffic
above 500 kpps. If that's true, great, but if Hetzner doesn't block
it, the only solution is to change the hosting.
- SYN flood attack <500 kpps – a good admin can defend against such an
attack.
Could you clarify which version of the attack you're referring to?
Regarding Cloudflare Spectrum, it will help, but it's a very expensive
service, not for a non-profit organization.
There's nothing free on Cloudflare that can block traffic on port 22,
so before you suggest anything, read up on it.
There is no such thing as Free DDoS protection for git.
On 7.10.2025 18:07, lukaro wrote:
I guess the Arch Linux team already uses blocking mechanisms like
fail2ban. If the DDoS was that easy to block, we probably wouldn't
even notice it. It's probably volumetric DDoS that needs to be
blocked upstream or something. And I hope the AUR does not need to
rely on Clownflare for that, hopefully they find another solution /
provider. But I trust they do their best to resolve these issues as
fast as possible.
