😂😅

Oh god I hope this doesn’t become a daily thing, I will have to start up an onlyfans 😅

Let’s go!

unironically yeah

probably 🤣

isnt aws vps stuf

Makes sense it's their style

Just get a ddos protected VPS from OVH, Path you can find providers easily. (Ex. Vibegames path) Which will basically make the server not be able to be hit on L4 and also better specs then Digital Ocean.

@@AndrieMC if you use AWS for VPS (ec2 as they call it) alone, you probably shouldn't be using AWS.

Chatgpt ahh comment

True. I think it's great knowing how to run a node/go/whatever app and setup nginx or caddy to proxy to it. You realize how much you can do and what problems those managed services actually solve for you. Also in some enterprise cases you cannot just deploy to whatever cloud service and must deploy on premises or are potentially only allowed into VMs so having this knowledge is beneficial.

thanks for the suggestion, I ended up adding that today as well

sometimes a DDoS attack is just random; someone finds an open machine after scanning ip addresses and attacks it; but yes this seems targeted 🤣

@@WebDevCodyye maybe it's just random but it feels targeted from your point of view. It does increase the potential revenue of amazon or cloudflare which might benefit the attacker. Don't know if you can just change the IP..

Dude I feel the attacker wants to DDos protect their app, so wants a tutorial from Cody for it 😂

@@rahultech77 that’s probably it 😆

Hackers and script kiddes (especially) loves attention

Idk I plan to just scale up vertically as much as possible and see how far it’ll take me. Caddy seems simplier, nginx is probably feature rich

thanks sexy!

😆 a $1,500 bill created in a few hours will do that to a dev

If you proxy to your website using CloudFlare DNS, how do you know those IPs? Are they listed somewhere, is there documentation that lists all those IPs?

@@groff8657 There are websites & tools to scan pretty much the entire web, if you render your pages on ips too, or have any correlations to your domain, they will be able to link the ip back to the domain

​@@groff8657there are 255^4 ips in the world. Its not so hard to crawl all of em

@@groff8657 Yes there is, just type cloudflare ips in any search engine

@@groff8657 It's in cloudflare docs. You can google and you'll find it.

could you explain why AAAA would help out? if it's behind cloudflare, why would it make any difference?

@@WebDevCody Most of the internet still use IPv4 so most of the devices participating in a DDoS attack are presssmably using IPv4. If your VPS blocks IPv4 altogether, there will be one way to ping your server - that is through Cloudflare. Now someone can scan the ports of AWS to find the servers that have port 80/433 open and send an HTTP request to your server. However, if you don't use catch all block in Caddyfile: it sends something like 422 to deny requests. That's good but still it receives the HTTP request. Setting up IPv6 with AAAA record will future-proof your server as well. Also, users with IPv6 enjoy faster performance.

@@WebDevCody I wrote a long reply but it's not showing up here. Joining your Discord if we can have chat there.

They can be nice and forgive you the charge, but it will definitely break your free tier and scale your charges like crazy, a lot more expensive than AWS for sure

Because I like wasting time 😂

You can deploy next anywhere. It should have the same feature except edge computing. I was nit deploying containers on aws; I was using serverless

your instance would crash; therefore, there is no extra bandwidth you'd get charged for. It's just a trade off, would you rather have 100% uptime (you probably want serverless), or reduce your chance of getting a $600 in one hour.

Because there is a lot of room in hell and someone is reserving their slot

@@WebDevCodyI’m stealing this answer 😂

Since this video I’m actually using railway now. Honestly I just wanted a service that has automatic billing limits which will kill my services if I spend too much money. Not many services provide this. Some have primitives I could use to build a kill switch from scratch, but I don’t have time to waste on that

Tnx for the answer, yeah I guess kill switch is a great feature! Didn't use railway will look into it 😊

Can you also do a vid setting up coolify on a VPS next? Everyone's been going wild with it.

I’ll check that out, sounds easier

Ahh ok good info!

lol you’re probably part of the crew doing it huh?

Next video "Why should you should host simple projects on a VPS instead of AWS" ...............

@@lukasberk9303 at least you’re all learning together? 🥴 lol unless yall are just here to stare at his face for minutes on end which I guess is cool too 🫠

all it took was a DDoS attack and an AWS linked to my credit card to change my thought process 🫠

@@WebDevCodyto be fair you could have (and still can) contact aws support. They would give credit to cover the full cost and help you protect in the future most likely. You also can get $1000-100000 based on being a startup, that could also help. It’s a shame you decided to fully make up your mind so soon.

awesome, I'll turn that on

Are the certs free to generate? I'm currently using Let's Encrypt cert on my VPS and thinking of adding cloudflare for extra protection.

yes those are absolutely free and even you can select the term like 3months, 1years or even 15 years@@kamehameha38

cloudfront has a bunch of path rules that know how to invoke lambdas on requests. It wouldn't be an easy refactor

He had cloudfront, which is AWS's CDN

right, I guess you have to trust cloudflare doesn't sell your data or forward it to the NSA 🤣

@@WebDevCody I feel like they definitely do forward it to the NSA. We need end to end encryption on our applications starting on the client

You have to use the cloudflare cert or else you have to do a bunch of extra work

I’d probably build the image in GitHub actions, publish it to a container registry, then ssh into the machine and rerun docker compose up

Honestly, I’m kind of just tired of serverless and lambda at work we use lambda and I can’t even count how many hours I’ve wasted trying to get binaries to run on lambda ran into lambda size limits, run into API Gateway timeout issues run into having debug permissions over and over again Execution roles having to deal with cold starts that make the application. Just feel slow when you don’t already have a ton of users. Honestly, I think just hosting a single node executable on a VPS or a container runner is extremely low maintenance compared to anything you can hack together in the AWS ecosystem.

I’ve never done that actually; but I’m sure it’s possible

if he does I'm quitting

@@WebDevCodyNo need to worry you are fine now unless you are charged for your AWS servers running in the backend per request you're fine. I would recommend not using AWS at all it's overpriced and trash IMO.

I find learning new things fun. When I start to get bored of doing the same thing every day at work, I reach for making KZbin videos or learning new stuff

I'm sure it's possible, but I'm a bit tired of serverless

Because if I want a vps, DO or railway has a much better ui for cheapee

I did that today, I setup a DO firewall rule and only allow inbound requests from cloudflare specific IP addresses.

Same thing, meaning ddos protection or hosting your api?

@@WebDevCody Actually I just thought about it, api gateway, EC2 wouldn’t work against ddos protection but will work with API hosting.

if you use caddy self signing certs, it's a bit more complicated; you'll have to build caddy using xcaddy with a cloudflare plugin so it can know how to validate your self signed certs against cloudflare using your cloudflare api key. I started looking into all of that and said screw that noise

that is the same issue as AWS, just at least 5 times more expensive (free tier is a auto-upgrade if you hit the limits, you still owe money even if no card is linked)

Vercel free tier license states it can’t be used for commercial apps; my app getting ddos is making money

Also, how much are you paying for Cloudflare? I see that they have a higher level of protection provided apart from the one in the free tier. Keep us updated if you get ddos again. Not bad for content right? 😂

🤷‍♂️ you live and you learn

Right but for some reason I can’t get it working with cloudflare full mode. Maybe I’m doing something wrong

@@WebDevCodyAll of my websites use cloudflare full mode and caddy haven't had an issue yet... so idk

@@fredheladrienkissie1404 hmm I’ll look into this more soon

yeah, but it obviously isn't blocking all the DDOS traffic

I have no clue what you just asked

@@WebDevCody I'm just amaze how can you learned that. Like choosing where to host and use other tech to secure your application

are tunnels a paid plan feature?

@@WebDevCodyno. There might be a limit to a number of them, but you could think about hosting all your projects on a single instance and have a wildcard dns record that would point to it. Then the cloudflare agent would act as a "reverse proxy" to your local ports :)

node can easily run without needing 1gb of memory; it isn't java, give node some credit