I recall a certain amount of overhead in IPTables “allow only from” situations but I’m not sure whether it’s enough to make a DDOS any kind of viable on a server in this configuration.
Do you happen to know how effective the strategy is?
- 0 Posts
- 6 Comments
Joined 2 years ago
Cake day: July 2nd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Server admin here, you can do this in a way that avoids lemmy even knowing anything has changed. Read through all of this and do some googling first if you don’t know the specific commands to use!
First, you need to set the remote volume to automatically mount correctly on system restarts. On Linux, this is done by adding an entry for it to /etc/fstab if one does not exist already. Once done, ‘mount -a’ will mount the volume.
Mount your remote volume to the filesystem and rsync the folder you want to migrate off-server to it. Take the lemmy service offline, rsync again to catch any changes from when you started.
Now, you can move the old folder that lemmy has been using elsewhere - I recommend renaming it by appending “.old” or something.
Next, you need to make a symbolic link. This link should point from the old folder’s original path and point to your remote volume. Once done, make sure everything is there and that file permissions match the ones in your .old folder - file permissions are important and you may need to recursively set them if your lemmy service runs on a different user than you were making these changes with.
Finally, say a prayer to the machine spirit, waft the holy incense, perform the ritual whack with a wrench, and start the lemmy service. Make sure everything is running properly before you walk away!
The only issue you’re likely to run into is that remote volumes are constrained by network bandwidth. This may slow down load speeds, so some kind of CDN caching solution is recommended.
The DFXP file should just be subtitles
The MPD file is most likely the one to work from - I suspect it is set up to reference the local audio and video files. Try opening it in VLC and see if it plays. If so, something like Handbrake should be able to transcode it all to your preferred format.
uBlock Origin and uBlock extension combined give really good ad blocking alone. Combine it with a DNS solution in your router like AdGuard and you won’t have to deal with ads at all.
Simultaneously gives the middle finger to reddit because they live on ads.
This triggers geometry memories with right triangles.
Angle Side Angle
Oh absolutely, I agree with the best practice! I just didn’t know the real world efficacy of dropping packets near the NIC to mitigate DDOS load. There is certainly a performance limit but where that limit exists has been nebulous for me.