Securing cloudron against ddos attacks?

@loudlemur hmm my server's just hit by DDoS and it consumed 1TB bandwidth. If we only use Cloudflare free and VPS that has anti DDoS feature (like Hetzner or Netcup) but the server still down. Is there effective way to mitigate this situation?

@nebulon I think because of storage problem, but it's already fixed. Thank you Nebulon and Robi.

@robi no brother, but it solved when I restored to the latest backup. And I don't why it can run smoothly.

Hi everyone,

I’d like to ask about a LAMP app that won’t start and always shows “Not responding.”

This started when my server storage became full. I have since upgraded the storage, and I later realized the backups were being stored on the local server.

After that, one of my LAMP apps still wouldn’t run and kept showing “Not responding.”

I then deleted the backup files from the local server. However, even though the storage is no longer full, the app still won’t start.

This is cloudron-troubshoot information:

Vendor: QEMU Product: Standard PC (i440FX + PIIX, 1996)
Linux: 6.8.0-106-generic
Ubuntu: noble 24.04
Execution environment: kvm
Processor: AMD EPYC 9654 96-Core Processor
BIOS pc-i440fx-10.1  CPU @ 2.0GHz x 3
RAM: 8131136KB
Disk: /dev/vda1        15G
[OK]    node version is correct
[OK]    IPv6 is enabled in kernel. No public IPv6 address
[OK]    docker is running
[OK]    docker version is correct
[OK]    MySQL is running
[OK]    netplan is good
[OK]    DNS is resolving via systemd-resolved
[OK]    unbound is running
[OK]    nginx is running
[OK]    dashboard cert is valid
[OK]    dashboard is reachable via loopback
[FAIL]  Database migrations are pending. Last migration in DB: /20260217120000-mailPasswords-create-table.js. Last migration file: /package.json.
        Please run 'cloudron-support --apply-db-migrations' to apply the migrations.
[OK]    Service 'mysql' is running and healthy
[OK]    Service 'postgresql' is running and healthy
[OK]    Service 'mongodb' is running and healthy
[OK]    Service 'mail' is running and healthy
[OK]    Service 'graphite' is running and healthy
[OK]    Service 'sftp' is running and healthy
[OK]    box v9.1.3 is running
[OK]    Dashboard is reachable via domain name

Any idea what might be causing this? This is the first time I’ve run into this issue.

Thanks in advance.

I’m thinking the same as @robi.

I tried asking Google Gemini to propose a design that surfaces key actions like Start, Stop, Restart, and Retry Task.

Directly on the main page, so we don’t have to open the app just to access them.

Grid view:

List View:

I am not sure I may have found a bug in Cloudron version 9.1.0.

I previously used TOTP and then switched to Passkey. After that, in Login Tokens, I clicked “Log out from all.”

What happens is that after a short while, my account is prompted to set up the passkey again. This is now the second time I’ve had to set up a passkey.

Is this a known issue or a bug?

@timconsidine said in What's Your Antivirus Recommendation?:

@IniBudi said in What's Your Antivirus Recommendation?:

I got a new insight here. I don't recognize that Mac and iOS are better than Windows and Android in terms of malware infection.

Well Mac and iOS are not immune - best approach is AV is still needed - but I think it is fair to say that they are less targeted and more robust.

My 'ha ha ha' comment was not intended as gloating, but scepticism. Hope I did not give the wrong impression.

Thank you, yes I got your points.

I ask this question because I believe you and other members here are more experience and expert than me.

So every comments will be good insight for me non tech guys.

@timconsidine said in What's Your Antivirus Recommendation?:

@IniBudi I took Sophos as a personal but multi device plan. Years ago. Seems to have rolled on.

I use Mac and iOS so no viruses there (ha ha ha).
But I need to review.

Don’t generally use android but just got new tablet, so need to review for that.

Haha, thank you.

I got a new insight here. I don't recognize that Mac and iOS are better than Windows and Android in terms of malware infection.

One day, I need to switch to iOS. Currently, I'm using Windows 11 (office laptop), and my personal devices are Mac and Android.

@humptydumpty said in What's Your Antivirus Recommendation?:

@IniBudi said in What's Your Antivirus Recommendation?:

Bitdefender, Kaspersky, or Norton. WDYT?

It's all about resource usage as some will noticeably slow down your device. Avoid Norton at all costs. Bitdefender is good. Kaspersky is/has Russian ties. Eset was my favorite back in the day due to how lightweight it was and pricing fit my student budget. Malwarebytes free is what I use nowadays, but if you're looking for real-time protection then get one of their premium plans. If I wasn't tied to Windows due to my CAD software requirements, I would have switched to Linux or Mac. Like Tim, I also have an iPhone so I'm covered on that end. I don't use any AV on my CR servers. There are some discussions about this on the forum if you're interested.

Thank you for the recommendation and your valuable insight! I read these reports, and your statement is similar to these reports:

• https://www.av-comparatives.org/tests/summary-report-2025/
• https://www.av-test.org/en/antivirus/home-windows/
• https://www.av-test.org/en/antivirus/mobile-devices/

@necrevistonnezr said in What's Your Antivirus Recommendation?:

@humptydumpty said in What's Your Antivirus Recommendation?:

Kaspersky is/has Russian ties.

In Germany, you use it anymore in a business context due to the offical warning of the Federal Office for Information Security (BSI), as such use against a warning would not be considered "state of the art".
https://www.heise.de/en/news/BSI-Warning-against-Kaspersky-products-still-valid-after-US-sanctions-9777484.html

Ah, I see, it's not only about product benefit, but it's more than that, I mean, it's talking about compliance risk.

@timconsidine said in What's Your Antivirus Recommendation?:

I use Sophos, for my Mac desktop and laptop. I probably need to review this so I’m interested in others’ answers.

Sophos if I am not mistaken it's only for enterprise, right? What's your consideration using Sophos?

@robi said in What's Your Antivirus Recommendation?:

Eset when needed, mostly not necessary.

What's the OS that you're using? So, you don't need AV on smartphone and laptop?

@humptydumpty said in What's Your Antivirus Recommendation?:

Malwarebytes free on windows. It detected a sneaky and persistent cryptomining malware that windows security missed. You get the occasional notification ad to buy a subscription and a reminder that it hasn’t scanned recent downloaded files. Other than that, no complaints.

Yes, I also used Malwarebytes but I consider other AV like Bitdefender, Kaspersky, or Norton. WDYT?

Hi All,

I'd like to know your AV recommendation for Windows, Mac, iOS, or Android that you're currently using.

And what's the consideration using the AV vendor? And do you use AV for Cloudron server?

Thank you for your insight!

@fbartels thank you, it's good news

I’d like to ask about using Actual Budget. For example, let’s say I install the Actual Budget app on a subdomain.

I’ve enabled OpenID so that other Cloudron users on my server can access it.

My question is, if I wanna track finances together with my wife, is that possible?

I’d really appreciate any experiences from anyone here who has used Actual Budget or any other apps for shared financial tracking.

Thank you.
Regards.

Thank you @nebulon

@potemkin_ai is the script still relevant on the latest version of Cloudron?

Hi @timconsidine, thank you for your efforts in making CCAI. However, is there any tutorial video on how to install it and update the application if we use CCAI? So, the newbie like me can understand the whole process.

Hi @joseph, I just followed the Vaultwarden instructions to set up Cloudron OIDC.

Here is the reference:
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect

• Set up SSO on Vaultwarden Admin Dashboard

• Create OpenID Clients
  Add your login callback URL

https://vaultwarden.example.tld/identity/connect/oidc-signin

• Make sure your email is the same as your user email on Cloudron.

Login you can log in using SSO.

@joseph I just tested, and now I can use the SSO login. Thank you @james and @vladimir.d

I came across Safeline through a Meta Ads. The ad was run by a web dev based in Indonesia who offers a course on how to secure WordPress websites against hacking.

After reviewing the course modules listed on the landing page, I noticed that Safeline was mentioned and that it can be integrated with Cloudflare.

This caught my interest, so I decided to do some research.

I then looked into third-party benchmarks and evaluations of Safeline’s protection capabilities and found the following articles:

• https://dev.to/carrie_luo1/the-6-best-web-application-firewalls-compared-2024-1d9l
• https://medium.com/@tvvzvpb186/which-open-source-waf-really-delivers-a-head-to-head-benchmark-37631e08fb7f

Based on the benchmark data presented in those articles, Safeline appears to perform well in blocking common web application attacks.

That said, this is purely based on third-party analysis. I have not personally used Safeline in a production environment yet.

I should also mention that I am not an IT developer or sysadmin by profession. My background is primarily in digital marketing, so I fully understand that many people in this forum have far deeper technical expertise than I do.

That said, I find Safeline interesting due to its feature set and open-source offering, which prompted me to explore it further and request the app here.

• Main Page: https://github.com/chaitin/safeline

• Git: https://github.com/chaitin/safeline

• Licence: GPL-3.0 license

• Dockerfile: ?

• Demo: https://ly.safepoint.cloud/hSMd4SH

• Summary

Safeline is a self‑hosted Web Application Firewall (WAF) designed to sit in front of your web applications and shield them from a wide range of web attacks and exploits. Acting as a reverse proxy, Safeline inspects, filters, and monitors HTTP(S) traffic before it ever reaches your apps.

• Alternative to / Similar tools

Safeline can be seen as an alternative or complement to:

• Cloudflare WAF / other SaaS WAFs

• ModSecurity / OWASP Core Rule Set

• NAXSI

• Imperva, F5 WAF, etc. (commercial solutions)

• Screenshots

@7dowWilkes If I am not mistaken, you can configure it from the DNS level, let's say you're using Cloudflare, so you don't have to create an app to handle MTA-STS for your email. CMIIW.