Comment by immibis
2 years ago
As a hobbyist, dealing with load consists of upgrading your $5 VPS to a $10 VPS or even a $50 dedicated server from Hetzner(!) - note that *no* other provider has dedicated servers at this price point.
WAFs are heuristics at best. If what you're running on your server is actually secure, you don't need a WAF. If it's not secure, the WAF is guaranteed to let through at least one attack.
CAPTCHAs are difficult. Try to avoid depending on them, but it's fair to use a third-party service if you need one. hCaptcha is pretty easy to integrate right now.
OVH absolutely does have dedicated servers at this price point, and below - check out their Eco range (previously SoYouStart) or even Kimsufi. Leaseweb often does as well, although they have not been as good a deal recently from my perspective (and can cost more for transfer).
If someone tries to send you more traffic than your link supports, your only way to survive it is if your provider can filter it. Cloudflare will actually do a decent job of that even on the free plans.
"Survive" is hyperbolic. If someone DDoSes your $5 website and it is down for a day until you sign up for Cloudflare, you do not literally die. You do not need to sell everyone's 24/7 browsing history to Cloudflare to keep your heart beating.