In light of the Kiwi Farms situation this is a discussion that we really need to have, and I think the demographic of this community in particular makes it a really good place to talk about this. I'm hoping that this thread can be of use to the admins of this site, and maybe even Kiwi Farms or anyone looking to keep a website up in the face of the kind of concerted troon attacks that Kiwi Farms is experiencing. I wanted to ask our more technically inclined users:
a) Is troon proofing a website possible?
b) If so how do you do it?
My understanding is that you need your own servers, a domain name, DDoS protection, and a way to protect against hackers. But this isn't my area of expertise and I may be missing something. In any case it would be necessary to troon proof every link in the chain. I'm interesting to hear what the community thinks about this.
As long as you have multiple redundant failover hosts on encrypted disks, using colocated servers or VPS should be fine.
What the Pirate Bay has been doing apparently is that they locate their servers on multiple redundant commercial instances but tunnel to them by VPN from a "front door" that the public reaches through the public URL. The hosting providers normally don't know that they are hosting the Pirate Bay and when a hosting instance is occasionally shut down, the other redundant instances pick up the slack.
That's exactly what I mean, yes. I remembered reading their methodology before. Forgot to mention the VPN part.