Supposing that they, y’know, try to keep their setups secure anyway. With how much you see about breaches of different sites, it’s hard to imagine individuals and smaller groups being able to keep their stuff secure.
Although, they may also benefit from being lower value targets in some respects, I suppose?
The vast majority of self hosted users would not be able to respond effectively to a coordinated or sophisticated attack. You might block off large swaths of domains, blocking big IP blocks, etc; but unless you are serving a very small number of users (White lists vs black lists) you’ll be fighting an uphill battle if someone decides to start going after your instance.
Usually selfhosters would have to talk to the upstream provider in case of DDoS attacks so the load can be shed or blackhoked
Yeah dude, good luck. Try getting actual ddos support from aws/cloudflare/azure without a paid SLA.