The Mission At cloud.ng, security isn't just a feature; it's a necessity. I was tasked with deploying a secure Nextcloud instance and building a custom Anomaly Detection Engine to protect it from DDoS attacks and suspicious traffic. The Architecture I deployed Nextcloud and Nginx using Docker. Nginx acts as the gatekeeper, logging every request in JSON format. My detection engine, built in Python, monitors these logs in real-time to identify and block threats before they reach the application. The Brain: How it Works The engine uses two core mathematical concepts to separate real users from bots: The Sliding Window To keep the tool lightweight and responsive, I implemented a Sliding Window using Python's collections.deque. The engine only remembers the last 60 seconds of traffic. As new requests come in, old timestamps are "evicted." This ensures the tool reacts to sudden spikes in the moment, rather than being biased by old data.…