How I Built a Real-Time DDoS Detection Engine for Nextcloud from Scratch Introduction Imagine you're running a cloud storage platform used by thousands of people around the world. One day, your boss walks in and says: "We've been seeing suspicious traffic. Build something that detects and blocks attacks automatically." That's exactly the challenge I faced. In this post, I'll walk you through how I built a real-time anomaly detection engine that watches HTTP traffic, learns what normal looks like, and automatically blocks attackers — all without using any third-party rate-limiting libraries. By the end of this post, you'll understand: How sliding windows track request rates in real time How a baseline learns from your own traffic patterns How z-score math decides if something is an attack How iptables drops malicious IPs at the kernel level What Does the Project Do?…