How I Built a Real-Time DDoS Detection Engine from Scratch If you have ever wondered how services detect and block DDoS attacks in real time, this post breaks it down using a project I built for the HNG DevSecOps programme. No fancy libraries. No Fail2Ban. Just Python, math, and iptables. What the Project Does I built a daemon that runs alongside a Nextcloud server and watches every single HTTP request coming in through Nginx. When it detects unusual traffic from a single IP or a global spike, it automatically blocks the attacker using iptables and sends a Slack alert within 10 seconds.…