On the evening of August 25th, the launch of the "Nut mobile phone" of the Hammer was postponed for some reason, there were a lot of mistakes in the PPT, and the red envelope grabbing failure. It is reported that the server of the official website of the Hammer suffered a malicious DDoS attack of dozens of gigabytes of traffic, and the on-site PPT was also made temporarily. Write and use, a good press conference was embarrassed by a DDoS attack.
DDoS attacks are very harmful and difficult to prevent. They can directly lead to website downtime, server paralysis, loss of authority, brand shame, property loss and other huge losses, which seriously threaten the development of China's Internet information security.
Figure: Diagram of a DDoS attack
With the raging spread of DDOS attacks on the Internet, DDoS prevention has become more difficult. The data shows that in Q2 this year, DDoS attacks hit a new record, with a year-on-year increase of 132%. Among them, the largest DDoS attack had peak traffic exceeding 240 Gbps and lasted for more than 13 hours. At present, hackers even put a price tag on the attack, and it only costs 50 yuan to send 1G of traffic to a website for one hour. The cost of DDoS is so low, and no one cares if it is attacked. So, what measures should the majority of website users take for effective defense? Below I will introduce the basic methods of defending against DDoS attacks .
1. Ensure the security of the server system
The first thing to do is to ensure that the server software does not have any vulnerabilities to prevent attackers from entering. Make sure the server is up-to-date with security patches. Remove unused services on the server, closing unused ports. For websites running on servers, make sure they have the latest patches and no security holes.
2. Hide the real IP of the server
The front end of the server is added with CDN transit (for free, there are Baidu Cloud Acceleration, 360 Website Guard, Accelerator, and Anbao, etc.), if you have sufficient funds, you can buy a high-defense shield to hide the real IP of the server, and use CDN for domain name resolution. IP, all resolved subdomains use the CDN's IP address. In addition, other domain names deployed on the server cannot be resolved using real IP, and all are resolved using CDN.
In addition, to prevent the server from leaking IP when transmitting information to the outside world, the most common thing is that the server does not use the sending email function. If you have to send emails, you can send them through a third-party proxy (such as sendcloud), so that the IP displayed to the outside world is the IP of the proxy.
In short, as long as the real IP of the server is not leaked, the prevention of DDOS with small traffic below 10G does not cost much, and the free CDN can handle it. If the attack traffic exceeds 20G, then the free CDN may not be able to withstand it, and you need to buy a high-defense shield to cope with it, and the real IP of the server also needs to be hidden.