Today I met a customer whose server was entered into the Alibaba Cloud black hole by DDos. Friends who heard about the black hole for the first time will be embarrassed, no
Overwhelmed. What is a black hole? The cloud server has suffered a DDOS attack and entered a black hole, what should I do? Listen to Mr. Ant slowly speaking
1: What is a "black hole"?
Black hole refers to that when the server's attack traffic exceeds the black hole threshold of the local computer room, the cloud computing service provider blocks the server's external network access. when the server
After entering the black hole for a period of time, if the system monitors that the attack traffic stops, the black hole will be automatically unblocked.
2: What should I do if I have entered a "black hole"?
Since the black hole is a service purchased by major cloud computing service providers from operators (China Unicom, China Telecom, China Mobile), and the operators have no control over the black hole release time.
There are strict restrictions on the frequency and frequency, so the black hole status cannot be manually released, and it is necessary to wait patiently for the system to automatically unblock.
3: Why is the "black hole" strategy needed?
DDoS attacks not only affect the victims, but also seriously affect the entire cloud network. Moreover, DDoS defense requires cost, the most
The biggest cost is the bandwidth fee.
Bandwidth is purchased by cloud computing service providers from operators such as China Telecom, China Unicom, and China Mobile. Operators will not take DDoS attacks into account when calculating bandwidth fees.
The traffic is washed away, but the bandwidth fee of the cloud computing service provider is directly charged.
Cloud computing service providers will try their best to defend their users against DDoS attacks for free while controlling costs, but when the attack traffic exceeds
When the threshold is reached, the cloud computing service provider will block the traffic of the attacked IP to reduce the bandwidth cost of the cloud computing service provider.
4: How long does it take for the black hole to automatically disarm
The service provider generally defaults to a black hole duration of 2.5 hours, and unblocking is not supported during the black hole period. The actual black hole duration depends on the attack situation, ranging from 30 minutes to 24 hours
wait. The duration of a black hole is mainly affected by the following factors:
Whether the attack continues. If the attack continues, the black hole time will be extended, and the black hole time will be recalculated from the extended moment. Whether the attacks are frequent, if a user
If it is the first time to be attacked, the black hole time will be automatically shortened; on the contrary, users who are frequently attacked are more likely to be attacked continuously, and the black hole time will be automatically extended.
5: What should I do if the cloud server is entered into a black hole by ddos
The website uses CDN to protect the website server from being attacked. The method of using CDN is also very simple and fast. Configure and bind the website domain in the CDN background
Name and website server ip will automatically generate a resolution record value, and then the website domain name can be resolved to this record value, because the website domain name is not resolved
Analyze the ip of the website server, so the ip of the website server will not be exposed to the public network, and hackers will not be able to know what the ip address of the website server is.
Can't attack the website server!
Step 1. To use Anti-DDoS Pro CDN, users need to configure and bind the website domain name and website server IP in the background. After the configuration and binding are completed, a cname will be automatically generated.
record value, modify the website domain name resolution, and resolve the website domain name to the cname record value specified by the CDN to use, because the website domain name has not been resolved to the network
The website server IP, so the website server IP will naturally not be exposed on the public network, and other people will not be able to know what the website server IP is.
②, Anti-Defense CDN nodes are deployed in various regions. After using Anti-Defense CDN, visitors can visit the website after accessing the CDN nodes. Smart dns will automatically allocate nodes
Let visitors connect to the node with the fastest response speed, and solve the problems of network bottlenecks, congestion, delays, etc. that affect access speed due to cross-region and cross-operator.
③. The content of the website is distributed to the nodes deployed by the CDN in each region. The high-defense CDN caching technology caches all cacheable content on the CDN nodes.
When visitors visit the website, they do not need to request data from the website server. When the content visited by the visitor is not available on the CDN node, the data will be requested from the website server, which reduces network traffic.
A lot of access pressure on the website server.
Fourth, after using Anti-DDoS Pro CDN, the website server is hidden in the backend. Attackers cannot attack the website server, but can only attack the CDN nodes deployed at the frontend.
When attacking traffic is detected, it will be automatically intercepted and cleaned, and targeted defense strategies can be carried out according to different website program attack methods
It is more effective to defend against attacks, and even in the case of attacks, it will not affect website access.
Even the high-defense server will still enter the black hole when the attack exceeds the limit, but using CDN can not only protect the website server from being attacked, but also provide
Improve website access speed, hide real IP and other benefits. To enter the black hole, the main reason is that the rented server has no defense or is killed, and then enters the black hole for 6 hours+, basically
There is no solution! If this happens, solve it as soon as possible. Otherwise, if it occurs repeatedly once or twice, no matter how many customers are, it will be almost enough. And since others are willing to fight, it is violent
To benefit the industry, spend money to defend in advance, once and for all. Only when the website is stable can customers be held firmly and firmly!
6: The YI security team recommends three security defense solutions
Solve the problem within half an hour
Defense plan 1: Then use our Anti-Ant IP to hide the real IP of the game, perform ddos/cc attack protection, game acceleration protection, and players in our cloud protection
Play within the intranet, so that your server can ignore any attacks.
Defense scheme 2: Using our three-dimensional defense system, the IP address of the customer's real server can be hidden, and each node will become the shield machine of the customer server and be blocked
The attack can only be the node, and since there are multiple nodes as the shield machine, even if the attack is very strong and lasts for a long time, even if there is still one node
If the server is alive, the attack cannot hit the real server of the customer, and there are many spare nodes. Once a node goes down, the downtime monitoring system will
The standby node will be started immediately, which ensures that the game and website will not hang up.
Defense scheme three: Ant Shield is a security protection engine specially designed to solve ddos attacks and cc attacks. After your application is integrated with Ant Shield, Ant Shield will
Once it enters the running state, we will assign a different ip to each user, thousands of people face each other, and each person has one ip. When a hacker launches an attack, only he is affected
At the same time, Ant Shield can accurately identify hackers and directly pull them into the blacklist. In this way, hackers will not be able to obtain a new ip, and can only replace the mobile phone or computer.
This principle can not only eliminate hackers, but also ignore their attacks without affecting other users.
In addition, website protection, high defense server, special price server, server operation and maintenance are all our expertise, high defense server, game server, server rental, rental