CC attacks are more difficult to defend against than ordinary DDoS attacks. CC attack traffic is not large, but it takes up the CPU resources of the server. The IPs from CC attacks are real and dispersed. The data packets are all normal data packets, and the attack requests are all valid requests and cannot be rejected. The specific performance is as follows: the server can be connected and pinging is no problem, but the web page and server management background cannot be accessed, and there is no particularly large abnormal traffic. However, if it lasts for a long time, it can still cause the server to be unable to connect normally, which is very harmful. . Principle of CC attack: The principle of CC attack is that the attacker controls some hosts to continuously send a large number of data packets to the other server, causing the server to exhaust its resources until it crashes. CC is mainly used to consume the CPU resources of the server. Everyone has this experience: when a large number of people visit a web page, opening the web page will be slow. CC simulates multiple users (as many threads are as many users). Continuously accessing pages that require a lot of data operations (that is, a lot of CPU time) causes a waste of server resources. The CPU is at 100% for a long time, and there are always unfinished connections until the network is congested and normal access is suspended. .
Several solutions on how to prevent CC attacks on servers, simple, effective, real and reliable:
1. Method 1. Use CDN: CDN is similar to a load balancer. The difference is that CDN does not have high requirements for source server configuration. If an ordinary CDN wants to defend against CC attacks, it needs to cache all website content to CDN nodes to make CC attacks as easy as possible. Fewer requests enter the server, thereby preventing CC attacks. However, CC attacks will generate a large amount of traffic. If your CDN is billed by volume, please use it with caution. If you are not careful, a large amount of fees will be incurred, resulting in Serious economic losses. Someone once used Tencent and Alibaba's CDN and owed tens of thousands of yuan overnight. Tencent CDN anti-CC settings are more detailed. IP access frequency limit setting, a single IP limit is 10QPS~60QPS per second, try to set it reasonably, otherwise access will be impossible. The per-second limit prevents harvesting and CC attacks. Usage capping configuration allows you to configure instantaneous usage and bandwidth usage. Bandwidth bursts are not large and are set based on the size of the website traffic. You can also set cumulative usage and return 404 when it reaches 300M every 5 minutes.
2. Method 2, Pagoda Linux panel settings, simple and effective. The server is installed with a Linux panel + nginx firewall. The professional version is used, and the free version can also be defended. Open the Nginx firewall and select Global Configuration>>CC Defense Rules. If you receive a large number of attacks, select IP as the request type and set it to 10 times per 10 seconds on weekends. This can prevent 99% of CC attacks.
IP mode. Nginx firewall CC defense rules: Select the website in the site configuration of Nginx firewall and check the CC defense box. If you added a CDN , remember to check the CDN box, otherwise the website cannot be opened.
3. Method three, hardware configuration. This point complements the second method. CC attacks mainly occupy CPU resources. CPUs with a large number of cores have an advantage in directly defending against CC under naked IP! Finally, website staticization and JS verification are not very friendly to CC attacks, because CC attacks will request your server, and even if the content is empty, it will occupy server resources. This article is applicable to the US high-defense VPS cloud server , 500G DDOS defense VPS cloud server , which can easily prevent CC attacks.
- Original link: https://2bcd.com/1895.html