First, the industry phenomenon
1.1 Why ***?
Common, is a peer malicious competition, one is extortion.
Whether it is the traditional industry lines at stores, or the Internet industry portal, APP products, there is a competition, competing to get more tourists, investigate its purpose is simply to make money.
What are the symptoms was 1.2 ***?
Under terms of traditional industries line stores, you opened a restaurant, are really doing business, business is also good. These days often have a lot of people into the hotel, but it is not a la carte occupied the position of not spending, or beggars at every turn guarding the door, someone inside the food to eat bugs and so on, this is malicious competition in traditional industries.
Internet industry Similarly, your portal or APP product has been operating normally, have not done a lot to promote the user guide, but suddenly can not access the system, or the death card, technical inspection said that the server traffic surge, causing the server to crash, Ali cloud ECS pulled into the black hole can not be accessed.
Normal users can not use your product, you will naturally feel that your system is unstable, leading to customer churn.
1.3 malicious competition opponent is generally not ***, how did he do it?
- "Billed by" malicious competition initiated by opponents, or extortion Lord, that "the boss";
- "*** who" received orders billing person, *** were operating on the target by technical means, that is, "project manager";
- "Chicken supplier", which provides resources to those suppliers ***, resources or "troublemakers";
Also, this figure only briefly *** chain, as well as other actors do not do in detail here, we'll follow the panel discussion.
Which industries are more likely to be 1.4 ***?
- Game (×××, online games, PW) class
- A color class websites
- Financial
- Virtual currency class
A simple analysis of the above types of trades, they have at least one critical thing in common: money!
Second, the common mode ***
2.1 DDoS***
DDoS *** compromised using a computer on the network as a "chicken", formed by some combination of a large number of "zombie network", is controlled by way of many, while service request to the target system, beyond server carrying capacity, resulting in server technology *** crash.
Simply put, the restaurant is that you carry a maximum of 100 guests consumption inside the shop when malicious people ***, suddenly there are a lot of people crowded into the store, not just from the door to enter, as well as the back door, Pachuang, each every style, leading to the store can not control, and overcrowding, real consumer consumption can not enter the hotel, the last Xiecai.
General DDoS *** There NTP Flood, ICMP Flood, UDP Flood, SYN Flood, DNS Query Flood, etc., because the description is too complex professional, not described in detail here.
2.2 cc***
cc *** The main sub-agents and broiler cc cc, its purpose is controlled by the large number of requests, access to the victim host of legitimate Web page or interface, resulting in server-side application layer (such as the java tomcat) fails to respond, the server CPU for a long time state at 100%, the network bandwidth is fully occupied, and so dragged dead database.
Simply put, when your restaurant is malicious cc ***, suddenly a lot of guests, although they do not Pachuang not copy the back door, but still packed to your door blocked, guests can not enter the real man great, restaurant staff busy, finally Xiecai.
*** This high technical content, did not see the real source IP, see particularly large abnormal traffic, but the server is unable to properly connect. So cc *** costs are relatively high, if not really have any hatred, generally will not last long.
Three, DDoS *** Protection
3.1 understand the principle of DDoS ***
First of all we need to know the most basic site deployment is how to achieve, and then forwards the user to the source server to access your domain names through a browser.
Then we have to understand the principles of DDoS ***, *** them is your source server, that is, your restaurant stores. Because domain names are usually displayed point to the server's ip, that is, your store positioning is exposed to the customer, so *** who can be found directly stores to ***.
3.2 Pre-routing server, the source server protection
So to protect DDoS *** The first step is to protect our source server, do not let the other side know our source server address, plus a front-routing server, usually we use NGINX, Apache and other soft route, deployment As shown below.
3.3 routing server how to do was killed
Above architecture diagram, just to ensure that the source server will not be affected, but the pre-routing servers were killed, users still can not access, so some friends had thought, we find another route server, deploy the following figure.
But in this way, it is necessary to manually re-configure the domain name forwarded into a new routing server, and domain forwarding slowest can take 10 minutes, so some users in a short time can not access the drawbacks of normal existence.
3.4 rich handsome perfect practice
前面讲到的多路由服务器的方式,存在明显的体验差的弊端,那么有没有更好的方式呢?当然有,就是费点钱。比如阿里云,就有他们自己的高防服务,20000元包月,打底30G流量,超出的流量按量付费。
举个例子,这个月,你被***了5次,每次平均流量时100G,那么也就是说,你要额外再出 70G 5 平均小时 的额外流量费用。(我一个搞游戏的朋友被同行恶意***,一个晚上的功夫,就是1万多的超额费用。。。),部署架构图如下。
3.5 想要有阿里云高防IP的服务又想节省成本
阿里云高防IP的做法,其实就是自己做了一套清洗规则,我们百度阿里云高防可以看到,很多竞价排名在前面的都是一些机房,他们的做法跟阿里云的做法原理也是差不多的,并且价格要比阿里云便宜不少,那么靠谱吗?
竞价排名嘛,羊毛出在羊身上,所以对于他们的同行来说,价格肯定也是偏高的,稳不稳定得看口碑了。我们之前做互联网金融的时候,被别人敲诈勒索,最后也是找到一个比较靠谱的机房做的防护,他们24小时在线查处问题,后面也一直处于比较清静的状态。
四、cc***防护
4.1 理解cc***原理
cc***不同于普通的DDoS***,玩的是合法的网络请求,也就是说他就是通过域名网页请求过去的,也是因为他本身就不需要绕过门面直接***源服务器,那么即使加上普通的前置路由服务器,也是没用的。
既然不需要隐式保护源服务器,那要怎么处理呢?
一般cc***都是有策略的,通过识别出当时***的策略,防护修改对应的应对策略即可。(当然,没点专业技术能力的,这个应对策略也是做不到的)
4.2 如何找到专业的cc***策略防护
同样,也是使用类阿里云的高防IP,当服务器被***时,会提示你的服务器当前在被什么策略的cc***,对应的人为在高防管理后台修改防护策略即可应对。
The other is in front of that room, they are also the same way, just because access to the engine room, the *** is the object of their servers, so let them modify their strategies to deal with room enough, you need only observe you whether customers can access normal can be.
V. Protection mode the user experience and cost comparison table
| Protection mode | user experience | Cost price | Labor cost | Degree of stability |
|---|---|---|---|---|
| Multi-routing server front | Some users can not access a short time, experience the difference | Standby mode, the standby time needs to be re-provisional application, low cost | Slightly higher | general |
| Ali goes high anti-IP | User experience is basically no perception | 20000 security at the end 30G, the cost is very high | less | stable |
| Fly IDC room | User experience no effect | About 3,000 security at the end 50G, elastic free to 100G, lower costs | less | stable |
My Blog
Technology Exchange
