Joke Collection Website - Blessing messages - Is ddos still useful after it is closed? Is it still useful after closing ddos in Zhihu?
Is ddos still useful after it is closed? Is it still useful after closing ddos in Zhihu?
The biggest headache of the website is being attacked. Common server attacks mainly include these categories: port penetration, port penetration, password cracking and DDOS attacks. Among them, DDOS is one of the most powerful and difficult attacks at present.
So what is a DDOS attack?
Attackers forge a large number of legitimate requests to the server, occupying a large amount of network bandwidth, resulting in paralysis of the website and inaccessible. Its characteristic is that the cost of defense is much higher than that of attack. A hacker can easily launch 10g and 10g attacks, but the cost of defending 10G and 10G is very high.
At first, people called DDOS attack a denial of service attack. Its attack principle is: if you have a server and I have a personal computer, I will use my personal computer to send a lot of junk information to your server, which will block your network, increase your data processing burden and reduce the efficiency of server CPU and memory.
However, with the development of science and technology, one-on-one attacks like DOS are easy to defend, so DDOS-distributed denial of service attack was born. Its principle is the same as DOS, but the difference is that DDOS attacks are many-to-one attacks, and even tens of thousands of personal computers attack a server at the same time, which eventually leads to the paralysis of the attacked server.
Three common attack methods of DDOS
SYN/ACKFlood attack: the most classic and effective DDOS attack, which can kill network services of various systems. Mainly by sending a large number of SYN or ACK packets with forged source IP and source port to the victim host, the host's cache resources are exhausted or busy sending response packets, resulting in denial of service. Because the sources are forged, it is difficult to trace, but the disadvantage is that it is difficult to implement and needs the support of high-bandwidth zombie hosts.
TCP full connection attack: This attack is designed to bypass the inspection of traditional firewall. Under normal circumstances, most conventional firewalls have the ability to filter DOS attacks such as TearDrop and Land, but they will let go of normal TCP connections. I don't know that many network service programs (such as IIS, Apache and other Web servers) can accept a limited number of TCP connections. Once there are a large number of TCP connections, even if they are normal, the website access will be very slow or even inaccessible. TCP full connection attack is to establish a large number of TCP connections with the victim server through many zombie hosts until the server's memory and other resources are exhausted and dragged across, resulting in denial of service. The characteristic of this kind of attack is to bypass the protection of general firewall and achieve the purpose of attack. The disadvantage is that many zombie hosts need to be found, and this DDOS attack method is easy to be tracked because of the IP exposure of zombie hosts.
Brush script attack: This attack is mainly aimed at the website system with ASP, JSP, PHP, CGI and other scripts. And call MSSQLServer, MySQLServer, Oracle and other databases. Its characteristic is to establish a normal TCP connection with the server, and constantly submit queries and lists to the script, which consumes a lot of database resources. The typical attack method is small and wide.
How to defend against DDOS attacks?
Generally speaking, we can start with hardware, a single host and the whole server system.
I. Hardware
1. Increase bandwidth
Bandwidth directly determines the ability to resist attacks, and increasing bandwidth hard protection is the theoretical optimal solution. As long as the bandwidth is greater than the attack traffic, it is not afraid, but the cost is high.
2. Upgrade the hardware configuration
On the premise of ensuring network bandwidth, try to upgrade the configuration of hardware facilities such as CPU, memory, hard disk, network card, router and switch, and choose products with high popularity and good reputation.
3. Hardware firewall
Put the server in the computer room with DDoS hardware firewall. Professional firewalls usually have the function of cleaning up and filtering abnormal traffic, and can resist traffic DDoS attacks such as SYN/ACK attacks, TCP full connection attacks and brush script attacks.
Second, a single host.
1. Fix system vulnerabilities in time and upgrade security patches.
2. Shut down unnecessary services and ports, reduce unnecessary system add-ins and self-startup items, minimize processes in the server, and change the working mode.
3、iptables
4. Strictly control the account authority, prohibit root login and password login, and modify the default port of common services.
Third, the whole server system.
1. Load balancing
Load balancing is used to distribute requests evenly to all servers, thus reducing the burden on a single server.
2、CDN
CDN is a content distribution network built on the network. It relies on the edge servers deployed in various places, and through the distribution and scheduling function module of the central platform, users can get the required content nearby, which reduces network congestion and improves the response speed and hit rate of users' access. Therefore, CDN acceleration also adopts load balancing technology. Compared with high-security hardware firewall, CDN is more reasonable, and multiple nodes share the infiltration traffic. At present, most CDN nodes have 200G traffic protection function, and with the protection of hard defense, it can be said that they can cope with most DDoS attacks.
3. Distributed cluster defense
The characteristic of distributed cluster defense is that each node server is configured with multiple IP addresses, and each node can withstand DDoS attacks not less than 10G. If a node is attacked and cannot provide services, the system will automatically switch to another node according to the priority setting, and all the attacker's packets will return to the sending point, paralyzing the attack source.
What should I do with CompleteTheSecurityCheckToAccess?
Solution:
1. Take IE as an example: select Tools menu-Internet option;
2. Select the Security tab, uncheck Enable Protection Mode, and then click OK;
3. restart IE. When you open a website, it shows the reason why you can't access it until you complete the security check: This is because the website you visit has an anti-dos system. In order to prevent DDOS attacks, it means that your public IP requests the website many times, which is considered as an attack by the system, so let you enter the verification code to prove that you are a human operation rather than a machine. This happens mostly in companies, because there are more than N computers using a public network IP. If not, please check whether the computer is infected with virus and install the latest antivirus software.
Do I need to turn on the light cat to prevent dos attacks?
Generally speaking, ddos attacks are common attacks on the network, which will cause serious problems to users and devices. Although ddos attacks are not personal, it is recommended to turn them on.
Optical cat originated from optical fiber+modem (commonly known as "cat"), and the technical term is optical modem. Now the network is all fiber-to-the-home, and then the optical cat of the network operator can surf the Internet.
Why is the Monkey Island Forum closed?
As a free game exchange forum, the Monkey Island Forum has tens of millions of users, so there are bound to be criminals making profits in the forum, which leads to a lot of plug-in communication in the Monkey Island Forum.
Be involved in external storms many times. On March 20 10, the website was unable to log in for several days because gamers used DDOS to attack the website, and then the Monkey Island Forum closed some sections where plug-ins were rampant before reopening. The reason why this forum is closed may be related to this.
How to set dns security?
Operating steps/methods
1. Double-click the 360 security browser on the computer desktop to start the software.
2. Click the three bar markers in the upper right corner of the browser.
3. Click the setting options in the pop-up menu list.
4. Click the Security Settings option on the left navigation bar.
5. Find the option to turn on DNS security resolution in the core security protection on the right.
6. Select the checkbox option for this option.
- Related articles
- How to authenticate Unicom mobile phone business hall? Schematic diagram of real-name registration steps of Unicom mobile phone business hall
- Is there two sides to the agent recruitment of ICBC?
- Kanglaisi product introduction
- Angela Zhang information
- Translation of an English short message. thank you
- Why doesn't Xiaomi Pay support ICBC, ABC and BOC?
- Wechat error sent for more than 2 minutes. How to evacuate?
- How to write a job transfer application
- Send me a message 10000.
- Why do Apple's short messages always have repetitive content?