Home > other >  Ali cloud server was attacked by CC, by hackers to blackmail buy server, response to ali cloud, ali
Ali cloud server was attacked by CC, by hackers to blackmail buy server, response to ali cloud, ali

Time:11-23

Ask next everybody, CC attack any good prevention measures? With the lock of cloud, a small amount of attack are ok, rear guard,
IIS log, there is a lot of from all over the world simulation baidu spider IP access, multiple simultaneous connections when 3, 4 m, PV, statistical millions (which is accumulated millions of times a page request, leading to normal access denied) normal PV is also a day for 3, 4 m

Look at the picture



# Fields: the date time s - sitename s - computername cs - s - IP method cs - uri - stem cs - uri query - s - port cs - username - c - IP cs - version cs (the user-agent) cs (cookies) cs (Referer) cs - host sc - the status of sc - substatus sc - win32 - the status of sc - bytes cs - bytes time - seems
The 2019-03-10 09:54:06 W3SVC2 XXXX XXX. XxxxxGET/HTTP/1.1-80-39.108.60.172 Mozilla/5.0 + (compatible; + Baiduspider render/2.0; + + http://www.baidu.com/search/spider.html) - http://xxxxxx.cn/XXXXXXX. Cn 403 0 0, 1317, 312, 894

Poking fun at ali cloud service, also only you find him to tell you to put the IP sealing off, that tens of thousands of IP, how do I seal? Don't let you buy web firewalls, high server, don't buy a attack will give you into the black hole,

Even if the attack is a world difficult problem, there is no one attack let people have to spend money to buy 1, 2, one thousand months of server? Other what all don't want to, smile is a rich way,
This rented a shop at the mall with me, and then the somebody else to protection fee, you pay I give you 10 security guards, and then if I'm tube to 11 gangsters: no, what's the difference?

CodePudding user response:

It is better to:
1. Change the domain name and server IP, let the attacker lose real goal, the real business systems, especially the interface need to be replaced, let a person imperceptible,
2. The deployment of honeypot machine: in the honeypot to imitate the business system and is the same as the original, the original server domain name and IP, let the attacker DDOS attacks to the wrong target,


The most of to apply for a domain name, compared with 1, 2, one thousand months of high cost is much lower,

CodePudding user response:

The original poster can use WAF firewall,
1. The WAF have source station IP hidden function, WAF for CC attack security help you protection against page request CC attack,
2. You can use the prepaid (3880 yuan/month), a year 87 fold,

CodePudding user response:

Compared with ali cloud cloud shield their company as long as it is better to Shanghai to buy the product is 7 * 24 hours online artificial prices and ali's about the same service experience is a bit better,,, I give you the contact to

CodePudding user response:

You stand naked directly in the outside? Don't do any waf? Use NGINX + Openresty and unixhot_waf Lua can write their own rules

Cooperate with nginx reqlimit

CodePudding user response:

Now there are a lot of companies can be done on the basis of the original set protocol, or booster IP, attack can choose according to flow or according to time of payment

CodePudding user response:

Can look for special CC attack tactics, don't buy, I know there is a free, can put forward the overall solution, a year a total of tens of thousands of pieces, price is pretty high,

CodePudding user response:

After the cloud is also on all kinds of headaches, alas,,,

CodePudding user response:

Suggest using HuaQing letter of TDR, our company also encountered similar problems, whether WAF, DDOS, blackmail virus can be defensive, the key is the price is low,

CodePudding user response:

Ali's host not to earn money, is mainly by security