ProHoster > Pūnaewele > Nā Administration > Mai wehe i nā awa i ka honua - e uhaʻi ʻia ʻoe (pilikia)

Mai wehe i nā awa i ka honua - e uhaʻi ʻia ʻoe (pilikia)

Mai wehe i nā awa i ka honua - e uhaʻi ʻia ʻoe (pilikia)

ʻO ka manawa a me ka manawa, ma hope o ka hana ʻana i kahi loiloi, i ka pane ʻana i kaʻu mau ʻōlelo aʻoaʻo e hūnā i nā awa ma hope o kahi papa inoa keʻokeʻo, ua hālāwai wau me kahi pā o ka hoʻomaopopo ʻole. ʻO nā admins maikaʻi loa / DevOps nīnau: "No ke aha?!?"

Manaʻo wau e noʻonoʻo i nā pilikia ma ke ʻano iho o ka hiki ʻana mai a me ka pōʻino.

  1. Kuwaho hoʻonohonoho
  2. DDoS ma luna o IP
  3. Ka ikaika ʻino
  4. Nā pilikia lawelawe
  5. Nā nāwaliwali o ka hoʻopaʻa kernel
  6. Hoʻonui ʻia nā hoʻouka kaua DDoS

Kuwaho hoʻonohonoho

ʻO ke kūlana maʻamau a weliweli. Pehea ka hopena. Pono ka mea hoʻomohala e hoʻāʻo koke i ke kuhiakau; hoʻonohonoho ʻo ia i kahi kikowaena manawaleʻa me mysql/redis/mongodb/elastic. ʻO ka ʻōlelo huna, ʻoiaʻiʻo, paʻakikī, hoʻohana ʻo ia i nā wahi āpau. Wehe ia i ka lawelawe i ka honua - hiki iā ia ke hoʻopili mai kāna PC me ka ʻole o kāu mau VPN. A moloā loa wau e hoʻomanaʻo i ka syntax iptables; he manawa pōkole ke kikowaena. ʻElua mau lā o ka hoʻomohala ʻana - ua maikaʻi ia, hiki iā mākou ke hōʻike i ka mea kūʻai aku. Makemake ka mea kūʻai aku, ʻaʻohe manawa e hana hou, hoʻomaka mākou i PROD!

ʻO kahi hiʻohiʻona i hoʻonui ʻia i mea e hele ai i ka rake āpau:

  1. ʻAʻohe mea mau loa ma mua o ka manawa pōkole - ʻaʻole wau makemake i kēia ʻōlelo, akā e like me nā manaʻo kumuhana, 20-40% o ia mau kikowaena manawa lōʻihi e noho nei no ka manawa lōʻihi.
  2. He ʻino ka ʻōlelo huna honua paʻakikī i hoʻohana ʻia i nā lawelawe he nui. No ka mea ua hiki ke hacked kekahi o nā lawelawe i hoʻohana ʻia ai kēia ʻōlelo huna. Hoʻokahi ʻaoʻao a i ʻole, ʻo nā ʻikepili o nā lawelawe hacked i hoʻokahi, i hoʻohana ʻia no [brute force]*.
    Pono e hoʻohui ʻia ma hope o ke kau ʻana, loaʻa ka redis, mongodb a me ka elastic me ka ʻole o ka hōʻoia ʻana, a hoʻopiha pinepine ʻia. hōʻiliʻili o nā ʻikepili hāmama.
  3. Me he mea lā ʻaʻohe mea e nānā i kāu awa 3306 i nā lā ʻelua. He hoopunipuni! ʻO Masscan kahi mākaʻikaʻi maikaʻi loa a hiki ke nānā i nā awa 10M i kēlā me kēia kekona. A he 4 billion IPv4 wale nō ma ka Pūnaewele. No laila, aia nā awa āpau 3306 ma ka Pūnaewele i 7 mau minuke. Charles!!! ʻEhiku mau minuke!
    "ʻO wai ka mea e pono ai kēia?" - ke kūʻē nei ʻoe. No laila ke kahaha nei au i koʻu nānā ʻana i nā helu helu o nā pūʻolo i hāʻule. Ma hea mai 40 tausani mau hoʻāʻo scan mai 3 tausani IP kūʻokoʻa i kēlā me kēia lā? I kēia manawa ke nānā nei nā kānaka a pau, mai nā mea hacker a i nā aupuni. He mea maʻalahi loa ke nānā - lawe i kekahi VPS no $3-5 mai kekahi** mokulele haʻahaʻa haʻahaʻa, hiki ke hoʻopaʻa inoa i nā pūʻolo i hāʻule a nānā i ka log i ka lā.

Ke hoʻā ʻana i ka logging

Ma /etc/iptables/rules.v4 hoʻohui i ka hopena:
-A INPUT -j LOG --log-prefix "[FW - ALL] " --log-level 4

A ma /etc/rsyslog.d/10-iptables.conf
:msg,contains,"[FW - "/var/log/iptables.log
& kū

DDoS ma luna o IP

Inā ʻike ka mea hoʻouka kaua i kāu IP, hiki iā ia ke hijack i kāu kikowaena no kekahi mau hola a mau lā paha. ʻAʻole nā ​​​​mea hoʻolako hoʻolako haʻahaʻa haʻahaʻa i loaʻa ka pale DDoS a e kāpae wale ʻia kāu kikowaena mai ka pūnaewele. Inā hūnā ʻoe i kāu kikowaena ma hope o kahi CDN, mai poina e hoʻololi i ka IP, inā ʻaʻole e google ka mea hacker a me DDoS kāu kikowaena e kāpae ana i ka CDN (kahi hewa kaulana loa).

Nā pilikia lawelawe

Loaʻa nā polokalamu kaulana a pau i nā hewa, ʻoiai nā mea i hoʻāʻo ʻia a koʻikoʻi. Ma waena o nā loea IB, aia kahi hapa haʻahaʻa - hiki ke nānā pono ʻia ka palekana o ka ʻōnaehana i ka manawa o ka hoʻonui hope. Inā waiwai kāu ʻoihana i nā awa e pili ana i ka honua, a ʻaʻole ʻoe i hōʻano hou iā ia no hoʻokahi makahiki, a laila e haʻi aku kekahi loea palekana iā ʻoe me ka nānā ʻole ʻana he leaky ʻoe, a ʻoi aku paha ka hacked.
He mea kūpono hoʻi e haʻi ʻia ʻaʻole ʻike ʻia nā nāwaliwali āpau i ʻike ʻia. E noʻonoʻo i kahi mea hacker i loaʻa i kahi nāwaliwali a nānā i ka Pūnaewele holoʻokoʻa i 7 mau minuke no kona hele ʻana ... Eia kahi maʻi maʻi maʻi hou) Pono mākou e hoʻonui, akā hiki ke hōʻino i ka huahana, ʻōlelo ʻoe. A pololei ʻoe inā ʻaʻole i hoʻokomo ʻia nā pūʻulu mai nā waihona waihona OS mana. Mai ka ʻike, ʻaʻole i haki nā mea hou mai ka waihona kūhelu i ka huahana.

Ka ikaika ʻino

E like me ka mea i hōʻike ʻia ma luna nei, aia kahi waihona me ka hapalua miliona mau ʻōlelo huna e maʻalahi e paʻi mai ka papa keyboard. I nā huaʻōlelo ʻē aʻe, inā ʻaʻole ʻoe i hoʻopuka i kahi huaʻōlelo, akā ua paʻi i nā hōʻailona pili ma ka papa keyboard, e hoʻomaha ʻoe e ʻaihue ʻia ʻoe.

Nā nāwaliwali o ka hoʻopaʻa kernel.

Hiki nō hoʻi iā **** ʻaʻole ia he mea pili i ka lawelawe e wehe ai i ke awa, i ka wā e hoʻopaʻa ʻia ai ka pūnaewele kernel ponoʻī. ʻO ia hoʻi, ʻo kēlā me kēia kumu tcp/udp ma kahi ʻōnaehana ʻelua mau makahiki hiki ke maʻalahi i kahi nāwaliwali e alakaʻi ana iā DDoS.

Hoʻonui ʻia nā hoʻouka kaua DDoS

ʻAʻole ia e hōʻeha pololei, akā hiki iā ia ke hoʻopaʻa i kāu kahawai, hoʻonui i ka ukana ma ka ʻōnaehana, e hoʻopau kāu IP i kekahi papa inoa ʻeleʻele *****, a e loaʻa iā ʻoe ka hōʻino mai ka hoster.

Pono ʻoe i kēia mau pilikia a pau? Hoʻohui i kou home a me IP hana i ka papa inoa keʻokeʻo. ʻOiai inā he ikaika, e hoʻokomo i loko o ka papa hoʻokele o ka hoster, ma o ka console pūnaewele, a hoʻohui i kekahi.

Ua kūkulu au a mālama i ka ʻenehana IT no 15 mau makahiki. Ua kūkulu au i kānāwai aʻu e paipai ikaika nei i nā mea a pau - ʻAʻohe awa e kū i ka honua me ka ʻole o ka papa inoa keʻokeʻo.

No ka laʻana, ʻo ka pūnaewele pūnaewele paʻa loa *** ʻo ia ka mea e wehe ai i ka 80 a me 443 wale nō no CDN/WAF. A ʻo nā awa lawelawe (ssh, netdata, bacula, phpmyadmin) ma hope o ka papa inoa keʻokeʻo, a ʻoi aku ka maikaʻi ma hope o ka VPN. Inā ʻaʻole, pilikia ʻoe i ka compromised.

ʻO ia wale nō kaʻu makemake e ʻōlelo. E pani i kou mau awa!

  • (1) UPD1: he mea hiki iā ʻoe ke nānā i kāu ʻōlelo huna honua maikaʻi (mai hana i kēia me ka hoʻololi ʻole ʻana i kēia ʻōlelo huna me ka ʻōlelo huna ma nā lawelawe āpau), inā paha i ʻike ʻia ma ka waihona i hoʻohui ʻia. A maanei hiki iā ʻoe ke ʻike i ka nui o nā lawelawe i hacked, kahi i hoʻokomo ʻia ai kāu leka uila, a, no laila, e ʻike inā ua hoʻopilikia ʻia kāu ʻōlelo huna honua.
  • (2) No ka hōʻaiʻē o Amazon, he liʻiliʻi nā scans LightSail. Me he mea lā ua kānana lākou i kekahi mea.
  • (3) ʻO kahi kikowaena pūnaewele ʻoi aku ka palekana ʻo ia ka mea ma hope o kahi pā ahi i hoʻolaʻa ʻia, kāna WAF ponoʻī, akā ke kamaʻilio nei mākou e pili ana i ka lehulehu VPS/Dedicated.
  • (4) Segmentsmak.
  • (5) Kahuahi.

Hiki i nā mea hoʻohana i hoʻopaʻa inoa ʻia ke komo i ka noiʻi. Eʻe, e 'oluʻolu.

Ke kū nei kāu mau awa?

  • Mālama mau

  • I kekahi manawa

  • ʻAʻole loa

  • ʻAʻole maopopo iaʻu

54 mea hoʻohana i koho. Ua hōʻole nā ​​mea hoʻohana 6.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka