Mai wehe i nā awa i ka honua - e uhaʻi ʻia ʻoe (pilikia)
ʻO ka manawa a me ka manawa, ma hope o ka hana ʻana i kahi loiloi, i ka pane ʻana i kaʻu mau ʻōlelo aʻoaʻo e hūnā i nā awa ma hope o kahi papa inoa keʻokeʻo, ua hālāwai wau me kahi pā o ka hoʻomaopopo ʻole. ʻO nā admins maikaʻi loa / DevOps nīnau: "No ke aha?!?"
Manaʻo wau e noʻonoʻo i nā pilikia ma ke ʻano iho o ka hiki ʻana mai a me ka pōʻino.
Kuwaho hoʻonohonoho
DDoS ma luna o IP
Ka ikaika ʻino
Nā pilikia lawelawe
Nā nāwaliwali o ka hoʻopaʻa kernel
Hoʻonui ʻia nā hoʻouka kaua DDoS
Kuwaho hoʻonohonoho
ʻO ke kūlana maʻamau a weliweli. Pehea ka hopena. Pono ka mea hoʻomohala e hoʻāʻo koke i ke kuhiakau; hoʻonohonoho ʻo ia i kahi kikowaena manawaleʻa me mysql/redis/mongodb/elastic. ʻO ka ʻōlelo huna, ʻoiaʻiʻo, paʻakikī, hoʻohana ʻo ia i nā wahi āpau. Wehe ia i ka lawelawe i ka honua - hiki iā ia ke hoʻopili mai kāna PC me ka ʻole o kāu mau VPN. A moloā loa wau e hoʻomanaʻo i ka syntax iptables; he manawa pōkole ke kikowaena. ʻElua mau lā o ka hoʻomohala ʻana - ua maikaʻi ia, hiki iā mākou ke hōʻike i ka mea kūʻai aku. Makemake ka mea kūʻai aku, ʻaʻohe manawa e hana hou, hoʻomaka mākou i PROD!
ʻO kahi hiʻohiʻona i hoʻonui ʻia i mea e hele ai i ka rake āpau:
ʻAʻohe mea mau loa ma mua o ka manawa pōkole - ʻaʻole wau makemake i kēia ʻōlelo, akā e like me nā manaʻo kumuhana, 20-40% o ia mau kikowaena manawa lōʻihi e noho nei no ka manawa lōʻihi.
He ʻino ka ʻōlelo huna honua paʻakikī i hoʻohana ʻia i nā lawelawe he nui. No ka mea ua hiki ke hacked kekahi o nā lawelawe i hoʻohana ʻia ai kēia ʻōlelo huna. Hoʻokahi ʻaoʻao a i ʻole, ʻo nā ʻikepili o nā lawelawe hacked i hoʻokahi, i hoʻohana ʻia no [brute force]*.
Pono e hoʻohui ʻia ma hope o ke kau ʻana, loaʻa ka redis, mongodb a me ka elastic me ka ʻole o ka hōʻoia ʻana, a hoʻopiha pinepine ʻia. hōʻiliʻili o nā ʻikepili hāmama.
Me he mea lā ʻaʻohe mea e nānā i kāu awa 3306 i nā lā ʻelua. He hoopunipuni! ʻO Masscan kahi mākaʻikaʻi maikaʻi loa a hiki ke nānā i nā awa 10M i kēlā me kēia kekona. A he 4 billion IPv4 wale nō ma ka Pūnaewele. No laila, aia nā awa āpau 3306 ma ka Pūnaewele i 7 mau minuke. Charles!!! ʻEhiku mau minuke!
"ʻO wai ka mea e pono ai kēia?" - ke kūʻē nei ʻoe. No laila ke kahaha nei au i koʻu nānā ʻana i nā helu helu o nā pūʻolo i hāʻule. Ma hea mai 40 tausani mau hoʻāʻo scan mai 3 tausani IP kūʻokoʻa i kēlā me kēia lā? I kēia manawa ke nānā nei nā kānaka a pau, mai nā mea hacker a i nā aupuni. He mea maʻalahi loa ke nānā - lawe i kekahi VPS no $3-5 mai kekahi** mokulele haʻahaʻa haʻahaʻa, hiki ke hoʻopaʻa inoa i nā pūʻolo i hāʻule a nānā i ka log i ka lā.
Ke hoʻā ʻana i ka logging
Ma /etc/iptables/rules.v4 hoʻohui i ka hopena:
-A INPUT -j LOG --log-prefix "[FW - ALL] " --log-level 4
A ma /etc/rsyslog.d/10-iptables.conf
:msg,contains,"[FW - "/var/log/iptables.log
& kū
DDoS ma luna o IP
Inā ʻike ka mea hoʻouka kaua i kāu IP, hiki iā ia ke hijack i kāu kikowaena no kekahi mau hola a mau lā paha. ʻAʻole nā mea hoʻolako hoʻolako haʻahaʻa haʻahaʻa i loaʻa ka pale DDoS a e kāpae wale ʻia kāu kikowaena mai ka pūnaewele. Inā hūnā ʻoe i kāu kikowaena ma hope o kahi CDN, mai poina e hoʻololi i ka IP, inā ʻaʻole e google ka mea hacker a me DDoS kāu kikowaena e kāpae ana i ka CDN (kahi hewa kaulana loa).
Nā pilikia lawelawe
Loaʻa nā polokalamu kaulana a pau i nā hewa, ʻoiai nā mea i hoʻāʻo ʻia a koʻikoʻi. Ma waena o nā loea IB, aia kahi hapa haʻahaʻa - hiki ke nānā pono ʻia ka palekana o ka ʻōnaehana i ka manawa o ka hoʻonui hope. Inā waiwai kāu ʻoihana i nā awa e pili ana i ka honua, a ʻaʻole ʻoe i hōʻano hou iā ia no hoʻokahi makahiki, a laila e haʻi aku kekahi loea palekana iā ʻoe me ka nānā ʻole ʻana he leaky ʻoe, a ʻoi aku paha ka hacked.
He mea kūpono hoʻi e haʻi ʻia ʻaʻole ʻike ʻia nā nāwaliwali āpau i ʻike ʻia. E noʻonoʻo i kahi mea hacker i loaʻa i kahi nāwaliwali a nānā i ka Pūnaewele holoʻokoʻa i 7 mau minuke no kona hele ʻana ... Eia kahi maʻi maʻi maʻi hou) Pono mākou e hoʻonui, akā hiki ke hōʻino i ka huahana, ʻōlelo ʻoe. A pololei ʻoe inā ʻaʻole i hoʻokomo ʻia nā pūʻulu mai nā waihona waihona OS mana. Mai ka ʻike, ʻaʻole i haki nā mea hou mai ka waihona kūhelu i ka huahana.
Ka ikaika ʻino
E like me ka mea i hōʻike ʻia ma luna nei, aia kahi waihona me ka hapalua miliona mau ʻōlelo huna e maʻalahi e paʻi mai ka papa keyboard. I nā huaʻōlelo ʻē aʻe, inā ʻaʻole ʻoe i hoʻopuka i kahi huaʻōlelo, akā ua paʻi i nā hōʻailona pili ma ka papa keyboard, e hoʻomaha ʻoe e ʻaihue ʻia ʻoe.
Nā nāwaliwali o ka hoʻopaʻa kernel.
Hiki nō hoʻi iā **** ʻaʻole ia he mea pili i ka lawelawe e wehe ai i ke awa, i ka wā e hoʻopaʻa ʻia ai ka pūnaewele kernel ponoʻī. ʻO ia hoʻi, ʻo kēlā me kēia kumu tcp/udp ma kahi ʻōnaehana ʻelua mau makahiki hiki ke maʻalahi i kahi nāwaliwali e alakaʻi ana iā DDoS.
Hoʻonui ʻia nā hoʻouka kaua DDoS
ʻAʻole ia e hōʻeha pololei, akā hiki iā ia ke hoʻopaʻa i kāu kahawai, hoʻonui i ka ukana ma ka ʻōnaehana, e hoʻopau kāu IP i kekahi papa inoa ʻeleʻele *****, a e loaʻa iā ʻoe ka hōʻino mai ka hoster.
Pono ʻoe i kēia mau pilikia a pau? Hoʻohui i kou home a me IP hana i ka papa inoa keʻokeʻo. ʻOiai inā he ikaika, e hoʻokomo i loko o ka papa hoʻokele o ka hoster, ma o ka console pūnaewele, a hoʻohui i kekahi.
Ua kūkulu au a mālama i ka ʻenehana IT no 15 mau makahiki. Ua kūkulu au i kānāwai aʻu e paipai ikaika nei i nā mea a pau - ʻAʻohe awa e kū i ka honua me ka ʻole o ka papa inoa keʻokeʻo.
No ka laʻana, ʻo ka pūnaewele pūnaewele paʻa loa *** ʻo ia ka mea e wehe ai i ka 80 a me 443 wale nō no CDN/WAF. A ʻo nā awa lawelawe (ssh, netdata, bacula, phpmyadmin) ma hope o ka papa inoa keʻokeʻo, a ʻoi aku ka maikaʻi ma hope o ka VPN. Inā ʻaʻole, pilikia ʻoe i ka compromised.
ʻO ia wale nō kaʻu makemake e ʻōlelo. E pani i kou mau awa!
(1) UPD1: he mea hiki iā ʻoe ke nānā i kāu ʻōlelo huna honua maikaʻi (mai hana i kēia me ka hoʻololi ʻole ʻana i kēia ʻōlelo huna me ka ʻōlelo huna ma nā lawelawe āpau), inā paha i ʻike ʻia ma ka waihona i hoʻohui ʻia. A maanei hiki iā ʻoe ke ʻike i ka nui o nā lawelawe i hacked, kahi i hoʻokomo ʻia ai kāu leka uila, a, no laila, e ʻike inā ua hoʻopilikia ʻia kāu ʻōlelo huna honua.
(2) No ka hōʻaiʻē o Amazon, he liʻiliʻi nā scans LightSail. Me he mea lā ua kānana lākou i kekahi mea.
(3) ʻO kahi kikowaena pūnaewele ʻoi aku ka palekana ʻo ia ka mea ma hope o kahi pā ahi i hoʻolaʻa ʻia, kāna WAF ponoʻī, akā ke kamaʻilio nei mākou e pili ana i ka lehulehu VPS/Dedicated.
(4) Segmentsmak.
(5) Kahuahi.
Hiki i nā mea hoʻohana i hoʻopaʻa inoa ʻia ke komo i ka noiʻi. Eʻe, e 'oluʻolu.
Ke kū nei kāu mau awa?
Mālama mau
I kekahi manawa
ʻAʻole loa
ʻAʻole maopopo iaʻu
54 mea hoʻohana i koho. Ua hōʻole nā mea hoʻohana 6.