ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Tsis txhob qhib chaw nres nkoj rau lub ntiaj teb - koj yuav tawg (kev pheej hmoo)

Tsis txhob qhib chaw nres nkoj rau lub ntiaj teb - koj yuav tawg (kev pheej hmoo)

Tsis txhob qhib chaw nres nkoj rau lub ntiaj teb - koj yuav tawg (kev pheej hmoo)

Lub sij hawm thiab sij hawm dua, tom qab ua qhov kev ntsuam xyuas, teb rau kuv cov lus pom zoo kom nkaum cov chaw nres nkoj tom qab daim ntawv teev npe dawb, kuv tau ntsib nrog phab ntsa ntawm kev nkag siab yuam kev. Txawm tias txias heev admins / DevOps nug: "Vim li cas?!!"

Kuv thov kom txiav txim siab txog kev pheej hmoo hauv qhov qis qis ntawm qhov yuav tshwm sim thiab kev puas tsuaj.

  1. Configuration yuam kev
  2. DDoS dhau IP
  3. Lub zog loj
  4. Kev pabcuam tsis zoo
  5. Kernel stack vulnerabilities
  6. Nce DDoS tawm tsam

Configuration yuam kev

Qhov xwm txheej thiab txaus ntshai tshaj plaws. Nws tshwm sim li cas. Tus tsim tawm yuav tsum sim sai sai rau qhov kev xav; nws teeb tsa lub server ib ntus nrog mysql/redis/mongodb/elastic. Tus password, ntawm chav kawm, yog complex, nws siv nws txhua qhov chaw. Nws qhib kev pabcuam rau lub ntiaj teb - nws yooj yim rau nws txuas los ntawm nws lub PC yam tsis muaj VPNs ntawm koj li. Thiab kuv tub nkeeg dhau lawm nco ntsoov iptables syntax; tus neeg rau zaub mov yog ib ntus lawm. Ob peb hnub ntxiv ntawm txoj kev loj hlob - nws ua tau zoo, peb tuaj yeem qhia nws rau cov neeg siv khoom. Cov neeg siv khoom nyiam nws, tsis muaj sijhawm los rov ua dua, peb tso rau hauv PROD!

Ib qho piv txwv txhob txwm tshaj tawm kom dhau mus dhau tag nrho cov rake:

  1. Tsis muaj ib yam dab tsi ruaj khov dua li ib ntus - Kuv tsis nyiam cov kab lus no, tab sis raws li kev xav, 20-40% ntawm cov servers ib ntus no tseem nyob ntev.
  2. Ib tug complex universal lo lus zais uas yog siv nyob rau hauv ntau yam kev pab yog phem. Vim tias ib qho ntawm cov kev pabcuam uas siv tus password no tuaj yeem raug nyiag. Ib txoj kev lossis lwm qhov, cov ntaub ntawv ntawm cov kev pabcuam hacked tau nkag mus rau hauv ib qho, uas yog siv rau [brute force] *.
    Nws yog tsim nyog ntxiv tias tom qab kev teeb tsa, redis, mongodb thiab elastic feem ntau muaj yam tsis muaj kev lees paub, thiab feem ntau rov ua dua. sau cov ntaub ntawv qhib.
  3. Nws yuav zoo li tsis muaj leej twg yuav luam theej koj qhov chaw nres nkoj 3306 hauv ob peb hnub. Nws yog kev dag ntxias! Masscan yog lub scanner zoo heev thiab tuaj yeem luam theej duab ntawm 10M ports ib ob. Thiab tsuas muaj 4 billion IPv4 hauv Is Taws Nem. Raws li, tag nrho 3306 chaw nres nkoj hauv Is Taws Nem nyob hauv 7 feeb. Charles!!! Xya feeb!
    "Leej twg xav tau qhov no?" - koj tawm tsam. Yog li kuv xav tsis thoob thaum kuv saib cov txheeb cais ntawm cov pob khoom poob. Qhov twg 40 txhiab scan sim los ntawm 3 txhiab tus IPs los ntawm ib hnub? Tam sim no txhua tus tab tom luam theej duab, los ntawm niam lub hackers mus rau tsoomfwv. Nws yooj yim heev los kuaj xyuas - nqa ib qho VPS rau $ 3-5 los ntawm ib lub dav hlau ** tus nqi qis, pab kom nkag mus ntawm cov pob khoom poob thiab saib cov cav hauv ib hnub.

Enabling kev teev cia

Hauv /etc/iptables/rules.v4 ntxiv rau qhov kawg:
-A INPUT -j LOG --log-prefix "[FW - ALL]" --log-level 4

Thiab hauv /etc/rsyslog.d/10-iptables.conf
:msg, muaj, "[FW - "/var/log/iptables.log
& nres

DDoS dhau IP

Yog tias tus neeg tawm tsam paub koj tus IP, nws tuaj yeem nyiag koj lub server rau ob peb teev lossis hnub. Tsis yog txhua tus nqi qis hosting cov chaw zov me nyuam muaj kev tiv thaiv DDoS thiab koj lub server tsuas yog raug txiav tawm ntawm lub network. Yog tias koj zais koj tus neeg rau zaub mov tom qab CDN, tsis txhob hnov ​​​​qab hloov tus IP, txwv tsis pub tus hacker yuav google nws thiab DDoS koj tus neeg rau zaub mov hla CDN (qhov yuam kev nrov heev).

Kev pabcuam tsis zoo

Tag nrho cov software nrov sai lossis tom qab pom qhov yuam kev, txawm tias qhov kev sim thiab qhov tseem ceeb tshaj plaws. Ntawm cov kws tshaj lij IB, muaj ib nrab ntawm kev tso dag - kev ruaj ntseg ntawm cov txheej txheem tuaj yeem ntsuas kev nyab xeeb los ntawm lub sijhawm hloov tshiab kawg. Yog tias koj qhov kev tsim kho vaj tse nplua nuj nyob rau hauv cov chaw nres nkoj tawm mus rau hauv lub ntiaj teb, thiab koj tsis tau hloov kho nws rau ib xyoos, ces txhua tus kws paub txog kev ruaj ntseg yuav qhia rau koj yam tsis tau saib tias koj tau xau, thiab feem ntau yuav raug nyiag lawm.
Nws tseem tsim nyog hais tias txhua qhov kev paub tsis meej yog ib zaug tsis paub. Xav txog ib tus neeg nyiag nkas uas pom muaj qhov tsis zoo li no thiab tau tshuaj xyuas tag nrho Is Taws Nem hauv 7 feeb rau nws lub xub ntiag ... Ntawm no yog tus kab mob kis tshiab) Peb yuav tsum hloov kho, tab sis qhov no tuaj yeem ua rau cov khoom lag luam, koj hais. Thiab koj yuav ua tau yog tias cov pob khoom tsis tau teeb tsa los ntawm cov chaw khaws ntaub ntawv OS. Los ntawm kev paub dhau los, kev hloov kho tshiab los ntawm cov chaw khaws ntaub ntawv tseem tsis tshua tawg cov khoom.

Lub zog loj

Raws li tau piav qhia saum toj no, muaj cov ntaub ntawv nrog ib nrab lab tus passwords uas yooj yim rau kev ntaus los ntawm cov keyboard. Hauv lwm lo lus, yog tias koj tsis tau tsim tus password, tab sis ntaus cov cim nyob ib sab ntawm cov keyboard, so assured * tias lawv yuav ua rau koj tsis meej pem.

Kernel stack vulnerabilities.

Nws kuj tshwm sim **** tias nws tsis txawm tias qhov kev pab cuam twg qhib qhov chaw nres nkoj, thaum lub kernel network pawg nws tus kheej yog qhov tsis zoo. Ntawd yog, kiag li txhua qhov tcp / udp lub qhov (socket) ntawm ob-xyoo-laus system muaj qhov cuam tshuam rau qhov tsis zoo ua rau DDoS.

Nce DDoS tawm tsam

Nws yuav tsis ua rau muaj kev puas tsuaj ncaj qha, tab sis nws tuaj yeem cuam tshuam koj cov channel, nce kev thauj khoom ntawm lub cev, koj tus IP yuav xaus rau qee cov npe dub *****, thiab koj yuav tau txais kev tsim txom los ntawm tus tswv tsev.

Koj puas xav tau tag nrho cov kev pheej hmoo no? Ntxiv koj lub tsev thiab ua haujlwm IP rau hauv daim ntawv teev npe dawb. Txawm hais tias nws yog dynamic, nkag mus rau hauv lub hoster's admin vaj huam sib luag, los ntawm lub vev xaib console, thiab tsuas yog ntxiv ib qho ntxiv.

Kuv tau tsim thiab tiv thaiv IT infrastructure rau 15 xyoo. Kuv tau tsim ib txoj cai uas kuv pom zoo rau txhua tus - tsis muaj chaw nres nkoj yuav tsum tawm mus rau hauv lub ntiaj teb yam tsis muaj daim ntawv teev npe dawb.

Piv txwv li, lub vev xaib ruaj ntseg tshaj plaws *** yog qhov qhib 80 thiab 443 nkaus xwb rau CDN / WAF. Thiab cov chaw nres nkoj pabcuam (ssh, netdata, bacula, phpmyadmin) yuav tsum yog tsawg kawg tom qab daim ntawv teev npe dawb, thiab tseem zoo dua tom qab VPN. Txwv tsis pub, koj yuav raug cuam tshuam.

Qhov ntawd yog txhua yam kuv xav hais. Khaws koj cov chaw nres nkoj kaw!

  • (1) Hloov Kho Tshiab 1: nws yog koj tuaj yeem tshawb xyuas koj tus password universal txias (tsis txhob ua qhov no yam tsis tau hloov tus password no nrog ib qho random hauv txhua qhov kev pabcuam), seb nws tshwm sim hauv cov ntaub ntawv sib koom ua ke. Thiab ntawm no koj tuaj yeem pom ntau npaum li cas cov kev pabcuam raug nyiag, qhov twg koj tus email tau suav nrog, thiab, raws li, nrhiav seb koj tus lej zais thoob ntiaj teb puas raug cuam tshuam.
  • (2) Rau Amazon qhov credit, LightSail muaj tsawg kawg nkaus scans. Thaj lawv lim nws li cas.
  • (3) Lub web server tseem muaj kev nyab xeeb dua yog ib qho tom qab lub foob pob hluav taws, nws tus kheej WAF, tab sis peb tab tom tham txog pej xeem VPS / Dedicated.
  • (4) Segmentsmak.
  • (5) Hluav taws xob.

Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. Kos npe rau hauvthov.

Koj cov chaw nres nkoj puas tawm?

  • Ib txwm

  • Qee zaum

  • Yeej Tsis

  • Kuv tsis paub, fuck

54 cov neeg siv pov npav. 6 cov neeg siv txwv tsis pub siv.

Tau qhov twg los: www.hab.com

Ntxiv ib saib