Pulogalamu ya ProHoster > Blog > Ulamuliro > Osatsegula madoko kudziko lapansi - mudzasweka (zowopsa)

Osatsegula madoko kudziko lapansi - mudzasweka (zowopsa)

Osatsegula madoko kudziko lapansi - mudzasweka (zowopsa)

Nthawi ndi nthawi, nditatha kufufuza, poyankha malingaliro anga obisala madoko kumbuyo kwa mndandanda wa zoyera, ndimakumana ndi khoma la kusamvetsetsana. Ngakhale ma admins / DevOps ozizira kwambiri amafunsa kuti: "Chifukwa?!?"

Ndikupangira kuganizira zowopsa zomwe zingachitike komanso kuwonongeka.

  1. Vuto la kasinthidwe
  2. DDoS pa IP
  3. Mphamvu yankhanza
  4. Zofooka zautumiki
  5. Zowopsa za kernel stack
  6. Kuchulukitsa kwa DDoS

Vuto la kasinthidwe

Chochitika chodziwika bwino komanso chowopsa. Momwe zimachitikira. Wopanga mapulogalamuwa akuyenera kuyesa lingalirolo mwachangu; amakhazikitsa seva yakanthawi ndi mysql/redis/mongodb/elastic. Mawu achinsinsi, ndithudi, ndi ovuta, amawagwiritsa ntchito kulikonse. Imatsegula ntchito kudziko lonse lapansi - ndikosavuta kuti alumikizane ndi PC yake popanda ma VPN anu awa. Ndipo ndine waulesi kwambiri kukumbukira ma syntax a iptables; seva ndiyosakhalitsa. Masiku angapo achitukuko - zidakhala zabwino, titha kuziwonetsa kwa kasitomala. Makasitomala amawakonda, palibe nthawi yoti tichitenso, timayiyambitsa mu PROD!

Chitsanzo chokokomeza mwadala kuti mudutse zonse:

  1. Palibe chokhalitsa kuposa chosakhalitsa - sindimakonda mawu awa, koma malinga ndi malingaliro omvera, 20-40% ya ma seva osakhalitsa amakhalabe kwa nthawi yayitali.
  2. Mawu achinsinsi ovuta kwambiri omwe amagwiritsidwa ntchito muzinthu zambiri ndi oipa. Chifukwa chimodzi mwazinthu zomwe mawu achinsinsiwa adagwiritsidwa ntchito akanatha kubedwa. Njira imodzi kapena imzake, nkhokwe zamautumiki othyolako zimalowa m'modzi, zomwe zimagwiritsidwa ntchito pa [brute force]*.
    Ndikoyenera kuwonjezera kuti mutatha kukhazikitsa, redis, mongodb ndi zotanuka zimapezeka nthawi zambiri popanda kutsimikiziridwa, ndipo nthawi zambiri zimawonjezeredwa. kusonkhanitsa ma database otseguka.
  3. Zitha kuwoneka kuti palibe amene angayang'ane doko lanu la 3306 m'masiku angapo. Ndi chinyengo! Masscan ndi sikani yabwino kwambiri ndipo imatha kusanthula madoko a 10M pamphindikati. Ndipo pa intaneti pali IPv4 4 biliyoni yokha. Chifukwa chake, madoko onse a 3306 pa intaneti ali m'mphindi 7. Charles!!! Mphindi zisanu ndi ziwiri!
    "Ndani akufuna izi?" - mumatsutsa. Chifukwa chake ndimadabwa ndikayang'ana ziwerengero zamaphukusi ogwetsedwa. Kodi kuyesa kwa 40 zikwi kuchokera ku ma IP apadera a 3 zikwizikwi kumachokera kuti tsiku lililonse? Tsopano aliyense akuyang'ana, kuyambira owononga amayi mpaka maboma. Ndizosavuta kuyang'ana - tengani VPS iliyonse ya $ 3-5 kuchokera ku ndege iliyonse yotsika mtengo, yambitsani mitengo yotsika ndikuyang'ana chipikacho tsiku limodzi.

Kuthandizira kudula mitengo

Mu /etc/iptables/rules.v4 onjezani mpaka kumapeto:
-A INPUT -j LOG --log-prefix "[FW - ONSE] " --log-level 4

Ndipo mu /etc/rsyslog.d/10-iptables.conf
:msg, muli,"[FW - " /var/log/iptables.log
& Imani

DDoS pa IP

Ngati wowukira akudziwa IP yanu, amatha kubera seva yanu kwa maola angapo kapena masiku angapo. Osati onse operekera alendo otsika mtengo ali ndi chitetezo cha DDoS ndipo seva yanu idzangochotsedwa pa intaneti. Ngati munabisa seva yanu kuseri kwa CDN, musaiwale kusintha IP, apo ayi wobera adzayika google ndi DDoS seva yanu kudutsa CDN (cholakwika chodziwika kwambiri).

Zofooka zautumiki

Mapulogalamu onse otchuka posachedwa amapeza zolakwika, ngakhale zoyesedwa kwambiri komanso zovuta. Pakati pa akatswiri a IB, pali nthabwala-theka - chitetezo cha zomangamanga chikhoza kuyesedwa bwino pofika nthawi yomaliza. Ngati zomangamanga zanu zili ndi madoko ochuluka padziko lonse lapansi, ndipo simunazisinthe kwa chaka chimodzi, ndiye kuti katswiri aliyense wachitetezo angakuuzeni osayang'ana kuti ndinu otsika, ndipo mwina mwabedwa kale.
Ndikoyeneranso kutchula kuti zofooka zonse zodziwika zinali zosadziwika kale. Tangoganizani wobera yemwe adapeza chiwopsezo chotere ndikusanthula intaneti yonse mu mphindi 7 chifukwa cha kupezeka kwake ... Pano pali mliri watsopano wa virus) Tiyenera kusintha, koma izi zitha kuvulaza mankhwalawo, mukuti. Ndipo mudzakhala olondola ngati mapaketiwo sanayikidwe kuchokera kumalo osungira ovomerezeka a OS. Kuchokera pazomwe zachitika, zosintha kuchokera kumalo ovomerezeka sizimasokoneza malondawo.

Mphamvu yankhanza

Monga tafotokozera pamwambapa, pali nkhokwe yokhala ndi mapasiwedi theka la biliyoni omwe ndi osavuta kulemba kuchokera pa kiyibodi. Mwa kuyankhula kwina, ngati simunapange mawu achinsinsi, koma mutalemba zizindikiro zoyandikana pa kiyibodi, khalani otsimikiza * kuti zidzakusokonezani.

Zowopsa za kernel stack.

Zimachitikanso **** kuti zilibe kanthu kuti ndi ntchito iti yomwe imatsegula doko, pomwe kernel network stack ili pachiwopsezo. Ndiko kuti, mwamtheradi socket iliyonse ya tcp/udp pamakina azaka ziwiri imatha kukhala pachiwopsezo chotsogolera ku DDoS.

Kuchulukitsa kwa DDoS

Sizidzawononga mwachindunji, koma zimatha kutseka tchanelo chanu, kuonjezera katundu padongosolo, IP yanu idzakhala pamndandanda wakuda *****, ndipo mudzalandira nkhanza kuchokera kwa wolandirayo.

Kodi mukufunikiradi zoopsa zonsezi? Onjezani IP yanu yakunyumba ndi yakuntchito pamndandanda woyera. Ngakhale zitakhala zamphamvu, lowani kudzera pagulu la oyang'anira, kudzera pa intaneti, ndikungowonjezera ina.

Ndakhala ndikumanga ndi kuteteza zomangamanga za IT kwa zaka 15. Ndapanga lamulo lomwe ndimalimbikitsa mwamphamvu kwa aliyense - palibe doko lomwe liyenera kukhala padziko lapansi popanda mndandanda wa zoyera.

Mwachitsanzo, seva yotetezedwa kwambiri*** ndi yomwe imatsegula 80 ndi 443 pa CDN/WAF yokha. Ndipo madoko autumiki (ssh, netdata, bacula, phpmyadmin) ayenera kukhala kumbuyo kwa mndandanda woyera, komanso kuseri kwa VPN. Apo ayi, mukhoza kukhala pachiopsezo.

Ndizo zonse zomwe ndimafuna kunena. Sungani madoko anu otsekedwa!

  • (1) UPD1: ndi mutha kuyang'ana mawu achinsinsi anu abwino onse (osachita izi popanda kusintha mawu achinsinsiwa ndi amodzi mwachisawawa muzinthu zonse), ngakhale idawonekera mu database yophatikizidwa. Ndipo apa mutha kuwona kuchuluka kwa mautumiki omwe adabedwa, komwe imelo yanu idaphatikizidwa, ndipo, molingana ndi izi, fufuzani ngati mawu anu achinsinsi achinsinsi asokonezedwa.
  • (2) Kungongole ya Amazon, LightSail ili ndi masikelo ochepa. Zikuoneka kuti amazisefa mwanjira ina.
  • (3) Seva yotetezeka kwambiri yapaintaneti ndi yomwe ili kumbuyo kwa firewall yodzipatulira, WAF yake, koma tikukamba za VPS / Dedicated.
  • (4) Segmentsmak.
  • (5) Moto.

Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. Lowani muakauntichonde.

Kodi madoko anu amatuluka?

  • Nthawizonse

  • Nthawi zina

  • Ayi

  • Sindikudziwa, fuck

Ogwiritsa ntchito 54 adavota. Ogwiritsa 6 adakana.

Source: www.habr.com

Kuwonjezera ndemanga