Muzvikamu zviviri zvekutanga zve2020, huwandu hwekurwiswa kweDDoS hwakada kupetwa katatu, ne65% yavo iri kuyedza "kuyedza mitoro" iyo "inodzima" nzvimbo dzisingadzivirirwe dzezvitoro zvidiki zvepamhepo, maforamu, mablogiki, uye midhiya.
Nzira yekusarudza DDoS-yakachengetedzwa hosting? Chii chaunofanira kuteerera uye chii chaunofanira kugadzirira kuitira kuti usazopedzisira wava mumamiriro ezvinhu asingafadzi?
(Kudzivirira kushambadzira kwe "grey" mukati)
Kuwanikwa uye zvakasiyana-siyana zvekushandisa kuita DDoS kurwisa kunomanikidza varidzi vepamhepo masevhisi kutora matanho akakodzera kurwisa kutyisidzira. Iwe unofanirwa kufunga nezvekudzivirirwa kweDDoS kwete mushure mekukundikana kwekutanga, uye kwete kunyange sechikamu chezviyero zvekuwedzera kukanganisa kushivirira kwezvivakoti, asi padanho rekusarudza nzvimbo yekuisa (hosting provider kana data center).
Kurwiswa kweDDoS kunoiswa mumapoka zvichienderana nemaprotocol ayo kusavimbika kwawo kunoshandiswa kusvika kumatanho eiyo Open Systems Interconnection (OSI) modhi:
- chiteshi (L2),
- network (L3),
- kutakura (L4),
- kushandiswa (L7).
Kubva pakuona kwemasisitimu ekuchengetedza, anogona kuumbwa mumapoka maviri: kurwisa kwemazinga ezvivakwa (L2-L4) uye kurwiswa kwedanho rekushandisa (L7). Izvi zvinokonzerwa nekutevedzana kwekuita kwekuongorora traffic algorithms uye computational kuomarara: kudzika kwatinotarisa muIP packet, iyo yakawanda komputa simba inodiwa.
Kazhinji, dambudziko rekugadzirisa maverengero kana uchigadzirisa traffic munguva chaiyo inyaya yeakasiyana akateedzana ezvinyorwa. Ikozvino ngatimbofungidzira kuti kune mumwe wegore anopa ane mamiriro asina muganho emakomputa zviwanikwa izvo zvinogona kuchengetedza mawebhusaiti kubva kune application-level kurwiswa (kusanganisira ).
3 mibvunzo mikuru yekuona dhigirii rekuchengetedza kuchengetedza kurwisa DDoS kurwiswa
Ngatitarisei mitemo yebasa rekudzivirira kubva kuDDoS kurwiswa uye Service Level Agreement (SLA) yemupi wekutambira. Dzine mhinduro dzemibvunzo inotevera here?
- ndezvipi zvipimo zvehunyanzvi zvinotaurwa nemupi webasa??
- chii chinoitika kana mutengi achipfuura miganhu?
- Mupi wekutambira anovaka sei dziviriro pakurwisa DDoS (tekinoroji, mhinduro, vatengesi)?
Kana iwe usina kuwana ruzivo urwu, saka ichi ndicho chikonzero chekufunga nezvekukosha kwemupi webasa, kana kuronga zvakakosha DDoS kudzivirira (L3-4) iwe pachako. Semuyenzaniso, raira kubatana kwemuviri kunetiweki yeakasarudzika kuchengetedza mupi.
Zvinokosha! Hapana chikonzero chekupa dziviriro kubva pakurwisa-level kurwiswa uchishandisa Reverse Proxy kana mupi wako wekutambira asingakwanise kupa dziviriro kubva pakurwisa-nhanho-nhanho: michina yetiweki icharemerwa uye isingawanikwe, kusanganisira yemaseva eproxy wegore (Mufananidzo. 1).
Mufananidzo 1. Kurwiswa kwakananga pahosting provider's network
Uye usavarega vaedze kukuudza ngano kuti iyo chaiyo IP kero ye server yakavanzwa kuseri kwegore remuchengetedzi wekuchengetedza, izvo zvinoreva kuti hazvibviri kurwisa zvakananga. Muzviitiko zvipfumbamwe kubva mugumi, hazvizove zvakaoma kune anorwisa kuti awane iyo chaiyo IP kero yevhavha kana kuti kanenge iyo yekutambira network network kuitira "kuparadza" iyo data data rese.
Matsotsi anoita sei mukutsvaga chaiyo IP kero
Pazasi pevapambi pane akati wandei nzira dzekutsvaga chaiyo IP kero (yakapihwa nekuda kweruzivo).
Method 1: Tsvaga munzvimbo dzakavhurika
Unogona kutanga kutsvaga kwako neinternet service: Inotsvaga iyo yakasviba webhu, mapepa ekugovera mapuratifomu, maitiro Whois data, kuburitswa kweruzhinji data uye mamwe akawanda masosi.
Kana, zvichibva pane zvimwe zviratidzo (HTTP misoro, Whois data, nezvimwewo), zvaikwanisika kuona kuti kuchengetedzwa kwesaiti kwakarongeka uchishandisa Cloudflare, saka unogona kutanga kutsvaga iyo chaiyo IP kubva., iyo ine mamirioni matatu IP kero yemasaiti ari kuseri kweCloudflare.
Kushandisa SSL chitupa uye sevhisi unogona kuwana ruzivo rwakawanda runobatsira, kusanganisira iyo chaiyo IP kero yesaiti. Kuti uite chikumbiro chechishandiso chako, enda kune Zvitupa tebhu uye pinda:
_parsed.names: zitasite AND tags.raw: trusted
Kuti utsvage IP kero dzemaseva uchishandisa SSL chitupa, uchafanirwa kuenda nemaoko kuburikidza nekudonhedza-pasi rondedzero ine akati wandei maturusi (iyo "Ongorora" tab, wozosarudza "IPv4 Hosts").
Nzira 2: DNS
Kutsvaga nhoroondo yeDNS rekodhi shanduko inzira yekare, inopupurirwa. Iyo yapfuura IP kero yesaiti inogona kujekesa kuti ndeipi yekutambira (kana data data) yaive pairi. Pakati pemasevhisi epamhepo maererano nekureruka kwekushandisa, zvinotevera zvinomira pachena: ΠΈ .
Paunoshandura marongero, saiti yacho haizokurumidza kushandisa IP kero yegore kuchengetedza mupi kana CDN, asi ichashanda zvakananga kwenguva yakati. Muchiitiko ichi, pane mukana wekuti masevhisi epamhepo ekuchengetedza nhoroondo yeIP kero shanduko ane ruzivo nezve kunobva kero yesaiti.
Kana pasina chimwe kunze kwezita rekare reDNS server, wobva washandisa zvakakosha zvinoshandiswa (dig, host kana nslookup) unogona kukumbira IP kero nezita renzvimbo yesaiti, semuenzaniso:
_dig @old_dns_server_name zitasaiti
Nzira 3: email
Pfungwa yenzira iyi ndeye kushandisa mhinduro / fomu rekunyoresa (kana chero imwe nzira inobvumidza iwe kuti utange kutumira tsamba) kugamuchira tsamba kune yako email uye kutarisa misoro, kunyanya iyo "Yakagamuchirwa" ndima. .
Iyo email musoro kazhinji ine iyo chaiyo IP kero yeMX rekodhi (email exchange server), inogona kuve yekutanga nzvimbo yekutsvaga mamwe maseva pane chinangwa.
Tsvaga Automation Tools
IP yekutsvaga software kuseri kwe Cloudflare shield inowanzo shanda kumabasa matatu:
- Skena yeDNS misconfiguration uchishandisa DNSDumpster.com;
- Crimeflare.com dhatabhesi scan;
- tsvaga subdomain uchishandisa nzira yekutsvaga duramazwi.
Kutsvaga subdomain kazhinji ndiyo inonyanya kushanda sarudzo yevatatu - muridzi wesaiti anogona kuchengetedza saiti huru uye kusiya subdomain ichimhanya zvakananga. Nzira iri nyore yekutarisa ndeye kushandisa .
Pamusoro pezvo, kune zvishandiso zvakagadzirirwa chete kutsvaga subdomain uchishandisa duramazwi kutsvaga uye kutsvaga munzvimbo dzakavhurika, semuenzaniso: kana .
Kutsvaga kunoitika sei mukuita
Semuenzaniso, ngatitore saiti seo.com tichishandisa Cloudflare, yatichawana tichishandisa basa rinozivikanwa (inokutendera kuti mese muone matekinoroji / injini / CMS panoshanda saiti, uye zvinopesana - tsvaga masaiti nehunyanzvi hunoshandiswa).
Paunodzvanya pane "IPv4 Hosts" tab, iyo sevhisi inoratidza rondedzero yevatambi vachishandisa chitupa. Kuti uwane iyo yaunoda, tsvaga IP kero ine yakavhurika port 443. Kana iyo inodzosera kune yaunoda saiti, ipapo basa rinopera, kana zvisina kudaro iwe unofanirwa kuwedzera zita renzvimbo yesaiti kune "Host" musoro weiyo. Chikumbiro cheHTTP (semuenzaniso, *curl -H "Host: saiti_name" *).
Muchiitiko chedu, kutsvaga mu database yeCensys hakuna kupa chero chinhu, saka tinoenderera mberi.
Isu tichaita DNS kutsvaga kuburikidza nesevhisi.
Nekutsvaga kuburikidza nemakero akataurwa mumazita eDNS maseva achishandisa CloudFail utility, tinowana zviwanikwa zvekushanda. Chigumisiro chichave chakagadzirira mumasekondi mashomanana.
Tichishandisa chete data yakavhurika uye maturusi akareruka, takasarudza iyo chaiyo IP kero yewebhu server. Kusara kweanorwisa inyaya yehunyanzvi.
Ngatidzokere pakusarudza mupi wekutambira. Kuti tiongorore kubatsirwa kwesevhisi kune mutengi, isu tichafunga dzingangove nzira dzekudzivirira kubva kuDDoS kurwiswa.
Kuti mupi wekutambira anovaka sei kudzivirira kwayo
- Yako yekudzivirira sisitimu ine kusefa michina (Mufananidzo 2).
Inoda:
1.1. Traffic kusefa michina uye marezinesi esoftware;
1.2. Nyanzvi dzenguva yakazara yerutsigiro nekushanda kwayo;
1.3. Nzira dzekuwana paInternet dzinove dzakakwana kugamuchira kurwiswa;
1.4. Yakakosha prepaid chiteshi bandwidth yekugamuchira "junk" traffic.
Mufananidzo 2. Hosting provider's own security system
Kana isu tikafunga iyo yakatsanangurwa sisitimu senzira yekudzivirira kurwiswa kwemazuva ano kweDDoS kwemazana eGbps, saka hurongwa hwakadaro huchadhura mari yakawanda. Mupi wekutambira ane dziviriro yakadaro here? Akagadzirira kubhadhara "junk" traffic? Zviripachena, muenzaniso wehupfumi wakadaro haubatsiri kune mupi kana mitero isingapi mari yekuwedzera. - Reverse Proxy (yemawebhusaiti uye mamwe maapplication chete). Pasinei nenhamba , mutengesi haavimbisi kudzivirirwa kune zvakananga DDoS kurwisa (ona Mufananidzo 1). Vanopa vanopa vanowanzopa mhinduro yakadai sepanacea, kushandura mutoro kune mupi wekuchengetedza.
- Sevhisi yeakasarudzika gore mupi (kushandisa kwayo kusefa network) kudzivirira kubva kuDDoS kurwiswa pamatanho ese eOSI (Mufananidzo 3).
Mufananidzo 3. Kudzivirirwa kwakazara kubva kuDDoS kurwiswa uchishandisa nyanzvi mupi
inotora kubatanidzwa kwakadzama uye nehupamhi hwehunyanzvi hwehunyanzvi hwemapato ese ari maviri. Outsourcing traffic kusefa masevhisi inobvumira mupi wekutambira kudzikisa mutengo wemamwe masevhisi kumutengi.
Zvinokosha! Iyo yakanyanya kutsanangurwa maitiro ehunyanzvi hwesevhisi yakapihwa inotsanangurwa, inowedzera mukana wekuda kuitiswa kwavo kana muripo kana nguva yekupera.
Pamusoro peiyo nzira nhatu huru, kune akawanda masanganiswa uye masanganiswa. Paunenge uchisarudza yekutambira, zvakakosha kuti mutengi ayeuke kuti sarudzo haizotsamira kwete chete pakukura kweakavharidzirwa kurwiswa uye kurongeka kwesefa, asiwo nekumhanya kwekupindura, pamwe neruzivo rwemukati (rondedzero yeakavharirwa kurwisa, general manhamba, nezvimwewo).
Rangarira kuti vashoma chete vanopa vanopa vari munyika vanokwanisa kupa mwero unogamuchirika wedziviriro vari vega; mune zvimwe zviitiko, kushandira pamwe uye kugona kuverenga nekunyora kunobatsira. Saka, kunzwisisa misimboti yekutanga yekuronga dziviriro kubva kuDDoS kurwiswa kuchabvumira muridzi wesaiti kuti arege kuwira nekuda kwekutengesa tricks uye kusatenga "nguruve mupoke."
Source: www.habr.com