ProHoster > Blog > Utongi > Usavhure madoko kune nyika - iwe uchaputswa (njodzi)

Usavhure madoko kune nyika - iwe uchaputswa (njodzi)

Usavhure madoko kune nyika - iwe uchaputswa (njodzi)

Nguva nenguva, mushure mekuita ongororo, mukupindura kurudziro yangu yekuviga zviteshi kuseri kwechichena-rondedzero, ndinosangana nemadziro ekusanzwisisa. Kunyangwe inotonhorera admins / DevOps vanobvunza: "Sei?!?"

Ini ndinofunga kufunga nezve njodzi mukudzika kwehurongwa hwekugona kuitika nekukuvadzwa.

  1. Configuration kukanganisa
  2. DDoS pamusoro peIP
  3. Brute force
  4. Kusagadzikana kwebasa
  5. Kernel stack kusagadzikana
  6. Kuwedzera DDoS kurwisa

Configuration kukanganisa

Mamiriro ezvinhu akajairika uye ane ngozi. Zvinoitika sei. Mugadziri anofanirwa kukurumidza kuyedza iyo hypothesis; anogadzika sevha yenguva pfupi ine mysql/redis/mongodb/elastic. Iyo password, hongu, yakaoma, anoishandisa kwese kwese. Inovhura iyo sevhisi kune nyika - zviri nyore kwaari kuti abatanidze kubva kuPC yake pasina aya maVPN ako. Uye ndine usimbe hwekurangarira iptables syntax; sevha ndeyechinguva zvakadaro. Mamwe mazuva akati wandei ebudiriro - zvakazoitika zvakanaka, tinogona kuzviratidza kumutengi. Mutengi anozvifarira, hapana nguva yekuzviitazve, tinotangisa muPROD!

Muenzaniso wakawedzeredzwa nemaune kuti uende nepakati pese reki:

  1. Hapana chimwe chinogara chisingaperi kupfuura chenguva pfupi - ini handifarire mutsara uyu, asi zvinoenderana nemanzwiro ekuzvibata, 20-40% yemaseva akadaro enguva pfupi anogara kwenguva yakareba.
  2. Pasiwedhi yakaoma kunzwisisa yepasirese iyo inoshandiswa mumasevhisi mazhinji yakaipa. Nekuti imwe masevhisi pakashandiswa password iyi inogona kunge yakabiwa. Imwe nzira kana imwe, iyo dhatabhesi yeakabiwa masevhisi anodirana mune imwe, iyo inoshandiswa kune [brute force]*.
    Zvakakodzera kuwedzera kuti mushure mekuiswa, redis, mongodb uye elastic zvinowanzo kuwanikwa pasina humbowo, uye dzinowanzo dzorerwa. kuunganidzwa kwemadatabase akavhurika.
  3. Zvinogona kuita sekunge hapana munhu achatarisa yako 3306 chiteshi mumazuva mashoma. Kurasika! Masscan inhamba yakanaka scanner uye inogona kutarisisa pa10M ports pasekondi. Uye pane mabhiriyoni mana chete IPv4 paInternet. Saizvozvo, ese 4 ports paInternet anowanikwa mumaminetsi manomwe. Charles!!! Maminitsi manomwe!
    "Ndiani anoda izvi?" - unopikisa. Saka ndinoshamisika kana ndikatarisa huwandu hweakadonhedza mapakeji. Ndekupi zviuru makumi mana kuedza kuedza kubva ku40 zviuru zvakasiyana IPs zvinobva pazuva? Iye zvino munhu wese ari kutarisisa, kubva kune vanobira amai kusvika kuhurumende. Zviri nyore kutarisa - tora chero VPS yemadhora matatu-3 kubva kune chero ** inodhura ndege, gonesa kutema mapakeji akadonhedzwa uye tarisa irogi muzuva.

Kugonesa kutema

Mu /etc/iptables/rules.v4 wedzera kusvika kumagumo:
-A INPUT -j LOG --log-prefix "[FW - ALL] " --log-level 4

Uye mukati /etc/rsyslog.d/10-iptables.conf
:msg,ine,"[FW - "/var/log/iptables.log
& mira

DDoS pamusoro peIP

Kana munhu anorwisa achiziva IP yako, anogona kubira server yako kwemaawa akawanda kana mazuva. Havasi vese vane mutengo wakaderera wekutambira vanopa vane DDoS dziviriro uye server yako inongobviswa kubva kunetiweki. Kana iwe wakavanza sevha yako kuseri kweCDN, usakanganwa kushandura IP, zvikasadaro hacker ichaitsvaga uye DDoS server yako ichipfuura neCDN (chikanganiso chakakurumbira).

Kusagadzikana kwebasa

Yese yakakurumbira software nekukurumidza kana gare gare inowana zvikanganiso, kunyangwe iyo yakanyanya kuyedzwa uye yakakosha. Pakati pevanyanzvi veIB, pane hafu-joke - chengetedzo yezvivakwa inogona kuongororwa zvakachengeteka nenguva yekupedzisira yekuvandudza. Kana zvivakwa zvako zvakapfuma muzviteshi zvinonamira munyika, uye usati wazvigadziridza kwegore, saka chero nyanzvi yezvekuchengetedza ichakuudza pasina kutarisa kuti uri kudonha, uye kazhinji ingangove yakabiwa.
Izvo zvakakoshawo kutaura kuti kusagadzikana kwese kwaizivikanwa kwaimbozivikanwa. Fungidzira hacker akawana dambudziko rakadaro uye akaongorora Indaneti yose mumaminitsi e7 nekuda kwekuvapo kwayo ... Heino hutachiona hutsva hwehutachiona) Tinoda kugadzirisa, asi izvi zvinogona kukuvadza chigadzirwa, iwe unoti. Uye iwe uchave wakarurama kana mapakeji asina kuisirwa kubva kune yepamutemo OS repositories. Kubva pane zvakaitika, zvigadziriso kubva kune yepamutemo repository hazviwanzo kutyora chigadzirwa.

Brute force

Sezvatsanangurwa pamusoro, kune dhatabhesi ine hafu yebhiriyoni mapassword ayo ari nyore kunyora kubva pane keyboard. Mune mamwe mazwi, kana usina kugadzira password, asi wakanyora zviratidzo zviri padyo nekhibhodi, iva nechokwadi * kuti zvinokuvhiringa.

Kernel stack kusagadzikana.

Izvo zvinoitikawo **** kuti hazvina basa kana sevhisi inovhura chiteshi, kana kernel network stack pachayo iri panjodzi. Kureva kuti, chero tcp/udp socket pane yemakore maviri ekuzvarwa system inobatwa nenjodzi inotungamira kuDDoS.

Kuwedzera DDoS kurwisa

Izvo hazvizokonzere kukuvadzwa kwakananga, asi zvinogona kuvhara chiteshi chako, kuwedzera mutoro pahurongwa, IP yako inozoguma pane imwe nhema-rondedzero *****, uye iwe uchagamuchira kushungurudzwa kubva kumuridzi.

Unoda here njodzi dzose idzi? Wedzera imba yako uye yebasa IP kune chena-runyorwa. Kunyangwe iine simba, pinda mukati meiyo hoster's admin panel, kuburikidza newebhu console, uye ingo wedzera imwe.

Ndanga ndichivaka nekudzivirira IT zvivakwa kwemakore gumi nemashanu. Ndakagadzira mutemo wandinokurudzira zvakasimba kumunhu wese - hapana chiteshi chinofanira kunamatira munyika pasina runyoro ruchena.

Semuyenzaniso, iyo yakachengeteka zvakanyanya web server*** ndiyo inovhura 80 ne443 chete yeCDN/WAF. Uye sevhisi zviteshi (ssh, netdata, bacula, phpmyadmin) inofanirwa kunge iri kuseri kweiyo chena-rondedzero, uye kunyangwe zvirinani kuseri kweVPN. Zvikasadaro, unogona kukanganiswa.

Ndizvo chete zvandaida kutaura. Chengetedza zviteshi zvako zvakavharwa!

  • (1) UPD1: zviri unogona kutarisa password yako inotonhorera yepasirese (usaite izvi usina kutsiva iyi password neinongoitika mumasevhisi ese), ingave yakabuda mudura re data rakabatanidzwa. Uye pano unogona kuona kuti mangani masevhisi akabiwa, kwaisanganisirwa email yako, uye, zvinoenderana, tsvaga kana yako inotonhorera password yepasirese yakakanganiswa.
  • (2) Kuchikwereti cheAmazon, LightSail ine mashoma scans. Sezviri pachena vanochisefa neimwe nzira.
  • (3) Iyo yakatonyanya kuchengetedzeka sevha yewebhu ndiyo iri kuseri kweyakazvitsaurira firewall, yayo WAF, asi isu tiri kutaura nezveruzhinji VPS/Dedicated.
  • (4) Segmentsmak.
  • (5) Firehol.

Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. Nyorera mu, Munogamuchirwa.

Ko madoko ako anomira kunze?

  • Nguva dzose

  • Dzimwe nguva

  • Kwete

  • Handizivi, fuck

54 vashandisi vakavhota. 6 vashandisi vakaramba.

Source: www.habr.com

Voeg