Uhlaselo lwe-DDoS luhlala lusesinye sezihloko ezixoxwe kakhulu kwinkalo yokhuseleko lolwazi. Kwangaxeshanye, ayinguye wonke umntu owaziyo ukuba itrafikhi ye-bot, esisixhobo sohlaselo olunjalo, ibandakanya ezinye iingozi ezininzi kwishishini le-Intanethi. Ngoncedo lwe-bots, abahlaseli abakwazi ukukhubaza iwebhusayithi kuphela, kodwa baphinde babambe idatha, bagqwethe iimethrikhi zezoshishino, banyuse iindleko zentengiso, kwaye bachithe igama lesayithi. Makhe sihlalutye izoyikiso ngokubanzi, kwaye kwakhona kukukhumbuza malunga neendlela ezisisiseko zokukhusela.
Ukucazulula
Iibhothi zihlala zicazulula (oko kukuthi, ukuqokelela) idatha kwiindawo zomntu wesithathu. Baye beba umxholo baze bawupapashe ngaphandle kokuchaza umthombo. Ngexesha elifanayo, ukuthumela umxholo okhutshelweyo kwiindawo zomntu wesithathu kunciphisa umthombo wemithombo kwiziphumo zokukhangela, oku kuthetha ukunciphisa abaphulaphuli, ukuthengisa kunye nengeniso yentengiso yesayithi. IiBots zikwalandelela amaxabiso ukuthengisa iimveliso ngexabiso eliphantsi kwaye zigxothe abathengi. Bathenga izinto ezahlukeneyo ukuze bazithengise ngexabiso eliphezulu. Unokwenza imiyalelo yobuxoki yokulayisha izixhobo zokusebenza kwaye wenze iimpahla zingafumaneki kubasebenzisi.
I-Parsing inempembelelo ebalulekileyo kumsebenzi weevenkile ze-intanethi, ngakumbi ezo zihamba phambili zivela kwiindawo ze-aggregator. Emva kokwahlula amaxabiso, abahlaseli babeka ixabiso lemveliso ngaphantsi kancinci kunexabiso lokuqala, kwaye oku kubavumela ukuba banyuke ngokubonakalayo kwiziphumo zophando. Iiportal zokuhamba nazo zihlala ziphantsi kohlaselo lwe-bot: ulwazi malunga namatikiti, ukhenketho kunye neehotele zibiwe kubo.
Ngokubanzi, ukuziphatha kulula: ukuba isibonelelo sakho sinomxholo oyingqayizivele, i-bots sele ifikile kuwe.
Ukwahlulahlula kunokwenziwa ngokunyuka ngesiquphe kwezithuthi, kunye nokubeka esweni imigaqo-nkqubo yamaxabiso yabo bakhuphisana nabo. Ukuba ezinye iisayithi zikopa ngoko nangoko utshintsho lwakho lwexabiso, oko kuthetha ukuba ii-bots zibandakanyeka kakhulu.
Ukukopela
Izikhombisi ezongeziweyo ziyimpembelelo ehambelanayo yobukho be-bots kwisayithi. Zonke izenzo zebhot zibonakaliswa kwiimetriki zeshishini. Ekubeni isabelo sokuhamba ngokungekho mthethweni sibalulekile, izigqibo ezisekelwe kuhlalutyo lwemithombo zihlala ziphosakele.
Abathengisi bafunda indlela abatyeleli abasebenzisa ngayo isibonelelo kwaye bathenge. Bajonga amazinga okuguqulwa kunye nokukhokela kwaye bachonge iifuneli eziphambili zokuthengisa. Iinkampani nazo zenza iimvavanyo ze-A / B kwaye, kuxhomekeke kwiziphumo, zibhala izicwangciso zokusebenza kwendawo. Iibhothi ziphembelela zonke ezi zikhombisi, ezikhokelela kwizigqibo ezingenangqondo kunye neendleko ezingeyomfuneko zokuthengisa.
Abahlaseli banokusebenzisa i-bots ukuphembelela isidima seendawo, kubandakanywa neenethiwekhi zentlalo. Imeko iyafana neendawo zokuvota kwi-intanethi, apho iibhothi zihlala zinyusa izikhombisi ukuze ukhetho abahlaseli bafuna luphumelele.
Indlela yokubona ukuqhatha:
- Jonga uhlalutyo lwakho. Ukunyuka okubukhali kunye nokungalindelekanga kuyo nayiphi na isalathisi, njengemizamo yokungena, ihlala ithetha ukuhlaselwa kwe-bot.
- Lawula utshintsho kwimvelaphi yendlela. Kwenzeka ukuba indawo ifumana inani elikhulu ngokungaqhelekanga lezicelo ezivela kumazwe angaqhelekanga - oku kuyamangalisa ukuba awuzange ujolise kumaphulo kubo.
Ukuhlaselwa kweDDoS
Abantu abaninzi baye beva malunga nokuhlaselwa kwe-DDoS okanye banamava kubo. Kuyafaneleka ukuba uqaphele ukuba umthombo awusoloko ukhutshaziwe ngenxa yetrafikhi ephezulu. Uhlaselo lwe-API luhlala lusezantsi-frequency, kwaye ngelixa isicelo siqhekeka, i-firewall kunye ne-balancer yomthwalo isebenza ngokungathi akukho nto yenzekileyo.
I-traffic tripling kwiphepha lasekhaya ayinakuba nefuthe ekusebenzeni kwesayithi, kodwa umthwalo ofanayo ngqo kwiphepha lenqwelo likhokelela kwiingxaki, ekubeni isicelo siqala ukuthumela izicelo ezininzi kuzo zonke iinxalenye ezibandakanyekayo kwiintengiselwano.
Indlela yokubona ukuhlaselwa (iingongoma ezimbini zokuqala zinokubonakala zicacile, kodwa ungazihoyi):
- Abathengi bakhalaza ukuba indawo ayisebenzi.
- Isiza okanye amaphepha ngamanye ayacotha.
- I-Traffic kumaphepha ngamnye inyuka ngokukhawuleza, kwaye inani elikhulu lezicelo livela kwinqwelo okanye iphepha lokuhlawula.
Ukuqhekezwa kweeakhawunti zakho
I-BruteForce, okanye i-password brute force, ihlelwe ngokusebenzisa i-bots. Oovimba beenkcukacha abavuzayo basetyenziselwa ukugqekeza. Ngokwe-avareji, abasebenzisi beza bengenazo iinketho ezingaphezu kwesihlanu ze-password kuzo zonke iiakhawunti ze-intanethi - kwaye ukhetho lukhethwa ngokulula yi-bots ejonga izigidi zendibaniselwano ngexesha elifutshane. Emva koko abahlaseli banokuphinda bathengise indibaniselwano yangoku yokungena kunye namagama ayimfihlo.
Abahlaseli banokuthatha iiakhawunti zabo kwaye basebenzise inzuzo yabo. Ngokomzekelo, ukurhoxisa iibhonasi eziqokelelweyo, ubambe amatikiti athengiweyo kwimisitho - ngokubanzi, kukho iinketho ezininzi zezenzo ezingaphezulu.
Ukuqaphela i-BruteForce akunzima kakhulu: into yokuba abahlaseli bazama ukukrazula i-akhawunti kuboniswa ngenani eliphezulu ngokungaqhelekanga lokuzama ukungena ngemvume okungaphumelelanga. Nangona kwenzeka ukuba abahlaseli bathumele inani elincinci lezicelo.
Ukucofa
Ukucofa kwiintengiso ze-bots kunokukhokelela kwilahleko enkulu kwiinkampani ukuba zishiywe zingaqatshelwa. Ngexesha lohlaselo, ii-bots zicofa kwiintengiso ezifakwe kwisiza kwaye ngaloo ndlela zichaphazela kakhulu iimethrikhi.
Abakhangisi ngokucacileyo balindele ukuba iibhena kunye neevidiyo ezifakwe kwiindawo ziya kubonwa ngabasebenzisi bokwenyani. Kodwa ekubeni inani leempembelelo lilinganiselwe, intengiso, ngenxa ye-bots, iboniswa kubantu abambalwa nabancinci.
Iisayithi ngokwazo zifuna ukwandisa inzuzo yazo ngokubonisa iintengiso. Kwaye abakhangisi, ukuba babona i-bot traffic, banciphisa umthamo wokubekwa kwindawo, okukhokelela ekulahlekeni kunye nokuwohloka kwegama lendawo.
Iingcali zichonga ezi ndidi zilandelayo zobuqhophololo kwintengiso:
- Iimbono ezingeyonyani. IiBots zityelela amaphepha amaninzi ewebhusayithi kwaye zivelise iimbono zentengiso ezingekho mthethweni.
- Cofa ubuqhophololo. Iibhothi zicofa kwiikhonkco zentengiso ekufuneni, okukhokelela ekunyuseni kweendleko zentengiso yokukhangela.
- Ukujolisa kwakhona. IiBots zindwendwela iisayithi ezininzi ezisemthethweni phambi kokuba ucofe ukwenza icookie, ebiza kakhulu kubathengisi.
Ukubona njani ukucofa? Ngokuqhelekileyo, emva kokuba i-traffic isusiwe kubuqhophololo, izinga lokuguqulwa liyancipha. Ukuba ubona ukuba umthamo wokucofa kwiibhanari uphezulu kunokuba kulindelwe, ngoko oku kubonisa ubukho be-bots kwisayithi. Ezinye izalathi zetrafiki ezingekho mthethweni zinokubandakanya:
- Ukonyuka kocofa kwiintengiso ezinoguqulo oluncinci.
- Ukuguqulwa kuyehla, nangona umxholo wentengiso ungatshintshanga.
- Ukucofa okuninzi ukusuka kwenye Iidilesi ze-IP.
- Izinga lokubandakanyeka komsebenzisi eliphantsi (kubandakanywa nenani elikhulu le-bounces) kunye nokunyuka kokuchofoza.
Khangela ubuthathaka
Uvavanyo lobuthathaka lwenziwa ngeenkqubo ezizenzekelayo ezijonga ubuthathaka kwisiza kunye ne-API. Izixhobo ezidumileyo ziquka iMetasploit, Burp Suite, Grendel Scan, kunye neNmap. Zombini iinkonzo eziqeshwe ngokukhethekileyo yinkampani kunye nabahlaseli banokuskena indawo. IiSayithi zithethathethana neengcali zokuqhekeza ukujonga ukhuseleko lwazo. Kule meko, iidilesi ze-IP zabaphicothi-zincwadi zibandakanyiwe kuluhlu olumhlophe.
Kwelinye icala, abahlaseli bavavanya iiwebhusayithi ngaphandle kwesivumelwano sangaphambili. Abaphangi emva koko basebenzisa iziphumo zezi mvavanyo ngeenjongo zabo: umzekelo, banokuphinda bathengise ulwazi malunga nobuthathaka besiza. Ngamanye amaxesha, izixhobo aziskenwa ngabom, kodwa njengenxalenye yomzamo wokusebenzisa ubuthathaka kwizixhobo zomntu wesithathu. Umzekelo, cinga, WordPressUkuba kukho impazamo efunyenweyo kwinguqulelo ethile, ii-bots zikhangela kuzo zonke iisayithi ezisebenzisa loo nguqulelo. Ukuba isixhobo sakho sikuluhlu olunjalo, lindela ukutyelelwa ngabaphangi.
Indlela yokufumanisa i-bots?
Ukufumana amanqaku abuthathaka kwisiza, abahlaseli baqala baqhube ukuhlaziya, okukhokelela ekwandeni komsebenzi okrokrelayo kwisiza. Ukucoca i-bots kweli nqanaba kuya kunceda ukuphepha ukuhlaselwa okulandelayo. Nangona i-bots kunzima ukuyibona, izicelo ezithunyelwe kwidilesi ye-IP enye kuwo onke amaphepha esayithi zingaluphawu lwesilumkiso. Kufanelekile ukunikela ingqalelo ekwandeni kwezicelo zamaphepha angekhoyo.
Ukupela
Iibhothi zinokuzalisa iifom zewebhusayithi kunye nomxholo wenkunkuma ngaphandle kolwazi lwakho. Abagaxekile bashiya izimvo kunye nophononongo, benze ubhaliso lomgunyathi kunye neodolo. Indlela yeklasi yokulwa ne-bots, i-CAPTCHA, ayisebenzi kulo mzekelo kuba iyabacaphukisa abasebenzisi bokwenene. Ukongeza, ii-bots zifunde ukudlula izixhobo ezinjalo.
Amaxesha amaninzi, i-spam ayinabungozi, kodwa kwenzeka ukuba ii-bots zibonelela ngeenkonzo ezingathandabuzekiyo: zithumela izibhengezo zokuthengisa izinto zomgunyathi kunye namayeza, zikhuthaza amakhonkco kwiindawo zoononografi, kwaye zikhokelela abasebenzisi kwimithombo yobuqhophololo.
Uzibona njani iibhot ze-spammer:
- Ukuba ugaxekile uvela kwisiza sakho, ngoko ke kusenokwenzeka ukuba yi-bots eyithumelayo.
- Zininzi iidilesi ezingasebenziyo kuluhlu lwakho lokuposa. Iibhothi zihlala zishiya ii-imeyile ezingekhoyo.
- Amaqabane akho kunye nabathengisi bakhalaza ukuba izikhokelo ze-spam zivela kwindawo yakho.
Kule nqaku kunokubonakala ngathi kunzima ukulwa ne-bots ngokwakho. Ngapha koko, oku kunjalo, kwaye kungcono ukuphathisa ukhuseleko lwewebhusayithi kwiingcali. Nditsho neenkampani ezinkulu zihlala zingakwazi ukujonga ngokuzimeleyo itrafikhi engekho mthethweni, kancinci kakhulu ukuyihluza, kuba oku kufuna ubuchule obubalulekileyo kunye neendleko ezinkulu kwiqela le-IT.
I-Variti ikhusela iiwebhusayithi kunye nee-API kuzo zonke iintlobo zokuhlaselwa kwe-bot, kubandakanywa ukukhwabanisa, i-DDoS, ukucofa kunye nokukrazula. Itekhnoloji yethu yobunini be-Active Bot yoKhuseleko ikuvumela ukuba uchonge kwaye uvale i-bots ngaphandle kweCAPTCHA okanye uvale iidilesi ze-IP.
umthombo: www.habr.com
