ProHoster > I-blog > izindaba ze-inthanethi > Izinsongo eziyisikhombisa ezivela ku-bots kuwebhusayithi yakho

Izinsongo eziyisikhombisa ezivela ku-bots kuwebhusayithi yakho

Izinsongo eziyisikhombisa ezivela ku-bots kuwebhusayithi yakho

Ukuhlaselwa kwe-DDoS kuhlala kungesinye sezihloko okuxoxwe ngazo kakhulu emkhakheni wezokuphepha kolwazi. Ngesikhathi esifanayo, akuwona wonke umuntu owaziyo ukuthi ithrafikhi ye-bot, okuyithuluzi lokuhlasela okunjalo, ihlanganisa nezinye izingozi eziningi zebhizinisi eliku-inthanethi. Ngosizo lwe-bots, abahlaseli abakwazi ukukhubaza iwebhusayithi kuphela, kodwa futhi bantshontshe idatha, bahlanekezele amamethrikhi ebhizinisi, bakhulise izindleko zokukhangisa, futhi bonakalise isithunzi sesayithi. Ake sihlaziye izinsongo ngokuningiliziwe, futhi sikukhumbuze mayelana nezindlela eziyisisekelo zokuvikela.

Ukuhlahlela

Amabhothi ahlala ehlaziya (okungukuthi, ukuqoqa) idatha kumasayithi ezinkampani zangaphandle. Bantshontsha okuqukethwe bese beshicilela ngaphandle kokusho umthombo. Ngesikhathi esifanayo, ukuthumela okuqukethwe okukopishiwe kumasayithi ezinkampani zangaphandle kwehlisa insiza yomthombo emiphumeleni yosesho, okusho ukuncishiswa kwezithameli, imali engenayo yokuthengisa neyokukhangisa yesayithi. Amabhothi aphinde alandelele izintengo ukuze athengise imikhiqizo eshibhile futhi axoshe amakhasimende. Bathenga izinto ezahlukene ukuze bazidayise ngenani eliphezulu. Ingadala imiyalo engamanga ukuze ilayishe izinsiza futhi yenze izimpahla zingatholakali kubasebenzisi.

Ukuhlaziya kunomthelela omkhulu emsebenzini wezitolo eziku-inthanethi, ikakhulukazi lezo ezinethrafikhi yazo enkulu evela kumasayithi abahlanganisi. Ngemuva kokuhlaziya izintengo, abahlaseli basetha intengo yomkhiqizo ibe ngaphansi kancane kunentengo yoqobo, futhi lokhu kubavumela ukuthi bakhuphuke ngokuphawulekayo emiphumeleni yosesho. Izingosi zokuhamba nazo zivame ukuhlaselwa yi-bot: imininingwane emayelana namathikithi, izinkambo namahhotela yebiwa kubo.

Ngokuvamile, ukuziphatha kulula: uma insiza yakho inokuqukethwe okuyingqayizivele, ama-bots asevele eze kuwe.

Qaphela Ukuhlaziya kungenziwa ngokunyuka okungazelelwe kwethrafikhi, kanye nokuqapha izinqubomgomo zamanani zabaqhudelana nabo. Uma amanye amasayithi ekopisha ngokushesha izinguquko zakho zentengo, kusho ukuthi ama-bots cishe ayabandakanyeka.

Ukukopela

Izinkomba ezandayo ziwumphumela ohambisanayo wokuba khona kwe-bots kusayithi. Zonke izenzo ze-bot ziboniswa kumamethrikhi ebhizinisi. Njengoba isabelo sethrafikhi engekho emthethweni sibalulekile, izinqumo ezisekelwe ekuhlaziyweni kwezinsiza ngokuvamile ziba namaphutha.

Abathengisi bafunda ukuthi izivakashi zisebenzisa kanjani insiza futhi zithenge. Babheka amanani okuguqulwa kanye nemikhondo futhi bahlonze amafaneli abalulekile wokuthengisa. Izinkampani ziphinde zenze izivivinyo ze-A/B futhi, kuye ngemiphumela, zibhala amasu okusebenza kwesayithi. Amabhothi athonya zonke lezi zinkomba, okuholela ezinqumweni ezingenangqondo kanye nezindleko zokuthengisa ezingadingekile.
Abahlaseli bangaphinda basebenzise ama-bots ukuze bathinte isithunzi samasayithi, okuhlanganisa nezinkundla zokuxhumana. Isimo siyafana nezingosi zokuvota eziku-inthanethi, lapho ama-bots evame ukufutha izinkomba ukuze ukhetho abahlaseli abalufunayo luphumelele.

Indlela yokubona ukukopela:

  • Hlola izibalo zakho. Ukwanda okubukhali nokungalindelekile kunoma iyiphi inkomba, njengemizamo yokungena ngemvume, ngokuvamile kusho ukuhlasela kwe-bot.
  • Gada izinguquko emsuka wethrafikhi. Kwenzeka ukuthi isayithi lithole inani elikhulu ngokungavamile lezicelo ezivela emazweni angajwayelekile - lokhu kuyaxaka uma ungazange uqonde imikhankaso kuwo.

Ukuhlaselwa kwe-DDoS

Abantu abaningi bezwile ngokuhlaselwa kwe-DDoS noma bahlangabezane nakho. Kubalulekile ukuqaphela ukuthi insiza ayihlali ivaliwe ngenxa yethrafikhi ephezulu. Ukuhlaselwa kwe-API kuvame ukuba yimvamisa ephansi, futhi ngenkathi uhlelo luphahlazeka, i-firewall kanye nesilinganisi sokulayisha sisebenza sengathi akwenzekanga lutho.

Ithrafikhi ephindwe kathathu ekhasini lasekhaya ingase ingabi namuphi umthelela ekusebenzeni kwesayithi, kodwa umthwalo ofanayo ngqo ekhasini lenqola uholela ezinkingeni njengoba isicelo siqala ukuthumela izicelo eziningi kuzo zonke izingxenye ezihilelekile ekuthengiseni.

Ungakubona kanjani ukuhlaselwa (amaphuzu amabili okuqala angase abonakale esobala, kodwa ungawashayi indiva):

  • Amakhasimende akhononda ngokuthi indawo ayisebenzi.
  • Isayithi noma amakhasi ngamanye ayanensa.
  • Ithrafikhi emakhasini ngamanye ikhula kakhulu, futhi kuvela izicelo eziningi zenqola noma ikhasi lokukhokha.

Ukugebengwa kwama-akhawunti omuntu siqu

I-BruteForce, noma i-password brute force, ihlelwa kusetshenziswa ama-bots. Imininingo egciniwe eputshuziwe isetshenziselwa ukugebenga. Ngokwesilinganiso, abasebenzisi baqhamuke nezinketho zephasiwedi ezingaphezu kwezinhlanu zawo wonke ama-akhawunti aku-inthanethi - futhi izinketho zikhethwa kalula ama-bots ahlola izigidi zezinhlanganisela ngesikhathi esifushane kakhulu. Bese abahlaseli bangaphinda bathengise izinhlanganisela zamanje zokungena ngemvume namaphasiwedi.

Abaduni bangakwazi futhi ukuthatha ama-akhawunti omuntu siqu bese bewasebenzisa ukuze bazuze. Isibonelo, ukuhoxisa amabhonasi anqwabelene, ukweba amathikithi athengiwe emicimbi - ngokuvamile, kunezinketho eziningi zezinye izenzo.

Ukubona i-BruteForce akunzima kakhulu: iqiniso lokuthi abaduni bazama ukugebenga i-akhawunti kuboniswa ngenani eliphezulu ngokungavamile lemizamo yokungena engaphumelelanga. Nakuba kwenzeka ukuthi abahlaseli bathumela inombolo encane yezicelo.

Ukuchofoza

Ukuchofoza izikhangiso ze-bots kungaholela ekulahlekelweni okukhulu kwezinkampani uma kushiywe kungaqashelwa. Ngesikhathi sokuhlasela, ama-bots achofoza ezikhangisweni ezithunyelwe kusayithi futhi athinta kakhulu amamethrikhi.

Abakhangisi ngokusobala balindele ukuthi izibhengezo namavidiyo athunyelwe kumasayithi azobonwa abasebenzisi bangempela. Kodwa njengoba inani lokuvelayo lilinganiselwe, ukukhangisa, ngenxa ye-bots, kuboniswa kubantu abambalwa nabambalwa.

Amasayithi ngokwawo afuna ukwandisa inzuzo yawo ngokubonisa izikhangiso. Futhi abakhangisi, uma bebona ithrafikhi ye-bot, banciphisa umthamo wokubekwa kusayithi, okuholela ekulahlekelweni nasekuwohlokeni kwesithunzi sesayithi.

Ochwepheshe bahlonza izinhlobo ezilandelayo zokukhwabanisa kokukhangisa:

  • Ukubuka okungamanga. Ama-bots avakashela amakhasi amaningi ewebhusayithi futhi akhiqize ukubukwa kwezikhangiso ezingekho emthethweni.
  • Chofoza ukukhwabanisa. Amabhothi achofoza izixhumanisi zokukhangisa ekusesheni, okuholela ekwenyukeni kwezindleko zokukhangisa zokusesha.
  • Ithakotha kabusha. Ama-bots avakashela amasayithi amaningi asemthethweni ngaphambi kokuchofoza ukuze enze ikhukhi, elibiza kakhulu kubakhangisi.

Ungakuthola kanjani ukuchofoza? Ngokuvamile, ngemva kokususwa kwethrafikhi kukukhwabanisa, izinga lokuguqulwa liyehla. Uma ubona ukuthi ivolumu yokuchofoza kuma-banner iphezulu kunalokho obekulindelwe, khona-ke lokhu kubonisa ukuba khona kwe-bots kusayithi. Ezinye izinkomba zethrafikhi engekho emthethweni zingafaka:

  • Khuphula ukuchofoza ezikhangisweni ezinokuguqulwa okuncane.
  • Ukuguqulwa kuyehla, nakuba okuqukethwe kokukhangisa kungashintshile.
  • Ukuchofoza okuningi kusuka kokukodwa Amakheli e-IP.
  • Izinga lokusebenzelana eliphansi lomsebenzisi (okuhlanganisa nenani elikhulu lokubhampa) nokwenyuka kokuchofoza.

Poisk uyazvimostey

Ukuhlolwa kokuba sengozini kwenziwa izinhlelo ezizenzakalelayo ezibheka ubuthakathaka kusayithi ne-API. Amathuluzi adumile afaka i-Metasploit, iBurp Suite, i-Grendel Scan, ne-Nmap. Zombili izinsizakalo eziqashwe ngokukhethekile yinkampani nabahlaseli bangaskena isayithi. Amasayithi axoxisana nochwepheshe bokugebenga ukuze bahlole ukuvikela kwabo. Kulokhu, amakheli e-IP wabahloli bamabhuku afakiwe ohlwini olumhlophe.

Ngakolunye uhlangothi, abahlaseli bahlola amawebhusayithi ngaphandle kwesivumelwano sangaphambilini. Abahlaseli be-inthanethi base besebenzisa imiphumela yalezi zivivinyo ngezinjongo zabo: isibonelo, bangaphinde bathengise ulwazi mayelana nobuthakathaka besayithi. Ngezinye izikhathi, izinsiza aziskenwa ngenhloso, kodwa njengengxenye yomzamo wokusebenzisa ubuthakathaka ezinsizeni zenkampani yangaphandle. Thatha, isibonelo, WordPressUma kutholakala iphutha enguqulweni, ama-bot asesha wonke amasayithi asebenzisa leyo nguqulo. Uma umthombo wakho usohlwini olunjalo, lindela ukuvakashelwa yizigebengu.

Ungawathola kanjani ama-bots?

Ukuthola amaphuzu abuthakathaka kusayithi, abahlaseli baqale baqhube ukucwaninga, okuholela ekwandeni komsebenzi osolisayo kusayithi. Ukuhlunga ama-bots kulesi sigaba kuzosiza ukugwema ukuhlaselwa okulandelayo. Nakuba ama-bots kunzima ukuwabona, izicelo ezithunyelwe zisuka ekhelini le-IP elilodwa ziye kuwo wonke amakhasi esayithi zingaba uphawu oluyisixwayiso. Kuyafaneleka ukunaka ukwanda kwezicelo zamakhasi angekho.

Ugaxekile

Amabhothi angagcwalisa amafomu ewebhusayithi ngokuqukethwe okungafuneki ngaphandle kolwazi lwakho. Abathumela ogaxekile bashiya amazwana nezibuyekezo, badale ukubhaliswa nama-oda mbumbulu. Indlela yakudala yokulwa nama-bots, i-CAPTCHA, ayisebenzi kulokhu ngoba icasula abasebenzisi bangempela. Ngaphezu kwalokho, ama-bots afunde ukweqa amathuluzi anjalo.

Ngokuvamile, ugaxekile awunangozi, kodwa kwenzeka ukuthi ama-bots anikeze izinsizakalo ezingabazekayo: athumela izikhangiso zokuthengisa izinto zomgunyathi nemithi, akhuthaze izixhumanisi kumasayithi ocansi, futhi aholele abasebenzisi kwizinsiza zokukhwabanisa.

Ungawathola kanjani ama-spammer bots:

  • Uma kuvela ugaxekile kusayithi lakho, cishe kungenzeka ukuthi empeleni ama-bots athumelayo.
  • Kunamakheli amaningi angavumelekile ohlwini lwakho lokuposa. Amabhothi ngokuvamile ashiya ama-imeyili angekho.
  • Ozakwethu nabakhangisi bakhala ngokuthi imikhondo yogaxekile ivela kusayithi lakho.

Kusukela kulesi sihloko kungase kubonakale sengathi kunzima ukulwa ne-bots uwedwa. Eqinisweni, lokhu kunjalo, futhi kungcono ukuphathisa ukuvikelwa kwewebhusayithi kochwepheshe. Ngisho nezinkampani ezinkulu ngokuvamile azikwazi ukuqapha ngokuzimela ithrafikhi engekho emthethweni, kuncane kakhulu ukuyihlunga, njengoba lokhu kudinga ubuchwepheshe obubalulekile kanye nezindleko ezinkulu zethimba le-IT.

I-Variti ivikela amawebhusayithi nama-API kuzo zonke izinhlobo zokuhlaselwa kwe-bot, okuhlanganisa ukukhwabanisa, i-DDoS, ukuchofoza nokukhuhla. Ubuchwepheshe bethu bobunikazi be-Active Bot Protection bukuvumela ukuthi ubone futhi uvimbele ama-bot ngaphandle kwe-CAPTCHA noma ukuvimba amakheli e-IP.

Source: www.habr.com

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster