Mining attacks on alicloud leased servers
your situation should be that there are no better security measures when you are attacked. When the attack reaches a certain level, the staff will shut it down to prevent greater losses.
1, you see if there is a webpage Trojan horse in your website that has been implanted with some malicious connections
2, whether there is fraud in your website
3, peer competition
4, private service
it's common to be attacked. If you exclude all these cases, no one will continue to attack you, because the attack also costs money.
1. Packet flood attack
a method to interrupt the server or local network is packet flood attack, which usually uses Internet control message protocol (ICMP) packet or UDP packet< Disk attack is a more cruel attack, which not only affects the communication of the target computer, but also destroys its hardware. The forged user requests to use the write command to attack the hard disk of the target computer, make it exceed the limit, and force it to shut down<
3. The route is not reachable
usually, DoS attacks are concentrated on the router, and the attacker first gains control and manipulates the target machine. When an attacker can change the routing table entry of a router, the whole network will be unreachable. This kind of attack is very insidious, because it is often inexplicable when it first appears.
Distributed denial of service (DDoS) attack is a common network attack method, its English full name is distributed denial of service? In short, many DoS attack sources attack a server together to form a DDoS attack, thus doubling the power of denial of service attack
usually, the attacker installs the attacker on each "broiler" on the network through the agent, and the agent launches the attack when it receives the instruction
with the cost of DDoS attack getting lower and lower, many people use DDoS to achieve the "offline" function for a website or an article. An article may have a higher ranking in the search engine because of its good content quality. However, if the website cannot be accessed for a long time because of DDoS, the search engine will delete the article from the index and rece the weight of the website, Because it achieves the purpose of "offline" article
it's not easy to deal with DDoS. First of all, we need to find a reliable host supplier. I had a host supplier before. As soon as I found that an IP was blocked by DDoS, I took the initiative to block the IP for several days. In fact, it is a manifestation of insufficient hardware and technical capabilities
foreign host suppliers may not be reliable either. For example, once I was attacked by DDoS, I transferred my blog to Dreamhost space. The fact shows that Dreamhost's ability of anti DDoS is not flattering. After DDoS came, Dreamhost was rude to deal with DDoS and directly blocked all IP addresses in China
generally speaking, DDoS costs money and bandwidth, and it also costs money and bandwidth to solve DDoS. So, if the server is damaged by DDoS, what should we do
1. To ensure the security of the server system
first of all, it is necessary to ensure that there are no vulnerabilities in the server software to prevent attackers from invading. Ensure that the server is up-to-date with security patches. Delete unused services on the server and close unused ports. For the website running on the server, make sure that it has the latest patch and there is no security vulnerability
2. Hide the server's real IP address
do not resolve the domain name directly to the server's real IP address. Do not let the server's real IP leak. Add CDN to the front end of the server for transfer (free CDN can generally prevent about 5g DDoS). If you have sufficient funds, you can buy advanced defense shield machine to hide the server's real IP. Domain name resolution uses CDN's IP, All resolved subdomain names use the IP address of the CDN. In addition, other domain names deployed on the server can not be resolved by real IP, all of them are resolved by CDN
in short, as long as the real IP of the server is not leaked, the prevention of small traffic DDoS below 5g does not cost much, and the free CDN can cope with it. If the attack traffic exceeds 10g, then the free CDN may not be able to withstand. You need to buy some high defense charging CDN. Generally, high defense CDN is more expensive. For example, the 10g protection of Alibaba cloud and Tencent cloud is 781 years in a month. At present, the domestic recommendation with high cost performance is: network cloud acceleration, 10gddos protection package only takes 1190 years, which is cheaper for agents. Related links
The server is hacked. Save the data and redo the system. Server
Alibaba is a relatively large server provider, with a large number of virtual machine servers
it is possible that the attack is not aimed at you. Instead, other virtual machines used this IP before, and then the IP was re assigned after the virtual machine was withdrawn, which happened to be used by you. So I was attacked as soon as I rented it
if the server and website are attacked, it is recommended to check the system log of the server and the running log of the website, analyze and determine what type of attack the server has suffered, and then which server mediates the corresponding security policy for defense
you can also install protection software such as safety dog for defense
server security dog mainly protects the server from malicious attacks, including DDoS, ARP firewall, remote desktop guard, port protection, network monitoring, etc
the website security dog mainly protects the website on the server, including online horse scanning, SQL injection protection, CC attack protection, resource protection, etc
the protection directions of the two are different. It is suggested that combined use can make the protection more comprehensive
at the same time of defense, you can check the protection log to understand what types of attacks the server and website are subjected to, and then adjust the protection rules according to the types of attacks, which can be more effective for defense.