2022-12-04Most companies in the Internet industry now basically rely on the Internet to obtain traffic, orders or services, but they know little about the pros and cons of the Internet, especially the greater threat of DDOS attacks on websites. Many Internet companies have basically encountered DDOS attacks Extortion and vicious competition, most corporate websites will hang up immediately once they are attacked by DDOS, which affects the normal operation of the enterprise and causes unpredictable losses. So when we are doing the Internet, what methods do we have to defend against DDOS?
Before understanding the method of defending against DDOS, you need to know what it means to defend against DDOS?
Defense against DDOS is a systematic project, and DDOS attack is a large-scale attack with a wider distribution and coordination. Of course, its destructive ability is also unprecedented. DDoS defense refers to the process of successfully securing a target server or network against a Distributed Denial of Service (DDoS) attack, where the targeted victim can mitigate incoming threats using specially designed network devices or cloud-based protection services.
For example, for example:
I run a restaurant that usually seats 30 people at a time. You go straight into the restaurant, find a table, sit down and order, and you eat right away.
Unfortunately, I offended a hooligan who sent 300 people into the restaurant at the same time, who looked like normal customers, and everyone said: "Hurry up and get your food". However, the capacity of the restaurant is only 30 people, so it is impossible to satisfy so many a la carte demands at the same time. Also, they blocked the door, guests inside and outside the third floor couldn't get in at all. In fact, the restaurant was paralyzed.
This is a DDoS attack. It initiates a large number of requests in a short period of time, exhausting server resources, unable to respond to normal access, and causing the website to go offline.
So to prevent such a situation from happening, we can follow the following methods to defend against DDOS:
First of all, it is necessary to ensure that network equipment cannot become a bottleneck. Therefore, when selecting equipment such as routers, switches, and hardware firewalls, try to use well-known and well-known products. Furthermore, it would be even better if there is a special relationship or agreement with the network provider. When a large number of attacks occur, it is very effective to ask them to limit the traffic at the network points to combat certain types of DDOS attacks.
Facts have proved that turning a website into a static page can not only greatly improve the ability to resist attacks, but also bring a lot of trouble to hackers. At least until now, the overflow of HTML has not appeared. Nowadays, many portal websites are mainly static pages. If you insist on calling dynamic scripts, you should put it on another separate host to avoid impairing the main server when attacked. Of course, it is still possible to put some scripts that do not call the database. In addition, it is best to deny the access of using the proxy in the script that needs to call the database, because experience shows that 80% of the access to your website using a proxy is malicious.
CDN means that the static content of the website is distributed to multiple servers, and users can access it nearby to improve the speed. Therefore, CDN is also a method of bandwidth expansion, which can be used to defend against DDOS attacks.
The content of the website is stored on the source server, and the content is cached on the CDN. Users are only allowed to access the CDN. If the content is not on the CDN, the CDN sends a request to the source server. In this case, as long as the CDN is large enough, it can resist a large attack.
You'll want to have a backup site, or at least a temporary home page. In case the production server goes offline, it can be switched to the backup website immediately, so there is no other way.
The backup website is not necessarily full-featured. If you can achieve full static browsing, you can meet your needs. At the very least, you should be able to display a notice to tell users that there is a problem with the website and it is being repaired.
Level 21, Tower 2, HSSC Plaza, 11th Avenue, BGC, Manila, Philippines
@carolkorims / @korimsvi /
