What if the 80443 port of the website server has been maliciously attacked?

DDoS Introduction to the attack

Distributed denial of service attacks （DDoS attack ） It is a malicious network attack against the target system ,DDoS Attacks often cause the attacker's business to be unable to access normally , That is, the so-called denial of service .

common DDoS Attacks include the following categories ：

Network layer attack ： A typical type of attack is UDP Reflection attack , for example ：NTP Flood attack , This kind of attack mainly uses large traffic to congest the attacker's network bandwidth , As a result, the attacker's business cannot normally respond to customer visits .

Transport layer attack ： Typical attack types include SYN Flood attack 、 Number of connections, attacks, etc , This kind of attack achieves the purpose of denial of service by occupying the connection pool resources of the server .

Session layer attack ： A typical type of attack is SSL Connection attack , Such attacks occupy the server's SSL Session resources to achieve the purpose of denial of service .

Application layer attack ： Typical attack types include DNS flood attack 、HTTP flood attack 、 Game dummy attack, etc , Such attacks occupy the application processing resources of the server and greatly consume the processing performance of the server, so as to achieve the purpose of denial of service .

DDoS Best advice for attack mitigation

Alibaba cloud users are suggested to alleviate the problem from the following aspects DDoS Threat of attack ：

Reduce the exposure , Isolate resources from unrelated businesses , Reduce the risk of being attacked .

Optimize business architecture , Use the characteristics of public cloud to design the system of elastic scaling and disaster recovery switching .

Server security reinforcement , Improve the performance of the server, such as the number of connections .

Do a good job in business monitoring and emergency response .

DDOS Attack coping strategies

Here we share some to a certain extent , Able to cope with mitigation DDOS Strategy and method of attack , For your reference .

1. Regularly check for server vulnerabilities

Regularly check for server software security vulnerabilities , It is the most basic measure to ensure server security . Whether it's the operating system （Windows or linux）, Or the common application software of the website （mysql、Apache、nginx、FTP etc. ）, The server operation and maintenance personnel should pay special attention to the latest vulnerability dynamics of these software , High risk vulnerabilities should be patched in time .

2. Hide server reality IP

adopt CDN Node transit acceleration service , It can effectively hide the truth of the website server IP Address .CDN Services are selected according to the specific situation of the website , For ordinary small and medium-sized enterprise sites or personal sites, you can first use free CDN service , For example, baidu cloud accelerates 、 Seven cattle CDN etc. , When the website traffic increases , After high demand , Then consider paying CDN service , You can also consider the three-dimensional defense of the small ant cloud security team , Hide the source ip, Multiple defense nodes realize automatic defense .

secondly , To prevent the leakage of information transmitted by the server IP Address , The most common situation is , Do not use the send mail function on the server , Because the header will leak the server's IP Address . If you have to send an email , It can be through a third-party agent （ for example sendcloud） send out , This is how it appears IP It's the agency IP Address .

3. Shut down unnecessary services or ports

This is also the most common practice of server operation and maintenance personnel . In the server firewall , Only open the port used , Such as website web Service 80 port 、 Database 3306 port 、SSH Service 22 Port, etc . Shut down unnecessary services or ports , Filtering fake messages on routers IP.

4. Buy advanced anti DDoS to improve affordability

This measure is through the purchase of advanced anti shield machines , Improve the bandwidth and other resources of the server , To improve their ability to withstand attacks . Some famous IDC Service providers have corresponding service providers , For example, Alibaba cloud 、 Tencent, cloud, etc. . But the cost budget of this scheme is high , It is not suitable for ordinary small and medium-sized enterprises or even individual webmasters .

5. Limit SYN/ICMP Traffic

The user should configure... On the router SYN/ICMP The maximum flow to limit SYN/ICMP The highest bandwidth a packet can occupy , such , When there is a lot more than the limit SYN/ICMP When the flow is , That is not normal network access , It's hacking . Early by limiting SYN/ICMP Traffic is the best defense DOS Methods , Although at present this method is suitable for DdoS The effect is not obvious , But it can still play a role .

6. Website requests IP Filter

In addition to servers , The security performance of the website program itself also needs to be improved . Use cms It's done . Filtering function in system security mechanism , By limiting POST request 、404 Page and other access operations , To filter out abnormal behaviors with too many times . Although this is right DDOS The attack has no obvious improvement effect , But it also reduces the malicious attack of small bandwidth to a certain extent