Web site by the DDOS attack defense methods

Distributed Distributed Denial of Service Attack (DDOS) is a common Distributed Denial of Service Attack for network attacks? Simply put, many DOS attack sources together to attack a server, forming a DDOS attack,anti DDOS thus increasing the power of distributed denial-of-service attacks.

Typically, an attacker installs an attack program on various "puppet machines" on the network through a proxy, which receives instructions to launch the attack.

With the DDOS attack cost management is getting lower and lower, many people through the DDOS to realize a website or an article "offline" function, an article we may be because of the quality of the work content is good, in the search engine related to have a high ranking, but if because of the DDOS lead to a long time can not directly access the website, the search engine will be this article! Access,virtual Machine cloud the search engine will be removed from the index of this paper article, the weight of the site will also be reduced, because the purpose of the "offline" article.

Dealing with DDOS is not easy. The first thing to do is to find a reliable hosting provider. I had a hosting provider who actively blocked an IP for several days as soon as he realized that it was being used for DDOS, when in fact, the IP lacked the hardware and technical capabilities.

Foreign hosting providers can be unreliable.vpshosting For example, once it was blocked by DDOS, the blog was transferred to Dreamhost's space. The fact shows that Dreamhost's ability to prevent DDOS is not satisfactory. after the DDOS came, Dreamhost didn't deal with the DDOS politely, and blocked all the IPs in China directly.

Generally speaking, DDOS costs money and bandwidth, and DDOS solution also costs money and bandwidth, so what should we do if the server is DDOS?

1. Ensure the security of the server system

The first thing to do is to make sure that there are no vulnerabilities in the server software that prevent attackers. Make sure the server is up to date with the latest system and security patches. Remove unused services and close unused ports on the server. For websites running on the server, make sure it has the latest patches and no security holes.

2. Hide the server's real IP address

Don't directly resolve domain names to the real IP address of the server, don't let the real IP of the server leak, add CDN transmission to the front-end of the server (free CDN can generally prevent 5G DDOS), and if you have enough money, you can buy a high-protection shielding machine, which can be used to hide the real IP of the server, with the CDN IP for domain name resolution, and CDN IP addresses for all subdomain resolution. In addition, other domains deployed on the server can not use the real IP resolution, all domains use CDN resolution.

In short, as long as the real IP of the server is not disclosed, the prevention of small traffic DDOS below 5G will not cost much money, and the free CDN can handle it. If the attack traffic exceeds 10G, then the free CDN may not be able to hold out, you need to buy a high-defense shield machine to deal with, the real IP of the server also needs to be hidden.

cloud server hk: Efficient, Reliable, Global Connectivity for Seamless Operations.