Protect Yourself against Website Server Attacks
This guide will help you protect yourself against malicious and DDoS attacks on servers.
What should I do if my server is attacked?
1. Web servers are generally invaded through website vulnerabilities. You need to check the website program (using the log analysis above), strictly check and handle all places where the website can upload and write to the shell. If you cannot fully confirm what attack methods the attacker used to attack, then reinstall the system and completely eliminate the source of the attack.
2. Disconnect all network connections. The server is under attack because it is connected to the network. Therefore, after confirming that the system is under attack, the first step is to disconnect the network, that is, disconnect the attack. Find the attacker based on the logs. Analyze system logs and check any suspicious information for troubleshooting and identifying attackers.
3. After the server is attacked, the safest and easiest way is to reinstall the system, because most attack programs will be attached to the system files or kernel, and reinstalling the system can completely eliminate the source of the attack.
4. Don’t panic too much when we find that the website has been attacked. First check whether the website server has been hacked, find out the black links that exist on the website, and then do a good job in security defense of the website. The specific operation is divided into three steps: 1. ), enable IP ban PING to prevent being scanned. 2) Close unnecessary ports.
5. Log in to the cloud server account management backend and click Basic Settings. Click Security Settings in Basic Settings, and click the modification items behind login password, security questions, etc. to modify the account login password to prevent attacks from logging into the cloud server. Click Security Control in the Management menu.
6. Solution: If the program is not very large, you can compare the backup files of the previous program yourself, and then repair it, or change the server, preferably an independent server.
How to defend against malicious and DDoS attacks
1. Expand server bandwidth; the server’s network bandwidth directly determines the server’s ability to withstand attacks. Therefore, when purchasing a server, you can increase the server network bandwidth.
2. The best long-term solution is to host your service in many different locations on the Internet, so that the cost of a DDoS attack will be higher for the attacker.
3. DDOS attack defense method five: unnecessary services and ports need to be filtered.
4. Defense: Load the latest patches on the system as much as possible, and adopt effective compliance configurations to reduce the risk of vulnerability exploitation; adopt appropriate security domain divisions, configure firewalls, intrusion detection and prevention systems, and mitigate attacks.
5. Although hard defense can effectively prevent DDOS attacks, it is basically ineffective against CC attacks. CC attacks need to be defended through software firewalls. Vulnerabilities are also the main intrusion route for hackers. Hackers can attack servers through system vulnerabilities, program vulnerabilities, etc.
What to do if server is already attacked by DDoS
1. To ensure the security of the server system, we must first ensure that the server software does not have any loopholes to prevent attackers from intruding. Make sure the server uses the latest system and applies security patches. Delete unused services on the server and close unused ports.
2. Increase network bandwidth: DDoS attacks are designed to consume the network bandwidth of the target system, so increasing network bandwidth can mitigate this attack. However, this is only a short-term solution as attackers can continue to increase attack traffic.
3. Using a Load Balancer A load balancer can spread traffic across multiple servers, relieving the pressure on a single server. When suffering a DDoS attack, the load balancer can help share the attack traffic and ensure normal user access.
What to do if server is attacked maliciously
1. If you really need an external network, it may be an attack caused by a server vulnerability. You can first detect server vulnerabilities or code defects, and then see how to deal with them. What to do if the server is attacked? There should be two main attack methods: SQL injection and denial of service attacks.
2. After the server is attacked, the safest and easiest way is to reinstall the system, because most attack programs will be attached to the system files or kernel, and reinstalling the system can completely eliminate the source of the attack.
3. Don’t panic too much when we find that the website has been attacked. First check whether the website server has been hacked, find out the black links that exist on the website, and then do a good job in security defense of the website. The specific operation is divided into three steps: 1), Enable IP ban PING to prevent being scanned. 2) Close unnecessary ports.
4. It is recommended that you use Tencent Computer Manager, which has 16 layers of real-time protection to protect your computer at any time (it includes an ARP firewall, which can be turned on and off by yourself, which is very convenient). His anti-virus cleaning (physical examination and cleaning are scheduled) is also very good.
5. If it is a cloud server, you can buy DDoS defense services, which are very expensive. If it is an IDC computer room, generally the computer room provides hard defense. Purchase CDN service first. You can also make some configurations on your own server, such as setting IP-based frequency limits on the nginx server, which can also play a role.
6. Cut off the network. All attacks on the server originate from the network. Therefore, when the server is attacked, the network must be cut off first. On the one hand, it can quickly cut off the source of the attack. On the other hand, it can also protect other hosts on the network where the server is located.
