Prevent cc attacks on discuz sites

Operation discuz! Forum, the most important thing is management, in addition to the defense of Spam stickers illegal advertising, the necessary network performance security is essential, there has been user feedback to their own DZ forum open particularly slowly, is not the site is black, or is a trojan, the results of all the pages scanned, the site program all normal, The host is also normal, that must have been encountered CC attack, this problem may be a lot of webmasters have encountered (only do good, do the poor kind of webmaster site no one knows).

An attacker who controls a large number of computer hosts keeps sending lots of packets to your site, the attacker uses this feature of CC to simulate N-user concurrent connections, which are true and dispersed, and the CC attack requests are all valid requests, rejected requests, and are not susceptible to detection. Directly cause the server's connection by some useless garbage request occupy, cannot handle the normal visitor's connection, then the result is the Site page visit speed gathers down quickly, the user visits the time to change very very slowly.

Understanding the principle of CC attacks, we offer you a free approach to effectively defend against lightweight cc attacks by modifying the discuz! built-in \config\config_global.php files. Note: The most fundamental way is to let the room with a hard defense, however, this is also a very expensive program, the room will not for you hundred yuan space to tens of thousands of or even millions of dollars of hard resources for a long time to catch, generally this time will you please retreat.

After the file is opened, we notice a snippet of code:

$_config[' security ' [' attackevasive ']= 0;//CC attack Defense 1|2|4|8

1 means cookie Refresh limit

When the same cookie request is greater than or equal to 1 seconds, the refresh is restricted access.

2 delegates restrict delegate access

Proxy access is a more commonly used means of attack, because the agent can effectively hide their identity, can also bypass all firewalls, because basically all firewalls will detect concurrent TCP/IP connection number, more than a certain frequency will be considered connection-flood.

The use of proxy attacks can also be very good to maintain the connection, we send data here, the agent to help us forward to the other server, we can immediately disconnect, the agent will continue to maintain the connection with the other (someone using 500 agents can produce 100,000 concurrent connections). So restricting proxy access can effectively defend against CC attacks.

4 represents two requests

A two-time request mechanism was turned on to display the wait 2 seconds before jumping out of the real post, as shown in the following figure:

8 Representatives answer questions

When you first visit, you need to answer the question, as shown in the following illustration:

Correct the problem before you can see the specific content of the page.

Understanding the meaning of these digital parameters, we set up a lot easier, such as I set to 1|2|4 on behalf of the limit cookie Refresh + Limit proxy access + open two requests.

Site should be how to set it.

Through the above conceptual understanding, the actual operation began, must be in the site's configuration file to set the correct and reasonable, to effectively defend the CC attack.

Open the \config\config_global.php file and find

$_config[' security ' [' attackevasive ']= 0;//CC attack Defense 1|2|4|8

To be modified, 0 to turn off the defense, open defense can be modified to a combination of 0 of the form, the combination of: 1|2, 1|4, 2|8, 1|2|4 ...

We recommend that you use the following Setup scenario:

$_config[' security ' [' attackevasive '] = 1|2|4;

This scheme can be used to slow down the access of the site to reduce the server pressure, by modifying the Web site program configuration to effectively protect against lightweight cc attacks, filtering invalid illegal access, I hope to be useful to you.