"Diehard" a malicious resolution brought about by the website paralyzed!

Ding ding Ding ~ ~ ~ ~ the telephone rang, a look is the old iron calls directly to answer "elder brother my website cannot open!" Did the server hang up? Can you take a look at it for me? Thanks, man. "My answer, of course, is no problem, so I want to come to IP and login information.

The old Iron website belongs to the personal website, many is some picture commodity display what. After my recommendation placed in a domestic VPS provider above, from the outside to find someone to configure the server and website page, I help do the record real-name authentication what.

Okay, check the start.

Browser input URL is not open, Firebug check server did not return

Telnet xxx.me 80 port does not pass dig xxx.me parse normal ping xxx.me normal ssh can log on PS View Web process exists lsof-i:80 port normal telnet intranet IP 80 port normal iptables check found no rule limit Telnet public network 80 port does not restart the Web service, repeat the same check effect

The above check found the problem in the public network IP here is the ping public address is normal and can ssh login instructions IP itself no problem, that is only 80 ports, but the intranet address 80 no problem,

Which means the problem is 80 ports on the public IP.

Also tested several times the public network 80 port, found still not through, seems to be blocked by the fire wall! So pick up the phone call xx VPS customer service sister phone not long to connect:Hello, I am xxx account user, my public network IP address xxx.xxx.xxx.xxx 80 port is not able to help check it? "

Customer service Sister very simply: "OK, you wait a moment" ... After the music , "Hello, your IP address xxx for the non-filing of the domain name provides a normal website service, according to XXX x required x 80 port to be banned!" "

what?! No record, no Ah, his domain or I help to make the record! Then I put the things that have been filed and the domain name to tell the customer service sister, get the reply is: " Hello, the IP port is not the domain name, involved in the domain name for xxx.com, please as soon as possible to record the domain name."

Speaking of which I understand, it should be a malicious analysis. But why do you have to warn me before you seal the port?!!

Open the configuration file, found that there is no customer service mentioned the domain name, of course, did not do the restriction of malicious resolution, the telephone with the old iron to confirm this is not his domain name, but also asked about his recent unusual things, he said recently a new product listed on the site posted on the introduction. All right, here's the thing to know.

This is easy, change, in the Web server configuration file in front of all vhost to add a configuration, the default does not match the domain name will run to this vhost up. Restart the Web service to determine the direct use of IP can not open the Web page, and a tool to sweep the security loopholes, with the customer service sister said the voice of the Mail, a few hours after the site recovery ...

After June 1, 2017, the major IDC and the provider of the record, real-name and loopholes are very important, a word of the letter to your IP, or even do not tell you to kill directly.

This seems to give some of the purpose of impure people, using this rule with XX agencies and IDC's hand to kill your site. Seems to be more effective for the victims than for the-_-|. | | 。 Often engage the site operators unprepared.

It is recommended that website operators pay more attention to some security details when they are building a station, and we hope that our network operators can give us some reminders and repair time before they find out the problem, after all, we are customers and you are the service provider not "wardens"

The following is affixed with Apache and nginx to prevent malicious parsing configuration

apache<virtualhost *:80>         documentroot /data/vhost/error/        servername  127.0.0.1        <Directory /data/vhost/error/>         Options None         allowoverride none        order deny,allow         deny from all        </ directory>        customlog /data/logs/null.log combined </VirtualHost>Nginxserver {        listen 80  default;        return 405;        } 

"Diehard" a malicious resolution brought about by the website paralyzed!