Web site was hacked to the library how to deal with prevention?

in the security field has always been first know how to attack, followed by prevention.

in the introduction of how to prevent the site was hacked to scan the library before, a brief introduction of what is a collision library: collision is a hacker by collecting the internet has been compromised user and password information, generated for the dictionary table, try to bulk login to other sites, a series of users can be logged in. Because many users in different websites use the account password is mostly the same, so hackers can get users on the a site account to try to log on to the B site.

So how do we protect ourselves when we meet the pool? To this end we consulted the NetEase Cloud Shield security expert: Liu Qinghe. According to his description: The crash library generally has the following forms, each of which has some different disposition strategies. But the reality is that the attacked site may face several different types of collisions at the same time, after all, we have a lot of social work in hand, the cost of the pool is very low.

The social engineering database is the abbreviation of the Society engineer databases, which is used by hackers to record the attack means and methods of the database, the database has a lot of information, and even can find everyone's various behavior records (everyone on each site account, password, shared photos, credit card records, call logs, SMS records, Open room record, etc.)

The three most common ways to crash a library:

The first type: with Na password dictionary hitman account, the appearance of this is that an account in a short period of time, there may be multiple password attempts. Therefore, you can add restrictions to the account layer, such as:within one day, an account, password errors more than5Times,1no landing within the day(or check your SMS/security issues before landing).

The second type: hit with a few passwords N an account , the appearance of this is that the frequency of the password will be very high, so you can count the number of errors per password over a period of time, over a certain threshold, this password for a period of time to prohibit login (or verify the phone text messages / security issues before landing).

The Third Kind: with N Group One by one corresponding account password to hit the library again , the case of the pool is purely from the account number, the password dimension, there will be no obvious anomalies. Therefore, some other countermeasures are needed. For example:

1)IPbanned, if a period of time, a singleIPaddress, the number of password errors exceeds the threshold value, then disable thisIPlog in for a while (or check your SMS/security issues before landing). However, as we have said, the agency nowIPquite cheap, fromIPlevel to block is basically not useful.

2) Establish IPPortrait Gallery, the agentIP,IDC IPand other high-riskIPdirectly prohibit login (or check SMS/security issues before landing). Build yourselfIPThe cost of the gallery may be a bit high, consider purchasing a similar service from a security vendor.

3 Now compare Fire behavior Verification code , such as: Drag bar, point selection, puzzles and other tricks of the verification code. Just say, if the previous login does not need a verification code, now to add a verification code, estimated to and product tear force. Generally in the end for later operations, the product will also agree to add a verification code.

4 identify and block from the device plane by implanting the sdk

5 ) is identified and banned from the behavioral level , as in the previous article, via client-side implantation SDK , collects the user's interactive behavior on the login page, through machine learning, big data modeling, training the normal user, abnormal user behavior model, at the interaction level, the behavior of the pool will be identified. This needs to have a pre-trained behavior model, now machine learning so good, do not say everyone also know that their own training a model must be a lot of labeling data, which means the cost. Therefore, it is recommended to find security vendors also do, after all, professional people do professional things, reliable!

These measures listed above, no one is once and for all, is the need to constantly fight the upgrade, after all, the impact of the library will continue to evolve the means, we can do is to constantly optimize the strategy, and constantly improve the cost of the pool. Therefore, the best way is to purchase security vendors related services , the attack and defense against the matter to the security vendors to do, we focus on doing their own business, so the cost-effective will be higher.

Web site was hacked to the library how to deal with prevention?