A server IP-triggered conjecture for Web site security

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

A server IP, looks dispensable, in addition to the attribution of information, it seems difficult to find useful information; Therefore, many webmasters will not take the initiative to use such products such as accelerator to hide the server IP, or directly let the IP display, or a kind of like to ban Ping, anyway, we can still easily find server IP

Of course, for the vast majority of ordinary users, even know the server IP information, the same will not cause any damage; For a few people, if you know your server IP, you can through various means to invade the site, the server, further to the site caused irreparable damage.

Let's take a look at this, if there is no hidden IP, a server IP triggered the conjecture.

Suppose you accidentally offended a netizen, did not use accelerated music and other products to hide real IP, the other side know your website, server IP; So, how will the other side attack your website, server?

First of all, the other side can use DDoS attacks to annoy you, CC attack is the leader in DDoS attacks, a small number of IP can cause server downtime, impossible. In general, small Web site to prevent CC attacks, you can resolve the domain name to 127.0 0.1, or to resolve to a certain station, the other side found no effect, then the initiative to stop the attack. However, if the other side know the server IP, then you can directly attack your IP, so you cannot escape.

Perhaps, your tolerance for DDoS attacks is high, you can accept a variety of CC attacks, perhaps, the server is hard to defend, soft defense is very good, has intercepted a DDoS attack, anyway, no longer afraid of CC attack.

So, is it safe to defend against DDoS attacks? Of course not.

Since the other side know your server IP, you can first determine whether the IP is exclusive or shared.

If it is a shared IP, there are many sites with IP, it is inevitable that there will be a number of loopholes in the garbage station, the other can find a garbage station to start, the invasion after the attempt to obtain the server permissions, access to the entire server is the other side, your site can be spared? was not obediently invaded.

If it is exclusive IP, like the exclusive IP VPS or cloud host, the other side can scan the port first, determine whether several major ports are open, such as 80 ports, 21 ports, 22 ports, 3306 ports, 8080 ports, and so on, if you are using the default port, then you will probably also use the default account, Like root, admin, administrator and other accounts, know IP, account number, port slogan, then you can try brute force to crack the password.

Even if you don't use the default port number, the other side can also find the port number by sticking with the tool scan, if you don't update the system patch in time, or if you don't change the default account, there is also the risk of being exploited.

In addition, regardless of the exclusive IP of the virtual host, or the shared IP of the virtual host, may have such a hidden danger, IDC use the same folder name FTP account, like the site file is placed in the WWW folder, the previous folder name is vhost342, Then the FTP account is likely to be vhost342, so the other side can try to find the site program hidden Trouble, the site files of the physical location, further realize the ftp weak password crack.

Well, even if you have a good sense of protection, no weak password, did not forget to modify the port number, did not forget to upgrade the patch, everything looks very good, it seems that there is no possibility of intrusion.

Just, since each other knows your server IP, and then stare at your site, then you can continue to let people are not easy to invade social workers. Social workers invade is not a direct invasion, but through a variety of ways, know your habits, such as you often use a mailbox or account, and then use your habits to get the account password, further control more accounts.

Like the other side knows your server IP, then the other side can find IP attribution, further determine the IP is from which IDC, even if not once, ask IDC customer service, most likely to find; then, the other side can see the domain name whois information or other contact information on the website, find your commonly used mailbox, Most webmasters will use the same mailbox to register the relevant accounts, so as long as the permission to get the mailbox, then all accounts may be finished. As for how to get mailbox permissions, can be disguised as an official mail, let you click on the link, further fooled you to enter the password.

As long as you occasionally careless, it is likely to let the mailbox was stolen, then, the other party can take the initiative to contact IDC, request to retrieve the account, password, after success, the entire server will be the other side.

Of course, these things don't necessarily happen at the same time, more often, the other side of the target on your site, may be directly DDoS attacks, may be a social worker invasion, may be weak password to crack; the other side did not stare at your site, may randomly scan the port number, weak password situation, anyway, the site security has been urgent.

If you start using accelerated music, hide the server IP, may also have security risks, but will not have so much trouble, at least the use of the difficulty will be a lot of, like random scanning, basically will not have a role; As far as DDoS attacks, as long as not directly on the original server, can also relax!

A server IP, from the beginning is so important, why not hide it?