CC attack principle and prevention

Intermediary trading http://www.aliyun.com/zixun/aggregation/6858.html"> SEO diagnostic Taobao customer hosting technology hall

First of all, the attacker has a huge traffic website. The traffic of this site is likely to be bought by him. Of course, he may also control his broiler chicken to access his website on the controlled broiler chicken. The hacker's homepage is very simple, but in his source code, it hides up to hundreds of <iframe> tags. Correct! Clever you, should you want to come to his <iframe> tags put inside what is it? That's right! Inside his <iframe> is the address of the site he is going to attack.

Give an example to illustrate the power of an attacker, assuming that the hacker's website is aaa.com and your website is BBB.com. If someone in the 163 homepage code has something like this: <iframe src = "http://aaa.com" border = "0" width = "0" height = "0"> </ iframe> When people visit the 163 home page, they will also unknowingly visit http://aaa.com. Then http://aaa.com's home page may have 100 of the following code: <iframe src = http: //BBB.com border = "0" width = "0" height = "0"> </ iframe> , Of course, he may also put bbb.com this site ten or more different addresses. That means that anyone who visits 163 may visit BBB.com ten times. At 300 requests per second, 25920000 requests a day, plus pictures and other documents on the page, it is estimated that hundreds of millions of requests. 1 million requests a day, ordinary website stand it? There are many websites that are attacked using virtual hosts, and fewer than 100 connections per second may not be able to provide services. Even the kind of single server site, it simply can not afford! Even WEB Server can afford, then the bandwidth? Even if the bandwidth can withstand, then Db Server?

A friend's website suffers from such an attack, and he tries to move the site to his friend's server, which, of course, ends up crippling his friend's server.

This is a typical CC attack. CC attacks more daunting than DDOS attacks is that CC attacks are generally hard to prevent hard to prevent. why? First, because the CC attack IP are real, decentralized; Second, CC attack packets are normal data packets; Third, CC attack requests, all valid requests, can not refuse the request.

In fact, as long as a careful study of the pattern of such attacks found that such attacks, in theory, can be prevented, that is, as long as the effective means can completely reduce the harm to the lightest. Because of this attack has a fatal weakness. Where is its fatal weakness? Of course, is above the <iframe>. The CC attack via <iframe>, the attacker's ideas and ideas, is truly amazing, but that's exactly what caused his perfect defeat. Friends who are familiar with web applications should all know that web pages embedded with <iframe> will naturally have an HTTP_REFERER value. With this value, the web site from which the source is blocked or forwarded can be. In other words, you can visit me, but I will not return the real page to you, I can send you away, or you can go to another site (eg: Ministry of Public Security? Haha, I will see Someone like to do this), so I can save a lot of my bandwidth, my DB Server resources, my Web Server resources. Most of you are taking up a lot of my TCP connection nothing more.

Here's a web server configuration code, used to address such attacks:

valid_referers none blocked server_names google.com google.com * .google.com * .google.cn baidu.com * .baidu.com *. your own domain name (here you can also join other, such as SOSO, YAHOO, SOGOU YOUDAO, etc.);
if ($ invalid_referer) {

return 404;
}

The above code is very simple to set, as long as it is not HTTP_REFERER source from the above set the request of the URL, all forward to 404.

By the way, remind those webmasters who sell traffic, do not because of their own little interest, they accidentally became a hacker attacker broiler.