Website Security Alliance: Webmaster How to deal with DDoS attacks series tutorials (III.)

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

DDoS attacks on the web are now commonplace, and most DDoS attacks against websites are based on script pages, often called CC attacks. From last year to this year, Eesafe for CC attacks on a number of sites have been technical support, the same industry and similar sites to attack each other is an unwritten competition mechanism. How to make the site normal operation in such an environment, most stationmaster very headache, encounter problem to ask us to help. I think why not put the Site Security Alliance CC solution tidy up so that everyone again hit the CC attack not to start, so that the site can protect against small scale cc attacks. Check the online CC solution has been a lot, I only say that through the alliance to confirm the real role of the solution technology.

1. Use Cookies for Defense:

Using cookie authentication is the easiest way to defend against CC attacks, but now the latest CC attacks have been able to add cookies, so now simply using cookies to prevent, how to do?

Experience: Use the Ip+cookie authentication mechanism.

2. Use Session for Defense:

Session is more convenient to judge than cookies, using IP authentication + refresh times to judge.

Experience: recommended.

3. Defend by tracking attackers:

Many of the attack request address is using the network proxy, may the attacker does not know, this is likely to leak the attacker, we shun pass the melon, find the attacker is really IP, directly use the strategy to shield the attacker.

Experience: Use the http_x_forwarded_for variable sent by the network agent to find the attacker.

4, Forward judgment jump access:

Put the judgment page in front of the main page, let the visitor first visit the Judgment page, meet or accumulate after the jump to the destination page.

Experience: Many defensive techniques are used.

5, limit the number of IP connections and CPU utilization:

That is, when the number of IP connections and CPU utilization reached a certain limit on the site to deny the link to other links.

Experience: This is not recommended and will affect normal access after an attack, but if your site uses a virtual space machine, the space provider may have done it.

Welcome to the exchange discussion.

Eesafe website Security Alliance original article

Reprint please indicate the original address in the form of link: http://www.eesafe.com/bbs/thread-1361-1-1.html