How to Defend against CC Attacks

What is CC attack? CC attack, translated as challenge collapsar, is one of DDoS attacks and one of the most common network attacks. It mainly aims at the attack launched by layer 7 protocol of Web services. It searches anonymous HTTP proxy or socks proxy on the Internet through port scanner to send HTTP request to the target. CC attack is loved by a large number of hackers because of its quick effect, low cost and difficult to trace. What should we do when our website is attacked by CC? Today, Mozi security will briefly talk about the characteristics of CC attacks and how to defend against CC attacks?
First. What are the characteristics of CC attacks?
1. The requests of CC attack are all valid requests simulating the real situation, so they cannot be rejected;
2. The IP addresses used to launch CC attacks are real and dispersed, so it is difficult to trace the source;
3. The data packets of CC attack are normal packets simulating real users;
4. CC attacks are generally aimed at Web attacks. The server can connect, Ping is OK, but the web page cannot be accessed.
Second. How to defend against CC attacks?
1. Use session to execute access counter:
Use session to create a page access counter or file download counter for each IP to prevent users from frequently refreshing pages, resulting in frequent reading of databases or frequent downloading of files to generate a large amount of traffic. (download address should not be used directly for file download, so as to filter CC attacks in server code)
2. Generate static pages from the website
A large number of facts have proved that making the website static as much as possible can not only greatly improve the anti attack ability, but also bring a lot of trouble to hackers. For example, Sina, Sohu, Netease and other portal sites are mainly static pages. If you don't need a dynamic script, you can send it to a separate host to avoid the primary server in the event of an attack.
3. Enhance the TCP / IP stack of operating system
As server operating systems, WIN2000 and Win2003 have the ability to resist DDoS attacks. It is not enabled by default. If you enable them, they can withstand about 10000 syn attack packets. You can go to the Microsoft official to see how to operate.
4. Deploy CDN defense
The most simple and convenient way to prevent CC attacks is to hide the server source IP by accessing the Mohist CDN, which can automatically identify malicious attack traffic, intelligently clean these false traffic, and return normal visitor traffic to the source server IP to ensure the normal and stable operation of the source server.