Website Security Alliance: Webmaster How to deal with DDoS attacks series tutorials (i)

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Last time the Web site Security alliance used to help the site solve DDoS attacks: first of all, to determine the site attack is DDoS, then determine the type of DDoS attack, and build a defensive system, followed by the implementation of the defense system, view the effect and adjust the defense system.

That how to determine the site attack is DDoS, summed up, in a DDoS attack, the general will appear following several symptoms, you can say if the site server appears all the following symptoms, the site can be basically determined to be a DDoS attack.

1, the normal service provided by the website becomes abnormal

The symptom is: Web server provides page browsing, uploading and other services become very slow or no longer provide services. For example, to mention a forum site, the normal page can not open or open the speed is very slow, if it is a DDoS attack, it will appear such a phenomenon. But there may also be web site bandwidth or other reasons, so you need to synthesize other symptoms to judge.

2012-4-1 16:28 Upload

Download attachment (11.8 KB)

2, the server processing capacity full load

If the webmaster found that the original normal server CPU, memory and other consumption is very large, the CPU is 100% of the state, most likely to be caused by DDoS.

2012-4-1 16:29 Upload

Download attachment (41.18 KB)

3. Network Jam

If you have a large number of illegal packets or fake packets on your network, this is one of the symptoms of DDoS. Eesafe Contact the most typical case is the same IDC under a number of sites can not access, this is because of the huge to unimaginable data influx to the entire IDC portal node, resulting in the IDC was DDoS knocked down, resulting in the entire IDC all the Web site can not access, stop the service. This is even more apparent if you are targeting a single IP for a Web server.

2012-4-1 16:30 Upload

Download attachment (14.58 KB)

4, the server frequently freezes or reboots

If DDoS attacks occur, especially if the CPU is at a high risk of 100% utilization, the server restarts repeatedly.

So to determine whether the server encountered DDoS is to start from multiple directions, a single symptom is not accurate to determine the site is a DDoS attack, if there are symptoms and interrelated, then can locate DDoS attacks to determine the type of DDoS attack and build a defensive system.

Original article, Pure hand Dozen, reprint please specify the copyright belongs to: Eesafe website Security Alliance

Original article, reprint please use the link way to indicate: http://www.eesafe.com/bbs/thread-503-1-1.html