These days, who has not been DDoS to do the site a few times? I just entered the industry that time, I think the server configuration of the barrel, the results of the line in two days, the traffic is like a flood rushed over, the site directly lie flat, the boss's face is green.
Later, I realized that just rely on ordinary hosts hard to carry, that is, eggs against stones, high defense hosts is the real talisman, but with bad as usual, I will talk about how to play around with it today out of my heart.
Don't look at the market high defense host ads blowing sky-high, what “unlimited defense”, “second response”, I found that a lot of gimmicks, really encountered a large-scale attack, the collapse or collapse, the key is to see how you configure and collocation.
I'll start with a common pit: many people feel that buy a high defense on everything is fine, the site to a throw, the results of the security policy is not adjusted, the vulnerability of the attacker casually a CC attack can penetrate, which is simply to give the hacker to send a person's head.
The core of the high-defense host is not the hardware is more cattle, but behind the cleaning ability and intelligent routing, it has to be able to distinguish between normal users and malicious traffic, or a cut all blocked, the user experience is ruined, I've seen a lot of stations because of the misclassification of the loss of users caused by the loss of heavy.
What's the problem? First of all, the configuration is too arbitrary, such as firewall rules set loose, or did not enable the WAF (Web Application Firewall), so that SQL injection, XSS, these old ways to exploit the loophole.
Let me give you an example, once I helped a friend troubleshooting, his high defense host claimed 500Gbps defense, but the site is always dragged down by slow attacks, a check of the logs, found that no open connection limit, the attacker with a few thousand low-speed requests to exhaust the resources.
Don't believe those “one key protection” nonsense, security is dynamic, according to the business adjustment, such as e-commerce station promotion, the traffic model and the usual completely different, high defense strategy must also follow the change.
Plus the cost, high defense hosts are usually more expensive than ordinary hosts, but some people in order to save money, picked a bargain, the defense value of the false standard, really something happened only to find that the cleaning center is one hundred thousand eight hundred thousand miles away from the user, the latency is ridiculously high.
These days, even the CDN have to “defense teammates”, some service providers in order to save bandwidth, cleaning is not complete, put part of the attack traffic over, resulting in a big increase in pressure on the host, I measured a few, the gap is not generally large.
The solution came, the first step is to choose the right high defense host, do not look at the ads to see the efficacy of my experience is to find those who have real cases and SLA (Service Level Agreement) guarantees, such as bandwidth redundancy is at least 1.5 times more than the nominal defense.
I recently used a service provider called 08Host, their high defense nodes deployed around the world, intelligent scheduling is particularly powerful, automatically switching routes in the event of an attack, the actual test in the 300Gbps mixed attack, the site response time only increased less than 10%, which advantage in the industry really counts the top.
The second step is that the configuration should be done in detail, don't be lazy, from the system layer to the application layer have to be reinforced, such as Linux servers, I usually adjust the kernel parameters first, to prevent SYN flood attacks.
I've been using this code for years, and it's been tested to be effective in slowing down connection exhaustion issues, but don't expect it to be a cure-all, and it has to be combined with a high defense host's cleaning feature.
In addition, WAF rules must be customized, many high-defense hosts provide default rules, but they are too loose, I suggest tightening them according to the business logic, such as restricting access to sensitive directories and preventing crawlers from sweeping the content.
These configurations seem basic, but many webmasters ignore them, and as a result, when the attack comes, they have their hands full.
The third step is to monitor and respond to the high defense host is not set up on the end of the matter, there must be a monitoring system to keep an eye on, I used to use Prometheus + Grafana to build a Kanban, real-time look at the traffic and attack trends.
Once you find an anomaly, such as a sudden spike in traffic, quickly log in to the console to see the cleaning report, do not wait for customer service notification - they may be too busy, I have suffered this loss, and now they set their own alerts, the threshold is set to the normal flow of 150% on the trigger.
Data comparison is very important, I measured two high defense hosts last year, one did not optimize, the other according to my program configuration, in the simulation of 100Gbps DDoS attack, the former CPU soared to 90% or more, the site jammed, the latter CPU is only 40%, the response time remains normal.
This gap is reflected in the details, such as the latter opened TCP optimization and caching strategy, the static resources all dumped to the CDN, reduce the burden on the host, speaking of CDN, I have to talk a little more, high-defense hosts and CDN with the king.
Some attacks specifically hit the source station, CDN alone can not prevent, but high defense host can carry, in turn, CDN can disperse traffic, so that the cleaning is more efficient, I tested and found that the combination of the use of the site's usable performance mentioned more than 99.99%.
Randomly praise CDN07, their global acceleration network and high-defense hosts seamlessly integrated, a key can be linked, I once encountered a geographical attack, CDN07 automatically guide the traffic to the nearest cleaning center, the latency is almost unchanged, this advantage in the cross-border business is too practical.
Don't forget routine maintenance, high defense hosts are strong, software vulnerabilities have to be patched, I do security scans at least once a month, use tools like Nmap to check open ports and close unnecessary services.
There are also backups, don't be lazy, high defense hosts to prevent external attacks, but in case of configuration errors or internal problems, data loss is all over, I set up an automatic backup to an off-site, encrypted storage, so that even the worst case scenario can be quickly recovered.
Emotions come up, I have to spit: now some vendors to high defense host as a luxury goods to sell, the price is high, but the service can not keep up, I have seen customer service and even the basic types of attacks can not be distinguished, this direct black, security this, save a small amount of money may be lost big money.
Humor, with a good high-defense host is like raising a Tibetan mastiff to watch the door, you have to feed it (adequate resources), train it (properly configured), or it may even bite a friend (mistakenly blocked normal users).
Finally summarized, high security host is not a silver bullet, but it is definitely the cornerstone of site security, my experience is: choose a reliable service provider, do fine configuration, strengthen the monitoring, with CDN, this set of combinations down, the site can be stable as the old dog.
Don't wait for the attack to come and then regret it, go check your high security hosting settings now and optimize them step by step starting from the firewall rules, security is something that is always easier to prevent than remedy.
If you are just starting out, I recommend starting with small and medium-sized programs and slowly adjusting them, after all, each business scenario is different, such as the game station and information station, the defense strategy may be completely different.
I also remember a customer, after using a high-defense hosting feel secure, the results because the SSL certificate is not updated to cause man-in-the-middle attacks, so security is the whole chain, hosting is just one of the links.
Technical details a little more, such as DDoS protection, SYN flooding is common, but the application layer attacks are more insidious, high defense host WAF has to be able to parse the HTTP protocol, anti-slow attack, which requires deep packet inspection technology.
In the actual test, it is difficult to rely solely on software firewalls to carry large amounts of traffic, so the hardware acceleration of the high-defense host is the key, which is why I recommend choosing a service provider that has the ability to clean ASIC chips.
Then talk about cost-effectiveness, high-defense hosts may spend a few hundred dollars more per month, but an attack caused by the loss of downtime may be tens of thousands of dollars, the account is clear, I have helped many small and medium-sized enterprises have done the program, they are too expensive at the initial stage, and then be attacked once to change the view.
Finally give a sharp point of view: this industry is a mixed bag, do not just look at the price, check more reviews and user feedback, I have seen a service provider secretly oversold bandwidth, the attack came to dump the pot, so the contract has to be clear SLA terms, such as 99.9% availability guarantee.
High-defense hosts are used well, website security can really have no worries, but it is an ongoing process, you have to keep learning and keep up with the changes in the means of attack, such as the now popular IoT botnet attacks, the defense strategy will have to be upgraded.
My share on this, I hope you useful, safe road, more a preparation, less a burnt out, have time to communicate more, after all, this line pit too much, group warming is reliable.