分布式拒绝服务 ( DDoS ) 攻击随时可能发生在任何人身上。如果您有一个(you have a website)在专用 Web 服务器上运行的网站,那么了解什么是DDoS攻击、如何识别它以及如何阻止和防止它是很重要的。
什么是 DDoS 攻击?
分布式拒绝服务攻击是指黑客使用僵尸网络在很短的时间内向您的 Web 服务器发送大量HTTP请求。(HTTP)
僵尸网络是互联网上的一个非常大的计算机网络,这些计算机感染了病毒,将它们转变为黑客软件的中继站。僵尸网络中的大多数计算机都是被病毒感染的普通计算机,而用户甚至没有意识到这一点。
在正常运行期间,Web 服务器向访问者提供您的网页,如下所示:
- 一个人在他们的网络浏览器中键入您的URL 。
- Web 浏览器向网站URL(URL)发出HTTP请求。
- 您的 ISP 的DNS 服务器(DNS servers)将URL转换为 Web 服务器的正确 IP 地址。
- HTTP请求通过Internet 定向到 Web 服务器。
- Web 服务器使用URL中请求的页面来查找正确的HTML文件。
- Web 服务器使用该HTML文件中包含的所有内容进行响应。
- 用户的浏览器接收HTML文件并向用户显示页面。
大多数 Web 服务器的大小都配备了CPU和网络硬件,以处理每天的平均预期流量。对于某些网站,一天内访问量可能高达十万甚至一百万。
但是,希望通过DDoS攻击来攻击您的网站的黑客将利用来自世界各地的数百万台计算机的僵尸网络,每秒向您的 Web 服务器发送数千个HTTP请求。(HTTP)
由于您的 Web 服务器的大小不适用于该流量,因此 Web 服务器将使用错误消息“服务不可用”来响应您的常规网站访问者。(Service Unavailable.)这也称为HTTP错误 503。
在极少数情况下,当您的站点运行在一个非常小的 Web 服务器上且可用资源很少时,服务器本身实际上会冻结或崩溃。
如何识别 DDoS 攻击?
您如何知道您的网站是否因DDoS攻击而关闭?有一些症状是致命的。
通常,上面描述的HTTP 错误 503(HTTP Error 503)是一个明确的指示。但是, DDoS(DDoS)攻击的另一个迹象是带宽非常强劲。
您可以通过使用您的网络主机登录您的帐户并打开Cpanel来查看此内容。向下滚动到Logs部分并选择Bandwidth。
过去 24 小时的正常带宽图表应该显示一条相对恒定的线,除了一些小的尖峰。
但是,最近一个小时或更长时间保持高位的不成比例的带宽峰值清楚地表明您正面临
针对您的 Web 服务器的DDoS攻击。(DDoS)
如果您认为自己发现了正在进行的DDoS攻击,那么迅速采取行动很重要。(DDoS)这些攻击会消耗大量的网络带宽,如果您为托管服务提供商付费,这意味着他们的数据服务器将经历同样的带宽峰值。这也可能对其其他客户产生不利影响。
如何阻止 DDoS 攻击
如果您面临DDoS(DDoS)攻击,您自己无能为力。但是通过致电您的网络托管服务提供商(your web hosting provider),他们可以立即阻止所有传入您的网络服务器的HTTP请求。
这会立即减轻对 Web 服务器的需求,从而使服务器本身不会崩溃。它还可以防止攻击对托管服务提供商的其他客户产生不利影响。
下一步是等到DDoS攻击结束。
这种攻击实际上需要大量的黑客资源。通常,攻击是由想要关闭您的网站的人支付的。这些付款是针对持续特定时间段(从一个小时到几个小时)的攻击。
好消息是攻击将会结束。坏消息是,通过在攻击结束之前阻止到您的 Web 服务器的所有流量,想要关闭您网站的人基本上赢了。
如何击败 DDoS 攻击
不幸的是,
DDoS攻击是一种在短时间内关闭网站的简单且廉价的方法。
这些攻击永远不会是永久性的,但它们旨在发送信息。这意味着您在您的网站上发布的内容足以让某人感到不安,以至于他们愿意花钱请黑客攻击您的网站。
如果您经营一项重要的在线业务,例如大型企业,并且需要您的网站能够抵御DDoS攻击,这是可能的,但并不便宜。
DDoS
保护服务通过建立一种比运行DDoS攻击的僵尸网络更大的反僵尸网络来工作。这会为传入的HTTP(HTTP)请求创建分布式响应,即使这些请求有数十万或数百万个。
这些服务附带每月服务费。但是,如果您发现自己经常成为DDoS(DDoS)攻击的受害者,那么这些DDoS
保护服务可能非常物有所值。
DDoS
攻击充其量只是一个小麻烦,会导致您几个小时的网站停机时间。在最坏的情况下,它可能会让您失去大量的在线业务,更不用说信任您网站的客户减少了。
了解如何识别DDoS攻击以及如何阻止它可以减少您的停机时间,并减少您和您的托管服务提供商从中恢复所需的时间。
How To Identify a DDoS Attack On Your Server & Stop It
A distributed denial of service (DDоS) attack can happen to anyone, at any timе. Іf you have a website that’s running on a dedicated web server, it’s important to understand what a DDoS attack is, how to identify it, and what to do to stop and prevent it.
What
Is a DDoS Attack?
A distributed denial of service attack is when a hacker uses a botnet to send your web server an overwhelming number of HTTP requests in a very short period of time.
A
botnet is a very large network of computers across the internet that
are infected with a virus that transforms them into a relay for the
hacker’s software. Most computers on a botnet are regular computers
that have become infected by a virus, and the user doesn’t even
realize it.
During
normal operation, a web server provides your web page to visitors as
follows:
- A person types your URL into their web browser.
- The web browser issues an HTTP request to the website URL.
- Your ISP’s DNS servers converts the URL into the correct IP address of the web server.
- The HTTP request gets directed across the internet to the web server.
- The web server uses the page requested in the URL to find the correct HTML file.
- The web server responds with all of the content contained in that HTML file.
- The user’s browser receives the HTML file and displays the page to the user.
Most
web servers are sized with CPU and network hardware to handle the
average expected traffic per day. For some websites, that could be up
to a hundred thousand, or even a million visitors in one day.
However,
a hacker hoping to attack your website with a DDoS attack will
utilize a botnet of millions of computers from around the world, to
send thousands of HTTP requests per second to your web server.
Since your web server wasn’t sized for that volume of traffic, the web server will respond to your regular website visitors with the error message, Service Unavailable. This is also known as HTTP error 503.
In
rare cases where your site is running on a very small web server with
few available resources, the server itself will actually freeze or
crash.
How To Identify a DDoS Attack?
How
do you know if your website just went down because of a DDoS attack?
There are a few symptoms that are a dead giveaway.
Usually,
the HTTP Error 503 described above is a clear indication. However,
another sign of a DDoS attack is a very strong spike in bandwidth.
You can view this by logging into your account with your web host and opening Cpanel. Scroll down to the Logs section and select Bandwidth.
A
normal bandwidth chart for the last 24 hours should show a relatively
constant line, with the exception of a few small spikes.
However,
a recent disproportionate spike in bandwidth that remains high over
an hour or more is a clear indication that you’re facing a DDoS
attack against your web server.
If you believe you’ve identified a DDoS attack in progress, it’s important to act fast. These attacks consume a lot of network bandwidth and if you’ve paid for a hosting provider, that means their data server will experience the same spike in bandwidth. This can have an adverse impact on their other customers as well.
How To Stop a DDoS Attack
There is nothing you can do yourself if you’re facing a DDoS attack. But by calling your web hosting provider, they can immediately block all incoming HTTP requests headed toward your web server.
This
instantly relieves the demand on your web server, so that the server
itself won’t crash. It also prevents the attack from adversely
affecting the hosting provider’s other customers.
The
next step is to wait until the DDoS attack is over.
Such
an attack actually requires significant resources for hackers.
Usually, the attack is paid for by someone who wanted to shut your
website down. These payments are for an attack that last a specific
period of time, from an hour to several hours.
The
good news is that there will be an end to the attack. The bad news is
that by blocking all traffic to your web server until the attack is
over, the person who wanted to shut down your website essentially
won.
How To Beat a DDoS Attack
Unfortunately,
DDoS attacks are a simple and inexpensive way to shut down a website
for a short period of time.
The
attacks are never permanent, but they’re intended to send a
message. It means that something you’ve published on your website
upset someone enough that they were willing to pay hackers to attack
your site.
If
you run a critical online operation such as a large business, and
need your site to be resistant to DDoS attacks, it’s possible but
it isn’t cheap.
DDoS
protection services work by establishing a sort of counter botnet
that’s larger than the botnet running the DDoS attack. This creates
a distributed response to the incoming HTTP requests, even if there
are hundreds of thousands or millions of those requests.
There
are monthly service fees that come with those services. But if you
find yourself a frequent victim of DDoS attacks, these DDoS
protection services may very well be worth the cost.
DDoS
attacks can be at best a minor nuisance that causes you a few hours
of website downtime. At worst, it could cost you a significant amount
of lost online business, not to mention a drop in customers who trust
your website.
Understanding
how to identify a DDoS attack and how to stop it could reduce your
downtime, and reduce the time it takes for you and your hosting
provider to recover from it.