记一次网络攻击事件处理过程

10月9日本来是平常的一天,经过一天的上班后,身心俱疲的我踏上了回家的公交车。本来安安静静的一天,突然被朋友的一个微信所打破:你的网站突然变得无法访问。
我大惊失色,连忙用手机浏览器访问了一下知名的博客网站https://www.minsv.com 结果不出所料,访问异常。
原本放松的心情顿然全无,究竟是哪里出了问题。脑海中,出现了几个可能的原因都被我一一否决。无风不起浪,这次事件并不简单。
回到家后,连忙用ssh远程连接上服务器,一窥究竟。
ss -tunl
先是查看了服务的端口,都正常。
curl 127.0.0.1:443
响应超时,本地访问都不通。

发现大量的TCP连接,而且都来自同一个IP

并发连接竟然达到518个,可怕。突破了网站访问的并发高峰,这是咱的最大并发连接数了。

显然网站遭受到了DOS攻击,攻击IP为113.87.192.74

咱一直是遵纪守法的好公民,为啥会受到攻击呢?我百思不得姐。

通过抓包观察发现,攻击还在持续,大量的syn同步报文如潮水般涌来。可能是觉得我的实力不足,还没上DDOS攻击,还手下留情了,在此我表示感谢。

当务之急是恢复网站的正常访问,封禁攻击的IP
iptables -A INPUT -s 113.87.192.74 -j DROP

并发连接明显减少,网站恢复了往日的宁静。

对方在5:30分钟开始发动攻击,经纬度是在深圳,可以看到大量的请求404.这就是传说中的拒绝服务攻击,干扰正常的网站访问。


截止至发稿时分,攻击流量累计达到300M左右。

最后写了一个shell脚本,用于Dos攻击的防御自动化:

https://github.com/minsvc/DefendDosAttack

当然这个脚本还是存在弱点,iptabels规则的数目显然不可能是无限的。

11 thoughts on “记一次网络攻击事件处理过程

  1. Get Laid

    Right his very second you could be getting laid.
    Think about that for a moment. You could be
    having sex instead of jerking off. Go to http://getlaid.xyz and find yourself a woman who wants to fuck.
    You’ll be surprised when you’re balls deep inside a pretty
    princess.

    Reply
  2. Best Online Dating

    Are you searching for love? Have you tried unsuccessfully
    to meet the person of your dreams at other sites?
    Almost all of those dating sites are a waste of your time.
    Check out http://bestonlinedating.xyz and see what the difference
    is. It’s full of good looking women who are searching for
    Mr. Right. Join today and be prepared to live happily ever after.

    Reply
  3. Cute Cam Girls

    The cutest cam girls are just one click away. These are girls who will make your dick hard instantly.

    Visit http://cutecamgirls.xyz and start talking to
    these girls. You’ll be surprised when they show you their tits.
    Nothing is better than talking to girls who get totally naked right before your very eyes.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *