What to do when a website is maliciously attacked?
Websites are generally attacked in several cases
1, traffic attacks, that is, we often say that the DDOS and DOS and other attacks, this attack belongs to the most common traffic attacks in the bandwidth attack, generally using a large number of packets to flood one or more routers, servers and firewalls, so that your site is paralyzed can not be normally open.
But the cost of such attacks can be very high.2, CC attack, is also a traffic attack, CC is to simulate multiple users (how many threads is how many users) non-stop access to those who need a large number of data operations (that is, need a lot of CPU time) of the page, resulting in a waste of server resources, the CPU for a long time in the 100%, will never be able to deal with the connection until the network is congested, the normal access to the aborted. CC attacks are basically for port attacks, these two attacks are basically hard traffic attacks. If the server (website) has been invaded, generally is the server or website vulnerabilities, hackers use and raise the right to invade, resulting in the server in the Trojan horse, the site was hung black chain, was tampered with, was hung. The solution: if the program is not very large, you can compare the backup file of the previous program, and then is to repair, or change a server, preferably an independent server.
How to attack other people's servers with traffic attacks?
They were attacked by the traffic, you can contact their hosts, let them help to deal with, after all, hosts in the data processing this piece of much more experienced than us, and most of the team, for the ordinary way of brushing the traffic, basically can be cleared, the network security of this piece of the server business is still considered a professional. How to attack others like this or less to do it, because you attack him may be attacking the server business, handling bad may have to eat lawsuits.
2021 protection network security big event?
Data breach?
Suspected more than 200 million domestic personal information peddled in foreign darknet forums
January 5, foreign security research team Cyble found multiple posts are selling personal data related to Chinese citizens, after analyzing the possibility of microblogging, QQ and other social media, the total number of records related to Chinese citizens in the several posts found in the current discovery is more than 200 million.
Nation's first personal information protection case applying civil code pronounced
On January 8, the Hangzhou Internet Court publicly heard and pronounced judgment on the nation's first personal information protection case applying civil code. The defendant Sun, who openly and illegally traded and provided more than 40,000 pieces of personal information on the Internet without the permission of others, resulting in a long-term risk of infringement of the information of the people concerned, was sentenced to pay compensation for the illegal income of 34,000 yuan, and publicly apologized.
A domestic bank is suspected of data leakage of up to 16.79 million
January 8, someone posted in a foreign forum to sell a domestic bank 16.79 million pieces of data, and put out some of the data samples, data, including name, gender, card number, ID card number, cell phone number, the city, contact address, work unit, zip code, work phone, residential phone, card type , card-issuing bank and so on.
Net lending companies violating personal information was fined 3.2 million
January 15, China's referee network published a judgment, Beijing Zhi borrowing company, Xian Moumou, etc. in the case of not obtaining the victim's consent to downstream a number of companies to sell personal information containing names, ID card numbers, cell phone numbers, etc., for the crime of violating the personal information of the citizens, was sentenced to a fine of 3.2 million yuan. The purchase involved a number of well-known companies such as Ping An Puhui, Pai Pai Loan and You & Me Loan.
Zhenjiang Danyang 30 people trafficked 600 million pieces of personal information profit of more than 8 million
January 24, Zhenjiang Danyang police detected a Ministry of Public Security supervised infringement of citizens' personal information case, involving more than 10 provinces and cities, arrested 30 suspects. The gang used offshore chat tools and blockchain virtual currency receipt and payment,*** trafficking in personal information of more than 600 million, the illegal income of more than 8 million yuan.
CCTV exposure App eavesdropping privacy voice sent after the recording continues
January 31, CCTV program experts with a simulated "App eavesdropping test program" to send a 2-second voice, when the hand is released, the recording continues, and generate a 120-second voice, confirming that when the test program is placed in the foreground to run, eavesdropping is the most common form of illegal activity in the world. When the test program is placed in the foreground, eavesdropping can be realized. In addition, when the test program is in the background or on the phone's lock screen, the recording can still be continued for a period of time.
Xishanju's Easy.com was attacked and data leaked
On March 2, Xishanju Game released a bulletin stating that Xishanju's products have been repeatedly attacked by DDos attacks and server invasions by unruly elements, which has led to the leakage of information such as part of the user's account and encrypted passwords in non-explicit text, and that the official recommendation is to change the passwords of the short bits with a low level of security in the first time.
Nation's first case of using WeChat's powder-clearing software to obtain personal information
On March 3, the Nantong Tongzhou Public Security Bureau sentenced the nation's first case of using WeChat's "powder-clearing" software to illegally obtain WeChat users' information. The victimized users scanned the QR code of the software in order to "slim down" their WeChat address book, but their personal information was leaked. The eight defendants made more than 2 million yuan in illegal profits by brushing readers and selling QR codes for WeChat group chats.
315 exposure face information abuse, resume leakage and other chaotic phenomena
March 15, CCTV 315 exposure of three cases involving personal information security: merchants to install cameras to capture the record customer face information, multi-store **** enjoy and comprehensive offer; Wisdom Union recruitment, hunting and hiring platform resume can be downloaded at will to pay, a large number of resumes flow into the black market; many of the mobile phone cleanup App developed for the elderly back The cell phone cleaning App developed for the elderly constantly obtains cell phone information behind the scenes and pushes out content with deceptive routines.
CITIC Bank was fined 4.5 million yuan for leaking customer information
On March 19, the Consumer Protection Bureau of the CBRC released a fine ticket showing that CITIC Bank was fined 4.5 million yuan. Sources said the fine is suspected to be the result of the penalty for the incident in May 2020, when talk show artist Ji Zi reported that CITIC Bank had violated the law by privately providing its bank flow information to the public.
Cyberattacks
Multiple industries infected with incaseformat virus
On Jan. 13, several domestic security vendors detected a widespread outbreak of the worm incaseformat in the country, which involves multiple industries such as the government, healthcare, education and carriers, and the infected hosts are mostly financial management-related application systems. The infected hosts show that all non-system partition files are deleted, causing irreparable damage to the user.
SMS Phishing Attacks on Farmers' Credit Unions and City Banks
Since the Spring Festival, many cities across China have been experiencing a series of security incidents in which customers were lured into clicking on phishing links to steal funds by sending mass SMS messages on the grounds that their cell phone banking was invalidated or had expired. AU detects a large number of phishing websites were registered and put into use after February 9. The domain names of the phishing websites are the customer service phone numbers of financial institutions such as Farmers' Credit Cooperative and City Commercial Banks + letters, or in the form of similar domain names with those of financial institutions' websites, and most of them are registered and hosted by foreign domain name registrars.
Surge in DDoS attacks during the Spring Festival
February 22, QIANSHENXIXI Labs released a report on DDoS attacks during the Spring Festival, which showed that during the Spring Festival, QIANSHENXI's Star Trace DDoS Observation System cumulatively observed a reflection of the amplification of the DDoS attack events 65,912, which involves 57,096 IPs being attacked. Compared with the week before the Spring Festival, the number of DDoS attack events increased by about 25%, and the number of attacked IPs increased by 37%.
App infringement of user rights and interests of special rectification action?
In response to the problem of Apps infringing on users' privacy and security, the MIIT has set up a national App technical inspection platform to conduct technical inspections of popular Apps on domestic shelves. If the App does not comply with the regulations, it will first ask it to rectify. Apps that still fail after rectification or fail to rectify as required will be directly processed off the shelves.
On January 19, the Ministry of Industry and Information Technology (MIIT) took down 12 Apps, including Xuebao and Reddit Live, which were involved in the illegal collection of user information, excessive solicitation of user permissions, and deceiving and misleading users to download. (On December 21, 2020, the Ministry of Industry and Information Technology notified 63 offending Apps, this 12 did not complete the rectification in accordance with the requirements)
On January 22, the Ministry of Industry and Information Technology notified the first batch of 157 APPs in 2021 that infringed on the rights and interests of the users, including Mango TV, Yonghui Life and Pepper, etc., which involves the illegal collection of personal information, mandatory and frequent excessive request for permissions, and forcing the users to use the directional On February 3, the Ministry of Industry and Information Technology (MIIT) took down 37 apps of which rectification had not been completed, including Yilong Hotel, Dongfeng Travel and Yiqishou.
On February 5, MIIT notified the second batch of 26 apps in 2021 of violations, including QQ Input Method, UC Browser, InkWeather, etc., which involved the illegal collection of personal information, excessive request for permissions, and deceiving and misleading users to download, etc. On February 10, 10 apps that failed to complete the rectification were taken off the shelves, including Xiaozhi Classmates, Sound Bar, and kk Keyboard.
On March 12, the Ministry of Industry and Information Technology (MIIT) notified the third batch of 136 apps that infringed on users' rights and interests in 2021, including Cheetah Cleaning Master, Yue Run Circle, and Tianya Community, which involved frequent self-startups and associated startups, and unlawful collection and use of personal information, among other issues.
On March 16, the Ministry of Industry and Information Technology severely investigated and dealt with the 315 evening party exposure "APP illegal collection of personal information of the elderly" violations, and asked the main application stores to take down the memory optimization master, smart cleanup master, super cleanup master, cell phone butler pro four App.
dns protection The company's website has been updated with the latest information about the company's website.
1. Authorize DNS servers to restrict the recursive query function of name servers, and recursive dns servers to restrict recursive access to clients (enable whitelisting of IP segments)
2. Restrict the zone transfer zonetransfer, and enable whitelisting of the range of master-slave synchronized DNS servers, and do not allow synchronization of the zone file for DNS servers not in the list
allow-transfer{};
allow-update{};
3. Enable black and white lists
known attacking IPs are added to the bind's blacklist, or the firewall is set to prohibit access;
Set IP segments allowed to be accessed via acl;
Set IP segments allowed to be accessed via Set IP segments allowed to access via acl;
4. Hide BIND's version information;
5. Run BIND with non-root privileges;
4. >6. Remove unnecessary other services on DNS. Creating a DNS server system should not install services such as Web, POP, gopher, NNTPNews, etc.
It is recommended that the following packages not be installed:
1) X-Windows and related packages; 2) multimedia application packages; 3) any unneeded compilers and script interpreter languages; 4) any unneeded text editors; 5) unneeded client programs; and 6) other unneeded network services. Ensure the independence of the domain name resolution service; no other port services can be opened on the server running the domain name resolution service at the same time. The authoritative domain name resolution service and the recursive domain name resolution service need to be provided independently on different servers;
7. Use dnstop to monitor DNS traffic
#yuminstalllibpcap-develncurses-devel
Download source code/tools/dnstop/src/ dnstop-20140915.tar.gz
#;
9. Enhance the DNS server to prevent Dos/DDoS
Use the SYNcookie
Increase the backlog, can be a certain degree to slow down the situation of a large number of SYN requests caused by the blocking of TCP connections
Shorten the number of retries. Shorten the number of retries:Linux default tcp_synack_retries is 5 times
Limit the frequency of SYN
Prevent SYNAttack attacks:#echo1>/proc/sys/net/ipv4/tcp_syncookiesAdd this command to /etc/rc.cc.html. etc/rc.d/rc.local file;
10.: Monitor whether the domain name service protocol is normal or not, that is, use the corresponding service protocol or use the corresponding test tool to launch simulated requests to the service port, analyze the results returned by the server, in order to determine whether the current service is normal as well as whether the memory data changes. If conditions permit, deploy multiple probe points within different networks for distributed monitoring;
11. The number of servers providing domain name services should be no less than two, and the recommended number of independent name servers is five. And it is recommended that the servers be deployed in different physical network environments; use intrusion detection systems to detect man-in-the-middle attacks as much as possible; deploy anti-attack equipment around the domain name service system to cope with this type of attack; use tools such as traffic analysis to detect DDoS attacks in order to take timely emergency response;
12.: Limit the scope of service of recursive services to allow only Users of specific network segments to use recursive services;
13.: Focused monitoring of the resolution of important domain names, once found that the resolution of data changes in a timely manner to give alerts; deployment of dnssec;
14. Establishment of a comprehensive data backup mechanism and log management system. The latest 3-month resolution logs should be retained, and it is recommended that the important domain name information system to take 7 × 24 maintenance mechanism to ensure that the emergency response to the scene time can not be later than 30 minutes.