There are several situations in which a website is attacked.

1, traffic attack, is what we often call DDOS, DOS attack, etc. This kind of attack belongs to the bandwidth attack among the most common traffic attacks. Generally, one or more routers, servers, and firewalls are flooded with a large number of data packets, causing your website to be paralyzed and unable to open normally.

However, the cost of such an attack will be high. 2.CC attack is also a kind of traffic attack. CC is to simulate multiple users (as many users as there are threads) constantly accessing pages that require a lot of data operations (that is, a lot of CPU time), resulting in a waste of server resources. CPU is at 100% for a long time, and there will always be endless connections until the network is congested and normal access is suspended. CC attacks are basically attacks on ports, and the above two attacks are basically hard traffic attacks. If the server (website) is invaded, it is generally because there are loopholes in the server or website, which are exploited by hackers and invaded by permissions, resulting in Trojan horses in the server, websites being hanged, tampered with and hanged. Solution: If the program is not very large, you can compare the backup files of the previous program yourself, and then repair it, or change the server, preferably an independent server.

How to use traffic attacks to attack other people's servers?

If you are attacked by traffic, you can contact your host company and ask them to handle it for you. After all, host companies are much more experienced in data processing than we are, and most of them are teams. For the ordinary flow brush method, it can basically be removed. Network security server companies are still professional. How to attack others is better than doing less, because if you attack him, you may be attacking the server manufacturer, and if you don't handle it well, you may be sued.

202 1 protect network security events?

Data leakage incident?

It is suspected that more than 200 million pieces of domestic personal information are sold in foreign dark network forums.

6543810.5, a foreign security research team, Cyble, found that several posts were selling personal data related to China citizens, which may come from social media such as Weibo and QQ. The total number of records related to China citizens in several posts discovered this time exceeds 200 million.

The first personal information protection case in China, where the Civil Code was applied, was pronounced.

65438 10/8, Hangzhou internet court publicly heard and pronounced the first case of personal information protection applying the civil code in China. Defendant Sun publicly illegally bought and sold more than 40,000 pieces of personal information on the Internet without the permission of others, and there was a long-term risk that the information of relevant personnel was infringed. He was sentenced to compensate the illegal income of 34,000 yuan and publicly apologized.

Suspected data leakage in a domestic bank16.79 million.

On October 8th, 65438/kloc-0, someone posted on a foreign forum to sell16.79 million pieces of data of a domestic bank, and released some data samples, including name, gender, card number, ID number, mobile phone number, city, contact address, work unit, postal code, work phone number, home phone number, card type, issuing bank, etc.

Online lending companies were fined 3.2 million for infringing personal information.

15 10/5, China Judgment Document Network published a judgment, and Beijing Company and Xian Moumou sold their personal information including their names, ID numbers and mobile phone numbers to several downstream companies without the consent of the victims, committing the crime of infringing citizens' personal information, and were fined 3.2 million yuan. Buying a house involves many well-known companies such as Ping An Pratt & Whitney, Paipai Loan, You and I Loan.

30 people in Danyang, Zhenjiang sold 600 million pieces of personal information and made a profit of more than 8 million yuan.

654381On October 24th, Zhenjiang Danyang police cracked a case of infringing citizens' personal information, which was supervised by the Ministry of Public Security, involving more than 10 provinces and cities, and arrested 30 suspects. The gang used overseas chat tools and blockchain virtual currency to receive and pay, * * * sold more than 600 million pieces of personal information and earned more than 8 million yuan in illegal income.

After CCTV exposed App to eavesdrop on private message voice, the recording continued.

On June 365438+1October 3 1 day, CCTV program experts made a 2-second voice by simulating the "App eavesdropping test program". When the hand was released, the recording continued, producing a sound of 120 seconds, which proved that eavesdropping was possible when the test program was placed in the foreground. In addition, after comparative experiments, it is found that the recording can still last for a period of time when the test program returns to the background or the screen of the mobile phone is locked.

Xiaoyao.com in Xishanju was attacked and its data was leaked.

On March 2, Xishanju Game announced that Xishanju products were repeatedly attacked by criminals' DDos and invaded by servers, resulting in the leakage of some user accounts and encrypted plaintext passwords. The official suggested that the short password with low security level should be modified as soon as possible.

The first case of obtaining personal information by using WeChat powder scanning software in China was pronounced.

On March 3rd, Nantong Tongzhou Public Security Bureau pronounced a verdict on the first case of illegally obtaining WeChat user information by using WeChat "Clean Powder" software in China. In order to "slim down" the WeChat address book, the victim user scanned the QR code of "Clear Powder", but his personal information was leaked. Eight defendants illegally made more than 2 million yuan by reading and selling WeChat group chat QR codes.

3 15 exposes chaos such as face information abuse and resume disclosure.

On March/KOOC-0/5, CCTV 3/KOOC-0/5 exposed three cases involving personal information security: merchants installed cameras to record customers' facial information, and many stores * * * enjoyed and comprehensively quoted prices; The resumes of platforms such as Zhaopin recruitment and hunting can be downloaded at will, and a large number of resumes flow into the black market; Many mobile phone cleaning apps developed for the elderly constantly obtain mobile phone information in the background and push content with deceptive routines.

CITIC Bank was fined 4.5 million yuan for leaking customer information.

On March 19, the ticket issued by the Consumer Protection Bureau of the China Banking Regulatory Commission showed that CITIC Bank was fined 4.5 million yuan. It is reported that the ticket is suspected that in May 2020, the talk show artist pool reported the punishment result of CITIC Bank's illegal provision of its bank flow information.

Network attack event

Many industries are infected with the virus.

65438+1October 13, many domestic security vendors detected a large-scale outbreak of the worm in China, involving government, medical care, education, operators and other industries, and most of the infected hosts were financial management-related application systems. The infected host shows that all non-system partition files have been deleted, causing irreparable losses to users.

Sms phishing attacks against rural credit cooperatives and city commercial banks

Since the Spring Festival, a series of security incidents have occurred in many cities across the country, in which customers are tricked into clicking on the links of phishing websites and stealing funds on the grounds that mobile banking is invalid or expired. Sky Friends found that after February 9, a large number of phishing websites were registered and put into use. The domain name of phishing websites is the customer service telephone number+letters of financial institutions such as rural credit cooperatives and city commercial banks, or the domain name similar to that of financial institutions, and most of them are registered and hosted by overseas domain name registrars.

DDoS attacks surged during the Spring Festival.

On February 22nd, CITIC Construction Investment Lab released a report on DDoS attacks during the Spring Festival. According to the report, during the Spring Festival, Chianxin satellite-orbit DDoS observation system observed 659 12 amplified DDoS attacks, involving IPs with IP57096 being attacked. Compared with the week before the Spring Festival, the number of DDoS attacks increased by about 25%, and the number of attacked IP increased by 37%.

App infringes on user rights?

Aiming at the problem that App infringes on users' privacy and safety, the Ministry of Industry and Information Technology has established a national App technology testing platform to conduct technical testing on popular apps on the shelves in China. If the App does not meet the requirements, it will require rectification first. Apps that have not passed the rectification or have not been rectified as required will be directly removed.

19 10/9, the Ministry of Industry and Information Technology removed 12 apps, including Xuebao and Red Man Live. , involving illegal collection of user information, excessive demand for user rights, deception and misleading users to download. (On June 5438+February 2, 2020, the Ministry of Industry and Information Technology notified 63 illegal apps, and 12 failed to complete the rectification as required)

65438+1On October 22nd, the Ministry of Industry and Information Technology notified the first batch of 157 apps that infringed users' rights and interests in 20021year, including Mango TV, Yonghui Life and Zanthoxylum bungeanum. , which involves illegally collecting personal information, forcing users to request permission frequently and excessively, and forcing users to use targeted push. On February 3, the Ministry of Industry and Information Technology removed 37 unreformed apps, including Yilong Hotel, Dongfeng Tourism, and an auto repair.

On February 5, the Ministry of Industry and Information Technology reported that 202 1 the second batch of 26 apps had irregularities, including QQ input method, UC browser and ink weather. , involving illegal collection of personal information, excessive request for permission, cheating and misleading users to download. On February 10, 10 apps that were not rectified were taken off the shelves, including Xiao Zhi classmate, music bar and kk keyboard.

12 In March, the Ministry of Industry and Information Technology notified the third batch of apps 136 in 20021year, which infringed on users' rights and interests, including Cheetah Cleanup Master, Yuepao Circle and Tianya Community. , involving frequent self-activation and associated activation, illegal collection and use of personal information and other issues.

On March 16, the Ministry of Industry and Information Technology severely investigated and dealt with the violation of "APP illegally collecting personal information of the elderly" at the party on March15, and asked the main application stores to give four apps, namely, memory optimization master, smart cleaning master, super cleaning master and mobile phone housekeeper pro.

How to do dns protection?

1. Authorize the dns server to restrict the recursive query function of the name server, and the recursive DNS server should restrict the clients that access recursively (white list IP segment is enabled).

2.zonetransfer transmits in restricted areas, and enables white list within the scope of master-slave synchronous DNS servers. DNS servers that are not in the list are not allowed to synchronize zone files.

Allow transmission {0};

Allow updates to {0};

3. Enable blacklists and whitelists

Known attack IP is blacklisted by bind, or access is prohibited on the firewall;

Set IP network segments that are allowed to be accessed through acl;

Set IP network segments that are allowed to be accessed through acl; Set IP network segments that are allowed to be accessed through acl;

4. Hide the version information of BIND;

5. Root binding; Have non-super user rights;

4. Hide the version information of BIND;

5. Root binding; Have non-super user rights;

6. Delete unnecessary other services on DNS. Services such as Web, POP, gopher and NNTPNews should not be installed when creating DNS server system.

Installing the following software packages is not recommended:

1)X-Windows and related software packages; 2) Multimedia application software package; 3) Any unnecessary compiler and script interpretation language; 4) Any unused text editor; 5) harmful client programs; 6) Other unnecessary network services. To ensure the independence of the domain name resolution service, the server running the domain name resolution service cannot open the services of other ports at the same time. Authoritative domain name resolution service and recursive domain name resolution service need to be provided independently on different servers;

7. use dnstop to monitor DNS traffic

# yuminstalllibpcap-deven curses-devel

Download the source code/tools/dnstop/src/dnstop-20140915.tar.gz.

#;

9. Enhance the defense function of DNS server against Dos/DDoS.

Use SYNcookie

Adding backlog can alleviate the TCP connection blocking caused by a large number of SYN requests to some extent.

Shorten the number of retries: The default tcp_synack_retries for Linux system is 5 times.

Limit synchronous frequency

Guard against synchronous attacks: # echo1> /proc/sys/net/IPv4/TCP _ synccookies Add this command to the file /etc/rc.d/rc.local;

10.: Monitor whether the domain name service protocol is normal, that is, use the corresponding service protocol or use the corresponding test tool to send a simulation request to the service port, analyze the results returned by the server, and judge whether the current service is normal and whether the memory data has changed. If possible, deploy multiple detection points in different networks for distributed monitoring;

1 1. The number of servers providing domain name services should be no less than 2, and it is recommended that the number of independent name servers be 5. It is recommended to deploy servers in different physical network environments; Use intrusion detection system to detect man-in-the-middle attacks as much as possible; Deploy anti-attack equipment around the domain name service system to deal with such attacks; Use tools such as traffic analysis to detect DDoS attacks so as to take emergency measures in time;

12.: Restrict the service scope of recursive service, and only allow users of specific network segments to use recursive service;

13.: Focus on monitoring the analysis results of important domain names, and give an alarm prompt in time once the analysis data is found to be changed; Deploy dnssec；;

14. Establish a perfect data backup mechanism and log management system. All the analysis logs of the last three months should be kept, and it is recommended to adopt 7×24 maintenance mechanism for important domain name information systems, and the emergency response time should be no later than 30 minutes.