For a webmaster, having their website “attacked” is a frequent occurrence.
If it’s someone testing software and just messing around, it’s not a big deal.
But if it’s an organized group with specific intentions, such attacks are difficult to defend against and can be costly.
If a company has strong financial resources, they can use a large bandwidth to withstand these attacks, but the investment required is significant.
Smaller websites typically choose to use high-defense CDN or WAF services, both of which come at a cost. WAF can cost around $100 per month, which can be a considerable expense.
Therefore, what I have observed is that 99% of individual webmasters opt for the free WAF service provided by CloudFlare (CF), sacrificing website speed to cope with attacks. This is a matter of helplessness.
I am a novice in the field of attack and defense, so this article can only provide a simple tutorial for dealing with occasional “stress tests” from certain individuals targeting your website.
When your server’s CPU usage, bandwidth, and concurrent connections are maxed out, and if the above situations occur, 99% of the time, it’s a CC attack. So what should we do?
1.Connect to the server as soon as possible and check for abnormal traffic.
Here, I recommend using iftop.
Install and start iftop.
apt update
apt install iftop
iftop2.Use iftop to identify the IP addresses generating abnormal traffic and block them using a firewall.
It is also recommended to use security group rules to isolate the abnormal traffic directly.
However, I have found that some vendors do not allow the configuration of deny policies, so you may have to wait for the traffic to reach the server before taking action.
Specific method:
iptables -I INPUT -s IP -j DROP
iptables-save
You can also directly block access from the IP range.
iptables -I INPUT -s 121.1.1.0/24 -j DROP
iptables -I INPUT -s 121.1.0.0/16 -j DROP
iptables -I INPUT -s 121.0.0.0/8 -j DROPFor more detailed information about the iptables command, please refer to Linux tutorial websites.
