DDOS 和 CC攻击 防范方案
之前公司网站被DDOS攻击了(另一同事取了个别名叫流量攻击)
刚刚一个朋友的网站(还是个企业级的)也被这样攻击了 聊天中看出很无奈的样子
在这请问下各位有经验的朋友 想这样的DDOS和CC攻击如何防范?
防火墙?代码优化(缓存来存储重复的查询内容)、页面尽可能的使用静态?
限制IP(或IP段)?
服务器升级(这个开销有点大,对于一般网站有些浪费)
之前我也回答过别人的屏蔽来防止攻击,如
http://topic.csdn.net/u/20111116/17/01ed7821-cc2e-4775-abc1-17aa72d675ae.html
但这样的防范能防范多少呢?现在来看有没有有效的防范方案(开销不要无止境的那种)
这儿附上我之前做的一个根据IP拒绝访问的解决方案的部分代码(客户端记录访问,并根据黑白名单是否拒绝请求,服务端分析数据,入库等,并做成WINDOWS服务 ROMOTING通信):
/// <summary>
/// 名 称:<br>
/// </summary>
/// <remarks>
/// 版 本:1.0<br>
/// 作 者:****<br>
/// 创始时间:2011-5-20 17:00:02<br>
/// 描 述:
/// ----------修改记录------------<br>
/// </remarks>
public class WarningHttpModule : IHttpModule, IRequiresSessionState
{
protected static readonly ILog log = LogManager.GetLogger("*******");
protected static Thread thread = null;
protected static IVisitAnalysisHandle analysisHander = null;
protected static VisitManager visitManager = VisitManager.GetInstance();
private static object LockHelper = new object();
static WarningHttpModule()
{
if (null == thread)
{
lock (LockHelper)
{
if (null == thread)
{
thread = new Thread(new ThreadStart(Process));
thread.Start();
}
}
}
if (null == analysisHander)
{
lock (LockHelper)
{
if (null == analysisHander)
{
try
{
analysisHander = (IVisitAnalysisHandle)Activator.GetObject(typeof(IVisitAnalysisHandle), "tcp://127.0.0.1:6666/GNT");
}
catch (Exception ex)
{
throw new Exception("注册预警系统信道失败", ex); ;
}
}
}
}
}
private void Application_BeginRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
HttpContext context = application.Context;
HttpRequest request = application.Request;
HttpResponse response = application.Response;
string url = request.RawUrl.ToLower(); //获取当前原始请求的url
string ip = request.UserHostAddress;
string extension = System.IO.Path.GetExtension(url).ToLower();
//是需要检测的页面
if (extension != ".aspx" && extension != ".asmx" && extension != ".ashx")
{ return; }
//在白名单范围内
if (visitManager.IsInWhiteListIP(ip))
{ return; }
//添加到访问记录里面
visitManager.AddRequest(DateTime.Now, ip, url);
//如果是异常ip的请求页
if (url == "/visitwarning.aspx")
{
string userCode = string.Empty;
string sessionCode = string.Empty;
if (request["AuthCode"] != null)
{
userCode = request["AuthCode"].ToString().ToLower();
}
if (HttpContext.Current.Session != null && HttpContext.Current.Session["visitwarningcode"] != null)
{
sessionCode = (context.Session["visitwarningcode"] as string).ToLower();
}
if (userCode == sessionCode && !string.IsNullOrEmpty(userCode))
{
visitManager.RemoveBlackListIP(ip);
response.Redirect("/Index.aspx");
}
}
else
{
//是否是黑名单
if (visitManager.IsInBlackListIP(ip))
{
response.Redirect("/VisitWarning.aspx");
}
}
}
static void Process()
{
while (true)
{
try
{
//分析上一分钟的数据
DateTime dt = DateTime.Now.AddMinutes(-1);
Dictionary<string, Dictionary<string, int>> dic = visitManager.GetRequestRecord(dt);
//清空数据
visitManager.RemoveRequestRecord(dt);
List<BlackIP> blackIP = analysisHander.AnalysisVisit(dic);
foreach (BlackIP ip in blackIP)
visitManager.AddBlackListIP(ip);
}
catch (ThreadAbortException tae)
{
Thread.ResetAbort();
log.Error("预警系统线程异常!", tae);
}
catch (Exception ex)
{
log.Error("预警系统异常!", ex);
}
finally
{
Thread.Sleep(60 * 1000);
}
}
}
public void Init(HttpApplication application)
{
//之前拦截阶段
//application.BeginRequest += new EventHandler(Application_BeginRequest);
application.AcquireRequestState += new EventHandler(Application_BeginRequest);
}
public void Dispose()
{ }
}
黑名单类:
public class BlackListIP
{
public BlackListIP()
{
InitBlackListIP();
}
static object LockHelper = new object();
List<BlackIP> ipList = new List<BlackIP>();
/// <summary>
/// 初始化黑名单ip
/// </summary>
/// <param name="ipList"></param>
void InitBlackListIP()
{
//从数据库读取被名单数据并添加
IBlackIpInfoBll blackIpInfoBll = BllFactory.GetBll<IBlackIpInfoBll>();
List<BlackIpInfo> list = blackIpInfoBll.GetBlackIpInfoList(BlackIpState.Exception);
foreach(BlackIpInfo blackIpInfo in list)
{
BlackIP blackIp = new BlackIP();
blackIp.IP = blackIpInfo.BlackIp;
blackIp.LimitedEndTime = blackIpInfo.LimitedEndTime == null ? DateTime.Now.AddMinutes(10) : DateTime.Parse(blackIpInfo.LimitedEndTime.ToString());
ipList.Add(blackIp);
}
}
/// <summary>
/// 是否是黑名单ip
/// </summary>
/// <param name="ip"></param>
/// <returns></returns>
public bool IsInBlackListIP(string ip)
{
return ipList.Exists((b) => { return b.IP == ip && b.LimitedEndTime > DateTime.Now; });
}
/// <summary>
/// 移除某个黑名单ip
/// </summary>
/// <param name="ip"></param>
public void RemoveBlackListIP(string ip)
{
lock (LockHelper)
ipList.RemoveAll((b) => { return b.IP == ip; });
}
/// <summary>
/// 添加某个黑名单ip
/// </summary>
/// <param name="ip"></param>
public void AddBlackListIP(BlackIP ip)
{
BlackIP blackIP = ipList.Find((b) => { return b.IP == ip.IP; });
if (blackIP != null)
{
if (ip.LimitedEndTime > blackIP.LimitedEndTime)
blackIP.LimitedEndTime = ip.LimitedEndTime;
}
else
{
lock (LockHelper)
{
ipList.Add(ip);
}
}
}
/// <summary>
/// 获取所有黑名单ip
/// </summary>
/// <returns></returns>
public List<BlackIP> GetAllBlackListIP()
{
List<BlackIP> list = new List<BlackIP>(ipList);
return list;
}
}
[解决办法]
参考万网的做法,如果遭到ddos攻击,关闭服务器48小时,如果再攻击再关闭48小时
[解决办法]
发梦来着。。 ddos 是基于 TCP 层的攻击。。还没有等代码生效。。服务器已经挂了。。
[解决办法]
这种活该是防火墙干的,醒醒吧...
[解决办法]
到位!!!