Many people who use ECS and open port 80/443 will find this problem. So a lot of people scold: is ali cloud this is to recommend me to buy his home security products? Answer: Yes. But just thinking about yes is not rational, because it ignores some very real fundamental issues.
The environment of the public network is very bad. For example:
1. As early as in the early days of the Internet, there have been technical talents (about equal to hackers) who have made scanning software tools in order to obtain some resources. Then scan for public IP addresses
2. In the era of cloud computing, the network segment of server IP address is more centralized than traditional IDC. This feature is more conducive to the work of the scanner. See figure 3, which is the path through which this site is scanned, this is obviously an automated scanning tool, since this site is written based on.NET and the path usually ends with.aspx instead of.php, but the scanner clearly has some rules built in. Console attack tips are based on these “attack path” statistics.
Take this to say one more sentence, the public network server, external only open the port that must not be used, such as the release website used 80,443. However, the remote management port is only used by people, so you can change it completely. Instead of 22 or 3389, you can change it into a random port that you can remember, such as 12321.
3. After the popularity of bitcoin, many chickens are reduced to mining machines. Many scanners are based on such a benefit purpose, automatic scanning, automatic blasting after scanning, and then even automatic implantation of mining scripts, automatic operation. The whole process is automated.
4. The data on the server is often of high value. Therefore, a large number of “crypto ransomware” have been born in recent years, in which hackers gain control of the server, secretly start encrypting it and then extort money. Due to the high stealth characteristics of network technology, bitcoin is often used for payment.
5. Malicious competition in the industry is rare now, because many people have begun to realize the characteristics of cloud architecture, and put the database in the background, no longer open port to the public network. When forced to open to the public network, also know the use of whitelist, change port, strong password and other means to cope with. However, there are still many cases of unreasonable use. Therefore, many companies that do not pay attention to technology often face the situation that their databases are maliciously exploded by competitors to steal commercial data.
Ali cloud console prompts when there is an attack should do?
First, check.
Is to filter one by one, whether there are files indicating the attack path, if there is, then you need to follow the path to check whether there are such vulnerabilities. As can be seen from the figure in this paper, PHP is widely used due to the convenience of its framework, so many attacks are frame-level vulnerabilities, which are more convenient for hackers to summarize the characteristics of vulnerabilities and traverse the scan to find chickens.
Second, buy safety tools.
For enterprise users, it is necessary to use this security tool, also the purpose of ali Cloud: the purchase of WAF (Web application firewall), individual users save point save point, see if there is any vulnerability, leakage point data often have no feeling. However, in addition to identifying vulnerabilities, it is important for enterprise users to use such defense tools to keep abreast of threats. By the way, you are welcome to receive vouchers for aliyun products: 2bit.cn/q. Discover problems in time, to avoid the birth of a greater disaster!!
Security at other levels.
It is necessary to match other security tools, security is a whole line topic, can not lock the door and open the window!! There’s a lot to cover here, and this article just suggests a few tools: security dogs, security groups, firewalls, strong password management schemes, and more.
As shown in the figure, the ECS issued by Ali Cloud 1core 2G1M configuration is used in this site. The console displays an attack every day, and it’s almost impossible to see a 0 attack on a given day:
The original address: www.opengps.cn/Blog/View.a… Updates and edits follow this link. Welcome to pay attention to the source station original article! At the end of the article recommended: Ali Cloud voucher gift package, thank you for receiving support for this article!!