News

Recently, I helped a few customers to do penetration testing, and when I came up, I asked, “Have you used a high-defense CDN?” As a result, half of the people back to me: “With ah, but does not seem to feel any difference?” I laughed at that time - brother, you are afraid to buy a fake high defense, right? These days even the CDN have to “defense teammates”, not just set a cache called high defense. High-defense CDN is essentially in the traditional CDN based on stacked armor, to carry the fight against the beatings still have to run fast. But many people blindly on the high defense, the results of the money spent, the attack came as usual collapse. I found that the demand for high defense in different industries is very different - the game should be low latency, e-commerce is afraid of ...

Remember last year, our team took over a video streaming project, on-line not long after the bandwidth costs on the table, the boss almost did not open me, then I really appreciate the high defense CDN is not just anti-attacks, but also in the savings on the play out of flowers. Video this thing, especially HD or 4K stream, bandwidth consumption is like a bottomless pit, each additional user to watch, the cost of rubbing up, not to mention those DDoS attacks from time to time to come to life, although the traditional CDN can cache the content, but improperly configured instead of increasing the pressure back to the source, I found that a lot of teams focus on the flow of statistics, but ignoring the caching strategy and compression of the best! ...

Recently, people always ask me: “How much is the minimum cost of a high defense CDN? I just started this small site, can I afford it?” To be honest, when I first started to do the site also think so, always think that the security protection is rich and big companies can afford to play the stuff, until my personal blog was a wave of DDoS paralyzed for three days. At that time I used a cheap web hosting, the traffic rushed in directly over the resources were blocked, customer service threw me a “recommended to buy high defense service”. Angry I almost smashed the keyboard - these days, even the script boy have learned to use the toolkit random traffic, small stations should run naked? Later I put ...

The chess industry has been hit by DDoS in the past few years. Last year to help a Texas platform to do emergency response, just connect the phone to hear the boss yell over there: “bandwidth is full, players are all stuck offline, losing hundreds of thousands of dollars per hour!” Past a look, good guy, the peak rushed to 400Gbps, the traditional high defense simply can not carry. This scale of attack is not a personal hacker can come up with, all professional team manipulation of botnet, picking business peak hours to play a chain of combinations - TCP flood, CC attacks, DNS amplification attacks round to. You think you can buy an ordinary high defense IP can be fixed? It's naïve. Many factories ...

Recently, several friends engaged in chess ran to ask me, said the site is always being hit, card can not play, some people recommend using VPN acceleration, some people recommend buying high defense CDN, in the end, whose to believe? I directly dislike a sentence back: do not confuse the acceleration and anti-D, these two are not the same thing, chaotic use instead of accidents. I've seen too many people fall in this matter. Last year, a customer refused to listen to advice, had to use a vendor's “enterprise VPN” to do chess acceleration, the results of the third day of business was penetrated, the player's data naked not to mention, but also lost more than a hundred thousand dollars of water. It's not to scare you, this line of chess is born to attack, choose the wrong program on...

Just finished dealing with an online fault for a customer, blood pressure almost did not come up. You say a good e-commerce station, big day home suddenly white screen, the user crazy complaints. A check, good guy, the source station CPU directly soared to 100%, the database connection pool all full. Root cause? A popular product page was crawler a second request thousands of times, each request penetrates the CDN, directly back to the source query database. How can this top ah? High-defense CDN obviously hanging, the attack is prevented, but the speed? Performance? Money spent in vain! The problem lies in the caching strategy is not configured correctly - either across-the-board full cache, or full dynamic, did not do at all ...

Recently, I've been asked by customers: Which high defense CDN do you use, and is the Huawei Cloud one good or not? To be honest, these days even CDNs have to "prevent teammates" - some service providers talk about "global acceleration", but in reality, when they encounter CC attacks, they directly give you back to the source, isn't this a pit? It so happens that last month our team is doing security architecture upgrade, I Huawei cloud high defense CDN, the industry's old CDN5, as well as the main overseas CDN07 are pulled out of the round to test once. The test method is very simple and rough: directly to the test domain name to pour mixed traffic, to see which can withstand real attack scenarios. First throw the conclusion: Huawei cloud this set of formula...

Recently, many peers came to ask me, now DDoS attacks are getting more and more ruthless, traditional high defense CDN can still hold up? To be honest, last year I personally saw a financial platform was 300Gbps mixed traffic penetration - rule base update half a beat slower, human analysis is too late to respond. Attackers even used AI-generated traffic patterns, specializing in picking the rules of the blind spot drill. These days, even the CDN have to “defense teammates”. Many companies think that buying a high defense on everything is fine, the results found that the rule base is updated, but their business traffic was mistakenly killed. I tested a traditional vendor's CC protection, normal user requests actually ...

Recently, an old friend of mine's blockchain project was directly paralyzed by a DDoS attack, losing six figures, and he called me in the middle of the night, his voice shaking. This incident reminded me that blockchain seems decentralized and impenetrable, but in reality the nodes and network layer are brittle as a sheet of paper. These days, even CDNs have to ‘defend against teammates‘, not to mention external attacks. If you are engaged in the blockchain project, do not believe that those blowing on the sky of the ’universal protection', DDoS attacks in minutes to teach you to be a person. The core of the blockchain is a distributed ledger, but each node needs a public IP to communicate, which becomes a living target for attackers. ...

Recently, I've been helping several startups with their online business, and I found that many of them suffered DDoS attacks just after their business started, and they were paralyzed as soon as they were hit. The boss was so anxious that he jumped to his feet: “We are using a cloud vendor with its own protection!” Unpacking the configuration, good guy, the basic version of the 5Gbps cleaning capacity, not enough for hackers to warm up with. These days network attacks have long been industrialized. The offer to hit the site is clearly marked, 50 bucks can make your business paralyzed for an hour. Expecting basic protection from a cloud vendor? It's the equivalent of blocking a Gatling with a paper shield. In the high-traffic attack cases I've handled, the 90% team made a fatal mistake - waiting until...

At 3:00 a.m. that morning, an emergency call from the operations and maintenance team woke me up. A local government service platform was suddenly paralyzed, the page opened all CAPTCHA challenges, the people simply can not do business. The peak attack traffic rushed to 300Gbps, the traditional firewall like paper mache. After this incident, I completely understand: the CDN of the governmental system is not an "acceleration tool" at all, but a life-and-death line of defense. Governmental websites and ordinary enterprise websites are two completely different concepts. What you are facing may be an overseas APT organization staring at the data, or it may be a script kid practicing. But the worst thing is - it is clearly written in the equipoise compliance: but any private data involving citizens...

Recently to help a few chess customers to do penetration testing, found a bizarre phenomenon: the server configuration is obviously not bad, but the night rush will be stuck into the PPT, a check of the logs are all CC attacks on the traffic - this bunch of grandsons pick business peak hours to play, clearly do not want you to do business. A customer cried and said that the original use of ordinary high defense, every month was hit through three times, the player dropped to the customer service phone was broken. I took a look at their bills, good guy, monthly small 20,000 spent actually “shared high defense” package, traffic over the amount of money to pay, the cost of an attack directly soared to the ceiling. The chess industry has long been...

Recently, I helped a friend to deal with a project that was hit by DDoS and I couldn't take care of myself, so I remembered to ask him, “Are you using a CDN that doesn't have high defense?” As a result, this buddy asked me back with a confused look on his face: “Can you choose a protocol for a high defense CDN? Not give a domain name to hang up on the end of the matter?” I almost smashed the keyboard on the spot - these days there are still people who think that CDN is only for acceleration, defense and protocol support are just for show? To be honest, the protocol support thing is really not metaphysical. I've seen too many people buy a high defense service, the result is because the protocol is not paired, was pierced after the vendors scolded garbage. The problem is that you don't know what you're doing...

Recently an old customer to find me crying, the site was a wave of DDoS attacks directly dry down, the loss of more than 100,000 orders, I look at the log, good guy, a million requests per second, these days, even the script boy began to use the botnet, it is really indefensible. To be honest, do network security this line for more than ten years, I have seen too many enterprises because of the underestimation of the attack and planted, ordinary CDN, that stuff at best accelerate the content, really encountered large-scale attacks, with the same as the paper mache, high-defense CDN is the king of the road, but the selection of service providers like the challenge of friends, a little inattentive to be pitched. Why is high defense CDN so critical? I found that many enterprises ...

Recently to help a few social platforms to do security reinforcement, turn over their high-defense CDN logs almost did not make me laugh - attackers now even “3:00 a.m. on time to punch the clock to work” this kind of tawdry operation have been engaged in this year's blackmail also rolled into a twist ah. To be honest, many teams do not even look at the CDN defense logs. Thought that opening the WAF will be able to rest easy, the result of the attack traffic around like strolling in the back garden. I have seen the most outrageous case: a social app was gripped 300G traffic every day, the operation and maintenance froze for three months to see the logs did not find abnormal fields. Let's talk about the distribution of attack types. From my actual test CDN5 and CDN...

Recently helped an e-commerce station to do emergency response, encountered a crying situation: they spent a lot of money last year to buy a high defense CDN, the promotional page wrote "T-level protection", the results of the promotional activities just started ten minutes, the entire site was directly knocked down - the attack on the traffic is actually just 200G out of the head. The boss called to scold the service provider, the other party slowly came to a sentence: "You buy the basic package, peak defense only contains 100G, the excess part of the money to manually open" ...... this year, even CDN have to "defense teammates"? High-defense CDN this thing, to put it bluntly is to give the site invited a bodyguard. But the problem is that many enterprises...

Recently to help friends check the server load anomaly, a check found that the source IP was missed, the attack traffic directly bypassed the high-defense CDN hit through the server. These days, even the CDN have to “defense teammates” - you think the set of CDN on everything is fine? The leakage of the source IP minutes to teach you to be a person. I have seen too many teams blindly trust CDN service providers, did not do the second verification. The actual test found that more than 60% of the source station exposure event is not CDN was broken, but the configuration omission or edge cases. Don't believe in the “default security” nonsense, security must always rely on their own layers of locks. Why is hiding the source IP so ...

Recently, there are always buddies asking me, Cloudflare's high defense CDN can be used in China or not? Is the speed really as good as it is said to be? To be honest, I began to think about this problem five years ago, in the middle of the pit, paid tuition, and even because of the node pumping wind was almost sprayed into the sieve by the customer. Today I'll break open and talk about some real, and by the way, throw some real data to you for reference. First dump conclusion: if you user all in the domestic, pure Chinese business, and extremely sensitive to delay - then I advise you never head iron hard on Cloudflare. but if it is cross-border business, or need to carry D...

At 3am that morning, my cell phone suddenly vibrated like crazy - the boss of the business department called me directly, and his voice changed tone: "The official website and core services are all jammed, and the users' complaints have exploded! I instantly bounced up from the bed, even slippers can not wait to wear rushed to the computer, SSH connected up to see, good guy, the server network card is directly full, inbound UDP traffic like a mad dog soared to 4Gbps. this is clearly a typical UDP Flood attack, and is not a small fight. This is a typical UDP Flood attack, and it's not a small one. UDP Flood is definitely one of the most common DDoS attacks in the DDoS family.

Hey, when it comes to chess site protection, I really need to spit a good one. These days, DDoS attacks are like a regular meal, especially those targeted strikes against the source IP, which can paralyze the whole business if not careful. I remember last year to help a customer to deal with faults, their chess platform because the source station IP exposure, by a group of blackmail gangs for three days, the average daily loss of more than 100,000, customer service phone are almost busted. Since then, I completely understand: just rely on the traditional CDN cache acceleration is not enough, you have to play with multi-layer forwarding and source station hiding, in order to truly ensure security. Where is the problem? Simply put,...

Recently helped a friend to deal with a DDoS hit hanging station, logged on to the server to see the flow chart - good guy, the peak directly soared to 300Gbps, cloud vendors free protection is a sham. The other party used the cheapest reflection amplification attack, the cost is low and effective, picking the site did not do high-level protection. These days, even CDNs have to “prevent teammates”, not to mention the blackmail gangs with open fire and dark arrows. Many people think that the set of CDN will be all right, in fact, ordinary CDN in front of the real high-frequency attacks is a piece of paper. Can really carry modern DDoS, have to rely on specialized high-defense CDN - not simply cache ...