When the traffic of the website is large, it will often be attacked by hackers, which will lead to the result that the hard-working website cannot be accessed normally or even disappear. Lao Wei summarized the common Web attack hazard And protection methods, and Alibaba Cloud web application firewall (waf) How to protect online security is for your reference. I hope you can give me some advice.
Web attack characteristics
Large scale, automation and harm are highly valued by the state. It is the most common way for hackers to write automatic attack programs to launch large-scale attacks against Web applications with the same vulnerabilities. According to the annual report on web application security of the latest year, 99% of websites have suffered from different degrees of web attacks in the past year.
Web attack hazard
Web page tampering
After the website program vulnerabilities are invaded, trojans and backdoors are planted, which can easily tamper with the web content, add black chains, and seriously publish pornographic, gambling, and drug information, causing bad social impact, or even seriously damaging the corporate brand image.
Solution: change program, update patch, patch vulnerability, permission setting, frequent backup.
Database is invaded
Obtain website database and user data through SQL injection, resulting in website data table being tampered with and implanted into the back door, ranging from losing database information to being sold or acted maliciously. Cause business crisis.
Solution: Use firewall to resist.
CC attack
The website is occupied by a large number of requests for a long time and consumes server resources, resulting in a server performance bottleneck. The long-term CPU and load are 100%, and the 503 status cannot be recovered, resulting in a slow response speed of the website, and business cannot be accessed, resulting in huge business losses to the website. For a long time, the website access is abnormal, the search engine is unable to capture, the index has been emptied and the keyword ranking has disappeared, the website visit volume has plummeted, and the ranking has disappeared for serious K stations of the search engine.
Solution: Select the host service provider of the firewall, such as Alibaba Cloud 、 Tencent Cloud Etc.
Server hijacked
Hackers control a large number of servers (commonly known as broilers), launch network attacks on others, mine and other illegal acts. As a result, the server performance is seriously degraded, or even the server control is lost. It is used by others to make illegal profits, or even the enterprise is blackmailed.
Solution: Modify the default port, close the redundant port, and use the firewall..
Malicious scanning
Through the tool to automatically scan for vulnerabilities, further attacks will be carried out after the vulnerabilities are found, and the website management right will be obtained just like the webpage tampering, so hackers can do whatever they want.
Solution: Modify the default port and close the redundant port. Use Professional web firewall 。
Commodity prices and website data are captured
Use automated scripts or crawlers to crawl prices, data, original content, etc. in trading websites, causing malicious price competition, illegal data reselling, website traffic transfer, and other hazards
Alibaba Cloud web application firewall (waf) introduction
Identify and protect malicious features of website or APP business traffic, and return normal and safe traffic to the server. Avoid malicious intrusion of website server, ensure the security of core data of business, and solve the problem of abnormal server performance caused by malicious attacks.
Automatic protection against web vulnerabilities, no fear of hackers and virus intrusion, one-stop solution to hanging horses, tampering, crawling, data leakage, CC attacks and other issues, and enjoy 7 * 24 expert online services.
Alibaba Cloud web application firewall (waf) function
- Web application attack protection: general Web attack protection, 0day vulnerability virtual patch, website invisibility;
- Mitigate malicious CC attacks: filter malicious Bot traffic to ensure normal server performance;
- Business security: provide business risk control solutions to address business security risks such as interface anti brushing and anti climbing;
- HTTPS optimization: website one click HTTPS and HTTP back to source reduce the load pressure on the source site;
- HTTP/HTTPS access control: multi-dimensional accurate control of traffic;
- Log service: it supports the real-time storage, analysis and user-defined report service of the full amount of logs for an extremely long time, supports the online synchronization of logs with third-party platforms, and helps ensure compliance and legality;
- For more functions, please Click to go to the firewall page Learn more.
Alibaba Cloud web application firewall (waf) price
open AliCloud web application firewall activity page , click to immediately collect the voucher, and select the subscription or volume version [View Details] at the bottom of this page to enter the purchase page.
As shown in the figure above, Alibaba Cloud web application firewalls can be divided into the following three types:
- Web application firewall resource package, AliCloud web application firewall (monthly package), AliCloud web application firewall (pay as you go). For long-term use, it is more cost-effective to choose monthly package, and the discount is larger;
- The regions are divided into Mainland China and overseas regions. The specific areas are shown on the page;
- Version: basic inclusive version, basic advanced version, advanced version, enterprise version, flagship version, etc. Different versions have different prices Please go to the firewall purchase page see.
- If you have more than one domain name, you need to purchase additional domain name expansion packs.
Alibaba Cloud web application firewall example
- The original price of basic inclusive edition is 199 yuan/year, and the actual payment price is 149 yuan/year after receiving 50 yuan voucher;
- The original price of basic advanced version is 999 yuan/year, and the actual price is 799 yuan/year after receiving 200 yuan voucher;
- 200 yuan voucher can be used when 998 yuan is reached
Lao Wei recommended AliCloud web application firewall activity page Purchase the web firewall after receiving the voucher, which is valid within 30 days after receiving the voucher.
Web attack hazard It doesn't exist all the time. If your enterprise application is in this situation and you can't find a suitable solution, you can try Alibaba Cloud web application firewall As an access provider of basic cloud services for many years on Taobao, Tmall, Alibaba, 1688 and other large websites, it is fully capable of resisting external attacks and ensuring the normal operation of web applications.
