{"id":103496,"date":"2022-07-09T14:32:26","date_gmt":"2022-07-09T12:32:26","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=103496"},"modified":"2022-07-21T09:56:34","modified_gmt":"2022-07-21T07:56:34","slug":"wedos-global-protection-v-akci-l7-utoky-denne-presne-v-700","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/wedos-global-protection-v-akci-l7-utoky-denne-presne-v-700","title":{"rendered":"WEDOS Global Protection v akci &#8211; L7 \u00fatoky denn\u011b p\u0159esn\u011b v 7:00"},"content":{"rendered":"\n<p>Dneska pro v\u00e1s m\u00e1me uk\u00e1zku DDoS \u00fatoku na aplika\u010dn\u00ed vrstv\u011b (L7), kter\u00fd sm\u011b\u0159oval na weby jednoho na\u0161eho z\u00e1kazn\u00edka n\u011bkolikr\u00e1t za t\u00fdden. Zaj\u00edmav\u00e9 bylo, \u017ee \u00fatok za\u010d\u00ednal v\u017edy r\u00e1no v 7:00.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p><strong>Nov\u011b si m\u016f\u017eete \u010dl\u00e1nek poslechnout tak\u00e9 jako Podcast.<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-audio\"><audio controls src=\"https:\/\/podcasts.wedos.com\/podcast-download\/198\/wedos-blog-wedos-global-protection-v-akci-l7-utoky-denne-presne-v-700.mp3\"><\/audio><\/figure>\n\n\n\t\r\n\t<div id=\"podcast-subscribe-button-103338\" class=\"secondline-psb-radius-style secondline-psb-alignment-none\">\r\n\t\t\r\n\r\n<div class=\"secondline-psb-subscribe-icons\"><span class=\"secondline-psb-subscribe-Spotify\"><a title=\"Spotify\" onMouseOver=\"this.style.color=`#ffffff`; this.style.backgroundColor=`#cecece`\" onMouseOut=\"this.style.color=`#ffffff`; this.style.backgroundColor=`#cecece`\" style=\"color:#ffffff; background-color:#cecece\" class=\"button podcast-subscribe-button\" href=\"https:\/\/open.spotify.com\/show\/601abFlNcA1IiDLBZKKTLM\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"secondline-psb-subscribe-img lazyload\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/plugins\/podcast-subscribe-buttons\/assets\/img\/icons\/Spotify.svg\" alt=\"Spotify\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 64px; --smush-placeholder-aspect-ratio: 64\/64;\" \/><\/a><\/span><span class=\"secondline-psb-subscribe-Apple-Podcasts\"><a title=\"Apple-Podcasts\" onMouseOver=\"this.style.color=`#ffffff`; this.style.backgroundColor=`#cecece`\" onMouseOut=\"this.style.color=`#ffffff`; this.style.backgroundColor=`#cecece`\" style=\"color:#ffffff; background-color:#cecece\" class=\"button podcast-subscribe-button\" href=\"https:\/\/podcasts.apple.com\/us\/podcast\/wedos-podcasts\/id1631119933\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"secondline-psb-subscribe-img lazyload\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/plugins\/podcast-subscribe-buttons\/assets\/img\/icons\/Apple-Podcasts.svg\" alt=\"Apple Podcasts\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 64px; --smush-placeholder-aspect-ratio: 64\/64;\" \/><\/a><\/span><span class=\"secondline-psb-subscribe-Google-Podcasts\"><a title=\"Google-Podcasts\" onMouseOver=\"this.style.color=`#ffffff`; this.style.backgroundColor=`#cecece`\" onMouseOut=\"this.style.color=`#ffffff`; this.style.backgroundColor=`#cecece`\" style=\"color:#ffffff; background-color:#cecece\" class=\"button podcast-subscribe-button\" href=\"https:\/\/podcasts.google.com\/feed\/aHR0cHM6Ly9wb2RjYXN0cy53ZWRvcy5jb20vZmVlZC9wb2RjYXN0\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"secondline-psb-subscribe-img lazyload\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/plugins\/podcast-subscribe-buttons\/assets\/img\/icons\/Google-Podcasts.png\" alt=\"Google Podcasts\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 64px; --smush-placeholder-aspect-ratio: 64\/64;\" \/><\/a><\/span><\/div>                                       \r\n\t\t\r\n\t<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>Nejd\u0159\u00edve kr\u00e1tk\u00e9 shrnut\u00ed pojm\u016f.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u00datoky na aplika\u010dn\u00ed vrstv\u011b (L7)<\/h2>\n\n\n\n<p>Jednalo se o \u00fatoky na takzvan\u00e9 sedm\u00e9 aplika\u010dn\u00ed vrstv\u011b. Zjednodu\u0161en\u011b jedn\u00e1 se o vrstvu, kde u\u017e prob\u00edh\u00e1 v\u00fdm\u011bna dat mezi prohl\u00ed\u017ee\u010dem a serverem. Stahuj\u00ed anebo pos\u00edlaj\u00ed se p\u0159\u00edmo data, kter\u00e1 si vy\u017e\u00e1dal u\u017eivatel. P\u0159edchoz\u00ed vrstvy se postaraly o nav\u00e1z\u00e1n\u00ed spojen\u00ed, o formu komunikace atd. <\/p>\n\n\n\n<p>Tento druh \u00fatok\u016f je velice z\u00e1ke\u0159n\u00fd, proto\u017ee se tv\u00e1\u0159\u00ed jako legitimn\u00ed internetov\u00fd provoz. V access logu vid\u00edte b\u011b\u017en\u00e9 requesty GET na dokumenty PHP\/HTML, v\u011bt\u0161inou bez vol\u00e1n\u00ed dal\u0161\u00edch soubor\u016f (CSS, JavaScript, obr\u00e1zky atd.). Nemus\u00ed to v\u0161ak platit v\u017edy, setk\u00e1v\u00e1me se i s \u00fatoky, kde se schv\u00e1ln\u011b vol\u00e1 neexistuj\u00edc\u00ed str\u00e1nka (<a href=\"https:\/\/blog.wedos.cz\/dalsi-dve-ukazky-utoku-pres-aplikacni-vrstvu-na-nase-zakazniky#:~:text=P%C5%99%C3%ADpad%20%231%20%E2%80%93%20c%C3%ADl%20eshop%2C%20v%C3%BDpaln%C3%A9%204500%20USD\" target=\"_blank\" rel=\"noopener\">leden 2022<\/a>).<\/p>\n\n\n\n<p>Abyste takov\u00fdto \u00fatok mohli zastavit, tak mus\u00edte do komunikace mezi serverem a u\u017eivatelem vid\u011bt. Pak je snadn\u00e9 z\u00e1vadn\u00fd provoz omezit, proto\u017ee ne\u0159e\u0161\u00edte kdo tam jde, ale co a jak d\u011bl\u00e1. <\/p>\n\n\n\n<p>Pokud do komunikace nevid\u00edte, tak jedin\u00fdm \u0159e\u0161en\u00edm je omezit p\u0159\u00edstupy z dan\u00e9 IP adresy, co\u017e nen\u00ed ide\u00e1ln\u00ed, proto\u017ee za jednou IP adresou m\u016f\u017ee b\u00fdt cel\u00e9 s\u00eddli\u0161t\u011b. Nav\u00edc u\u017e d\u0159\u00edve jsme se setkali s \u00fatoky, kdy z\u0159ejm\u011b \u00fato\u010dili kv\u016fli malware mobily ze s\u00edt\u00ed zahrani\u010dn\u00edch mobiln\u00edch oper\u00e1tor\u016f (<a href=\"https:\/\/blog.wedos.cz\/prichazi-vlna-novych-a-zakernych-utoku-a-wedos-je-na-ne-pripraveny#:~:text=Jak%20se%20nen%C3%A1padn%C4%9B%20shazuje%20web\" target=\"_blank\" rel=\"noopener\">leden 2021<\/a>, <a href=\"https:\/\/blog.wedos.cz\/jak-roste-wedos-website-a-jak-si-sluzba-poradila-se-svym-prvnim-vetsim-ddos-utokem#:~:text=DDoS%20%C3%BAtok%20aneb%20vyzkou%C5%A1%C3%ADme%20co%20WebSite%20vydr%C5%BE%C3%AD\" target=\"_blank\" rel=\"noopener\">b\u0159ezen 2021<\/a>). Takov\u00e9to IP adresy nelze dlouhodob\u011b blokovat. P\u0159edstavte si, \u017ee by jedin\u00fdm \u0159e\u0161en\u00edm ochrany va\u0161eho webu bylo omezen\u00ed p\u0159\u00edstup\u016f ze s\u00edt\u00ed na\u0161ich mobiln\u00edch oper\u00e1tor\u016f. P\u0159es n\u011b jde v\u011bt\u0161ina legitimn\u00edho provozu. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global Protection<\/h2>\n\n\n\n<p>A pr\u00e1v\u011b tohle je pr\u00e1ce pro na\u0161i novou slu\u017ebu WEDOS Global Protection, kter\u00e1 u\u017e chr\u00e1n\u00ed p\u0159es 300 web\u016f na\u0161ich z\u00e1kazn\u00edk\u016f. Je postaven\u00e1 na na\u0161\u00ed decentralizovan\u00e9 s\u00edti WEDOS Global.<\/p>\n\n\n\n<p>Z\u00e1kazn\u00edkovi nasm\u011b\u0159ujeme dom\u00e9nu p\u0159es DNS z\u00e1znamy na reverzn\u00ed proxy WEDOS Global, p\u0159es kterou p\u016fjde v\u0161echen provoz. \u00dato\u010dn\u00edk nav\u00edc vid\u00ed jen IP adresu reverzn\u00ed proxy, tedy nev\u00ed, kde web ve skute\u010dnosti hostuje. <\/p>\n\n\n\n<p>Reverzn\u00ed proxy vid\u00ed do provozu a pokud jsou spln\u011bny podm\u00ednky, kter\u00e9 si nastav\u00ed z\u00e1kazn\u00edk anebo my, tak do cesty postav\u00ed p\u0159ek\u00e1\u017eku. M\u016f\u017ee se jednat o cookie + p\u0159esm\u011brov\u00e1n\u00ed anebo captcha. P\u0159\u00edpadn\u011b m\u016f\u017ee podez\u0159el\u00e9 p\u0159\u00edstupy \u00fapln\u011b zablokovat anebo jim uk\u00e1zat cachovan\u00fd obsah. Co v\u0161echno WEDOS Global Protection um\u00ed, si m\u016f\u017eete p\u0159e\u010d\u00edst v \u010dl\u00e1nku <a href=\"https:\/\/blog.wedos.cz\/nakouknuti-do-administrace-wedos-global-protection\" target=\"_blank\" rel=\"noopener\">Nakouknut\u00ed do administrace WEDOS Global Protection<\/a>.<\/p>\n\n\n\n<p>A te\u010f u\u017e k samotn\u00e9mu \u00fatoku.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Kdo byl c\u00edlem<\/h2>\n\n\n\n<p>Jedn\u00e1 se o \u00fasp\u011b\u0161nou \u010deskou spole\u010dnost, kter\u00e1 m\u00e1 \u0159adu pobo\u010dek v mnoha zem\u00edch Evropy. Pro ka\u017edou zemi m\u00e1 samostatnou webovou prezentaci, kde je p\u0159edstavena firma, slu\u017eby kter\u00e9 nab\u00edz\u00ed a produktov\u00fd katalog. Nejedn\u00e1 se tedy o klasick\u00fd e-shop. <\/p>\n\n\n\n<p>Jednotliv\u00e9 webov\u00e9 prezentace m\u00e1 na dom\u00e9n\u00e1ch ve tvaru zna\u010dka.ccTLD (n\u00e1rodn\u00ed dom\u00e9na). <\/p>\n\n\n\n<p>Jeden z web\u016f spole\u010dnosti byl pravideln\u011b pod \u00fatoky ji\u017e d\u0159\u00edve. \u0158e\u0161ili to optimalizac\u00ed, aby webhosting NoLimit ut\u00e1hl v\u011bt\u0161\u00ed n\u00e1por, n\u011bco jsme tak\u00e9 blokovali standardn\u00ed cestou. Pozd\u011bji byli jedni z prvn\u00edch, kter\u00e9 jsem p\u0159esunuli na testovac\u00ed WEDOS Global Protection. <\/p>\n\n\n\n<p>M\u011bli \u0161t\u011bst\u00ed, proto\u017ee L7 \u00fatoky tento rok v\u00fdrazn\u011b vzrostly na s\u00edle i intenzit\u011b. To u\u017e by ani nov\u00fd NoLimit Extra neut\u00e1hl a to na n\u011bm maj\u00ed z\u00e1kazn\u00edci weby i s jednotkami milion\u016f po\u017eadavk\u016f za den. Domn\u00edv\u00e1me se, \u017ee to m\u016f\u017ee b\u00fdt i d\u016fsledkem v\u00e1lky na Ukrajin\u011b, kdy prorusk\u00e9 hackersk\u00e9 skupiny uvolnily \u0159adu skript\u016f pro L7 \u00fatoky, v\u010detn\u011b n\u00e1vod\u016f, jak je pou\u017e\u00edvat.<\/p>\n\n\n\n<p>Vzhledem k tomu, \u017ee m\u00e1 z\u00e1kazn\u00edk webov\u00e9 prezentace na v\u00edce dom\u00e9nov\u00fdch koncovk\u00e1ch, tak jsme je postupn\u011b museli schovat v\u0161echny, proto\u017ee \u00fato\u010dn\u00edci jakmile narazili na aktivn\u00ed WEDOS Global Protection, tak zkusili jinou dom\u00e9nu. Nicm\u00e9n\u011b to nevzd\u00e1vali.<\/p>\n\n\n\n<p>N\u00e1sleduj\u00edc\u00ed 5 minutov\u00fd graf sleduje access log s jedn\u00edm z web\u016f. \u00datok za\u010d\u00edn\u00e1 p\u0159esn\u011b v 7:00 a m\u00e1 takovou s\u00edlu, \u017ee b\u011bhem prvn\u00edch 5 minut se objevuj\u00ed 503ky (vy\u010derp\u00e1n\u00ed p\u0159id\u011blen\u00fdch serverov\u00fdch zdroj\u016f).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-20220609-host.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"293\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-20220609-host-1024x293.png\" alt=\"\" class=\"wp-image-103507 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-host-1024x293.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-host-300x86.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-host-768x220.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-host-1536x440.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-host.png 1837w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/293;\" \/><\/a><figcaption>\u00datok dorazil na koncov\u00fd server a zp\u016fsobil, \u017ee \u010d\u00e1st po\u017eadavk\u016f server zahazoval (stavov\u00fd k\u00f3d 503 &#8211; tmav\u011b \u010derven\u011b).<\/figcaption><\/figure>\n\n\n\n<p>Jednalo se o \u00fatok na \u010d\u00e1sti WEDOS Global Protection, kter\u00e9 je\u0161t\u011b nebyly pln\u011b automaticky chr\u00e1n\u011bny. Je to komplikovan\u00e1 slu\u017eba a my akcelerujeme v\u00fdvoj k pln\u00e9 automatizaci, co to jde \ud83d\ude42<\/p>\n\n\n\n<p>Na n\u00e1sleduj\u00edc\u00edm grafu t\u00e9ho\u017e \u00fatoku, u\u017e je manu\u00e1ln\u011b spu\u0161t\u011bna pln\u00e1 ochrana a provoz sm\u011b\u0159uje p\u0159es jednotliv\u00e9 body.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-20220609-nasazeni-ochrany-WGP.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"333\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-20220609-nasazeni-ochrany-WGP-1024x333.png\" alt=\"\" class=\"wp-image-103514 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-nasazeni-ochrany-WGP-1024x333.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-nasazeni-ochrany-WGP-300x98.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-nasazeni-ochrany-WGP-768x250.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-nasazeni-ochrany-WGP-1536x500.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220609-nasazeni-ochrany-WGP.png 1860w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/333;\" \/><\/a><figcaption>Nasazen\u00ed ochran na cel\u00fd web. Provoz okam\u017eit\u011b jde p\u0159es jednotliv\u00e9 body a je filtrov\u00e1n.<\/figcaption><\/figure>\n\n\n\n<p>Probl\u00e9m tak\u00e9 byl v tom, \u017ee ne v\u0161echny dom\u00e9ny m\u011bl z\u00e1kazn\u00edk u n\u00e1s. D\u016fvodem je, \u017ee prozat\u00edm \u0159adu evropsk\u00fdch koncovek nenab\u00edz\u00edme, a tak je m\u011bl u konkurence a vyu\u017e\u00edval i jejich DNS. Pro spr\u00e1vn\u00e9 fungov\u00e1n\u00ed na\u0161ich ochran, v\u0161ak je nutn\u00e9 pou\u017e\u00edvat na\u0161e DNS servery. Tak\u017ee mu kolega napsal, a\u0165 to zm\u011bn\u00ed, a\u0165 m\u016f\u017eeme chr\u00e1nit v\u0161e.<\/p>\n\n\n\n<p>Zaj\u00edmav\u00e9 bylo, \u017ee o v\u011bt\u0161in\u011b \u00fatok\u016f nem\u011bl ani pon\u011bt\u00ed. Ostatn\u011b pokud byla dom\u00e9na chr\u00e1n\u011bna a v\u0161e fungovalo jak m\u011blo, tak \u00fatok vypadal z pohledu na\u0161ich ochran n\u00e1sledovn\u011b.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-na-pl-web-rano-20220607.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"376\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-na-pl-web-rano-20220607-1024x376.png\" alt=\"\" class=\"wp-image-103524 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-na-pl-web-rano-20220607-1024x376.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-na-pl-web-rano-20220607-300x110.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-na-pl-web-rano-20220607-768x282.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-na-pl-web-rano-20220607-1536x564.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-na-pl-web-rano-20220607.png 1654w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/376;\" \/><\/a><figcaption>Graf \u00fatoku na minutov\u00e9m grafu. \u0160pi\u010dka p\u0159es 388 tis\u00edc p\u0159\u00edstup\u016f za minutu.<\/figcaption><\/figure>\n\n\n\n<p>Prost\u011b p\u0159i\u0161el \u00fatok, jednotliv\u00e9 lokality podle m\u00edsta to posb\u00edraly a postavily podez\u0159el\u00e9mu provozu p\u0159ek\u00e1\u017eku (redirect, cache, captchu). <\/p>\n\n\n\n<p>Postupn\u011b byly \u00fatoky intenzivn\u011bj\u0161\u00ed, ale vzorec byl v\u017edy stejn\u00fd. Za\u010dalo se v 7:00 a po p\u016flhodin\u011b anebo v celou p\u0159i\u0161el n\u00e1r\u016fst. V\u011bt\u0161inou se \u00fato\u010dilo jen dopoledne. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/WGP-20220617-nej-utok-na-1-web.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"379\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/WGP-20220617-nej-utok-na-1-web-1024x379.png\" alt=\"\" class=\"wp-image-103534 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/WGP-20220617-nej-utok-na-1-web-1024x379.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/WGP-20220617-nej-utok-na-1-web-300x111.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/WGP-20220617-nej-utok-na-1-web-768x284.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/WGP-20220617-nej-utok-na-1-web-1536x568.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/WGP-20220617-nej-utok-na-1-web.png 1595w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/379;\" \/><\/a><figcaption>Pravideln\u00e9 \u00fatoky na web z\u00e1kazn\u00edka. V\u0161e filtrov\u00e1no.<\/figcaption><\/figure>\n\n\n\n<p>Nejsiln\u011bj\u0161\u00ed a posledn\u00ed \u00fatok na z\u00e1kazn\u00edk\u016fv web jsme zaznamenali 21.06.2022, kdy se \u00fato\u010dn\u00edk opravdu sna\u017eil a vyt\u00e1hl z \u00fatoku p\u0159es 500 tis\u00edc request\u016f na 1 dom\u00e9nu za minutu. Jak vid\u00edte, poru\u0161ili i svou b\u011b\u017enou \u00fato\u010d\u00edc\u00ed rutinu.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-20220621-l7-nejsilnejsi.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"345\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-20220621-l7-nejsilnejsi-1024x345.png\" alt=\"\" class=\"wp-image-103541 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220621-l7-nejsilnejsi-1024x345.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220621-l7-nejsilnejsi-300x101.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220621-l7-nejsilnejsi-768x259.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220621-l7-nejsilnejsi-1536x518.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-20220621-l7-nejsilnejsi.png 1872w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/345;\" \/><\/a><figcaption>Nejsiln\u011bj\u0161\u00ed zaznamenan\u00fd \u00fatok na z\u00e1kazn\u00edka p\u0159es\u00e1hl 500 tis\u00edc request\u016f za minutu.<\/figcaption><\/figure>\n\n\n\n<p>Berme tak\u00e9 v potaz, \u017ee to co vid\u00edte, u\u017e je o\u010di\u0161t\u011bno o p\u0159\u00edstupy, kter\u00e9 zablokoval p\u0159ed\u0159azen\u00fd SYN filtr na z\u00e1klad\u011b blacklist\u016f. V\u011bt\u0161inou odvede nejv\u00edce pr\u00e1ce (blokuje a\u017e 90 % probl\u00e9mov\u00e9ho provozu). Vzhledem k povaze filtru je t\u011b\u017ek\u00e9 p\u0159esn\u011b vyhodnotit, kam \u00fatoky \u0161ly a zjistit p\u0159esn\u00e1 \u010d\u00edsla. T\u011bch 500 tis\u00edc jsou p\u0159\u00edstupy, kter\u00e9 dok\u00e1zaly proj\u00edt ochranou postavenou na blacklistech. A to nepou\u017e\u00edv\u00e1me jen b\u011b\u017en\u00e9 placen\u00e9 blacklisty. M\u00e1me vlastn\u00ed postaven\u00e9 na datech ze v\u0161ech webhosting\u016f.<\/p>\n\n\n\n<p>Bohu\u017eel nem\u00e1me z WEDOS Global Protection centralizovan\u00e1 data za v\u0161echny m\u011bs\u00edce. Centr\u00e1ln\u011b jsme je za\u010dali sb\u00edrat a ukl\u00e1dat a\u017e za\u010d\u00e1tkem \u010dervna. Do t\u00e9 doby byly logy na serverech v jednotliv\u00fdch bodech a pr\u016fb\u011b\u017en\u011b se promaz\u00e1valy. Na n\u00e1sleduj\u00edc\u00edm grafu tak vid\u00edte \u00fatoky na tohoto na\u0161eho z\u00e1kazn\u00edka zhruba za prvn\u00ed t\u0159i t\u00fddny \u010dervna. Je to 3 hodinov\u00fd graf. Jak vid\u00edte, na ochrany dorazilo za tu dobu p\u0159es 134 milion\u016f request\u016f z 11.636 unik\u00e1tn\u00edch IP adres. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-L7-3h-graf.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"365\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/06\/utoky-L7-3h-graf-1024x365.png\" alt=\"\" class=\"wp-image-103707 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-L7-3h-graf-1024x365.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-L7-3h-graf-300x107.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-L7-3h-graf-768x274.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-L7-3h-graf-1536x548.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/06\/utoky-L7-3h-graf.png 1890w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/365;\" \/><\/a><figcaption>Graf \u00fatok\u016f na z\u00e1kazn\u00edka za prvn\u00ed 3 t\u00fddny v \u010dervnu.<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>V\u00fdvoj WEDOS Global i WEDOS Global Protection jde rychle kup\u0159edu. P\u0159ipravujeme dal\u0161\u00ed body. Do toho se sna\u017e\u00edme analyzovat prob\u00edhaj\u00edc\u00ed \u00fatoky a p\u0159ipravit se na budouc\u00ed. Jak vid\u00edte, tak se nenud\u00edme \ud83d\ude42<\/p>\n\n\n\n<p>P\u0159esunut\u00ed stovek web\u016f z\u00e1kazn\u00edk\u016f, kte\u0159\u00ed jsou \u010dasto pod \u00fatokem anebo maj\u00ed probl\u00e9mov\u00fd provoz (nap\u0159\u00edklad jsou \u010dasto p\u0159et\u011b\u017eov\u00e1ny roboty, kte\u0159\u00ed z nich z\u00edsk\u00e1vaj\u00ed obsah anebo odes\u00edlaj\u00ed formul\u00e1\u0159e) se velmi pozitivn\u011b odrazilo na v\u00fdkonu server\u016f. Webhostinogov\u00e9 servery prakticky zmizeli z monitoringu. A to d\u00edky <a href=\"https:\/\/www.wedos.online\/cs\/\" target=\"_blank\" rel=\"noopener\">wedos.online<\/a> m\u011b\u0159\u00edme ka\u017ed\u00fd web, ka\u017ed\u00e9ho na\u0161eho z\u00e1kazn\u00edka. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dneska pro v\u00e1s m\u00e1me uk\u00e1zku DDoS \u00fatoku na aplika\u010dn\u00ed vrstv\u011b (L7), kter\u00fd sm\u011b\u0159oval na weby jednoho na\u0161eho z\u00e1kazn\u00edka n\u011bkolikr\u00e1t za t\u00fdden. Zaj\u00edmav\u00e9 bylo, \u017ee \u00fatok za\u010d\u00ednal v\u017edy r\u00e1no v 7:00.<\/p>\n","protected":false},"author":9,"featured_media":103707,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[112],"tags":[23,122,186,177],"class_list":["post-103496","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-bezpecnost","tag-ddos","tag-wedos-global","tag-wedos-global-protection"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/103496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=103496"}],"version-history":[{"count":14,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/103496\/revisions"}],"predecessor-version":[{"id":105459,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/103496\/revisions\/105459"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/103707"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=103496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=103496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=103496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}