{"id":118097,"date":"2022-11-04T13:40:30","date_gmt":"2022-11-04T12:40:30","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=118097"},"modified":"2022-11-14T08:12:58","modified_gmt":"2022-11-14T07:12:58","slug":"wedos-global-protection-par-zajimavosti-z-testu-automatickych-ochran","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/wedos-global-protection-par-zajimavosti-z-testu-automatickych-ochran","title":{"rendered":"WEDOS Global Protection &#8211; p\u00e1r zaj\u00edmavost\u00ed z test\u016f automatick\u00fdch ochran"},"content":{"rendered":"\n<p>WEDOS Global Protection bude prvn\u00ed slu\u017eba postaven\u00e1 na WEDOS Global. Aktu\u00e1ln\u011b u\u017e jsme ve stavu otev\u0159en\u00e9ho testov\u00e1n\u00ed. V r\u00e1mci testov\u00e1n\u00ed m\u016f\u017eete zdarma p\u0159idat va\u0161i dom\u00e9nu na <a href=\"https:\/\/www.wedos.global\/\" target=\"_blank\" rel=\"noopener\">wedos.global<\/a> a zkou\u0161et r\u016fzn\u00e9 formy ochran a filtrov\u00e1n\u00ed provozu. V polovin\u011b \u0159\u00edjna se po\u010det tester\u016f p\u0159ehoupl p\u0159es 100. <strong>Dom\u00e9nu ani hosting u n\u00e1s nemus\u00edte m\u00edt. Pot\u0159eba je jen pou\u017e\u00edvat na\u0161e nameservery. <\/strong><\/p>\n\n\n\n<p>Nyn\u00ed slu\u017ebu WEDOS Global vyu\u017e\u00edv\u00e1 p\u0159es 1 000 velk\u00fdch web\u016f, a dokonce jeden e-shop s obratem kolem miliardy korun.  Ka\u017edou sekundu tam odbav\u00edme n\u011bkolik tis\u00edc str\u00e1nek. <\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Aktu\u00e1ln\u011b je\u0161t\u011b nen\u00ed proces p\u0159id\u00e1v\u00e1n\u00ed nov\u00fdch dom\u00e9n ide\u00e1ln\u00ed, proto\u017ee je ur\u010den sp\u00ed\u0161e zku\u0161en\u011bj\u0161\u00edm u\u017eivatel\u016fm &#8211; ti to zvl\u00e1dnou nastavit tak, aby se vyhnuli v\u00fdpadku. <s>Mus\u00edme to trochu poladit, aby to zvl\u00e1dl ka\u017ed\u00fd a bez v\u00fdpadku (nejd\u0159\u00edve je t\u0159eba importovat\/vlo\u017eit NS z\u00e1znamy a pak kdy\u017e budou spr\u00e1vn\u011b, tak u dom\u00e9ny nastavit DNS na na\u0161e). <\/s> <strong>Takhle bylo v dob\u011b psan\u00ed \u010dl\u00e1nku, ale my se vyv\u00edj\u00edme a u\u017e to neplat\u00ed. Nyn\u00ed je to tak, \u017ee zad\u00e1te dom\u00e9nu  a  my v\u0161e za\u0159\u00edd\u00edme. Vy si nakonec jen zm\u011bn\u00edte DNS servery a v\u0161e jede od n\u00e1s, bez v\u00fdpadku. <\/strong>I tu zm\u011bnu DNS server\u016f chceme nakonec zajistit. Ale to a\u017e t\u0159eba za t\u00fdden.  Pro dom\u00e9ny, kter\u00e9 maj\u00ed na\u0161e DNS je\u0161t\u011b proces nen\u00ed automatizovan\u00fd z d\u016fvod\u016f bezpe\u010dnosti a p\u0159\u00ed\u0161t\u00ed t\u00fdden p\u0159ijdeme s nov\u00fdm \u0159e\u0161en\u00edm. <\/p>\n\n\n\n<p>Jakmile si u dom\u00e9ny nastav\u00edte na\u0161e nameservery, tak jde provoz p\u0159es WEDOS Global, to znamen\u00e1, vyu\u017e\u00edv\u00e1te v\u0161echny aktivn\u00ed body, kter\u00fdch je aktu\u00e1ln\u011b 15. Hardware m\u00e1me ale nakoupen\u00fd na 50 bod\u016f.<\/p>\n\n\n\n<p>Aktu\u00e1ln\u00ed body:<\/p>\n\n\n\n<p>Evropa<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\ud83c\uddf3\ud83c\uddf1 Amsterodam<\/li><li>\ud83c\uddea\ud83c\uddf8 Barcelona<\/li><li>\ud83c\udde8\ud83c\udded Curych<\/li><li>\ud83c\uddeb\ud83c\uddee Helsinky<\/li><li>\ud83c\udde8\ud83c\uddff Hlubok\u00e1 nad Vltavou DC1<\/li><li>\ud83c\udde8\ud83c\uddff Hlubok\u00e1 nad Vltavou DC2 (v oleji)<\/li><li>\ud83c\uddec\ud83c\udde7 Lond\u00fdn<\/li><li>\ud83c\uddea\ud83c\uddf8 Madrid<\/li><li>\ud83c\uddeb\ud83c\uddf7 Pa\u0159\u00ed\u017e<\/li><li>\ud83c\uddf8\ud83c\uddea Stockholm<\/li><li>\ud83c\udde6\ud83c\uddf9 V\u00edde\u0148<\/li><li>\ud83c\uddf5\ud83c\uddf1 Var\u0161ava<\/li><\/ul>\n\n\n\n<p>Asie<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\ud83c\udded\ud83c\uddf0 Hongkong<\/li><li>\ud83c\uddf8\ud83c\uddec Singapur<\/li><li>\ud83c\uddef\ud83c\uddf5 Tokyo<\/li><\/ul>\n\n\n\n<p>Dnes (4.11.) byl doru\u010den hardware do Sydney, a tak tam za p\u00e1r dn\u00ed budeme v provozu. To bude 16. lokalita.<\/p>\n\n\n\n<p>M\u00e1me podepsan\u00fdch 5 lokalit v USA, jednu v Jihoafrick\u00e9 republice a Turecku. Tu chceme spustit v listopadu. D\u00e1le jedn\u00e1me o Bulharsku, Om\u00e1nu, Dubaji, Mexiku,  Argentin\u011b, Braz\u00edlii, Kolumbii, Chile.   Pokud to vyjde, tak to stihneme do konce roku. <\/p>\n\n\n\n<p>Co se t\u00fdk\u00e1 ochran, tak na ka\u017ed\u00e9m bod\u011b je na\u0161e st\u00e1vaj\u00edc\u00ed DDoS ochrana proti hrub\u00fdm \u00fatok\u016fm.  D\u00e1le tam je ochrana p\u0159ed tradi\u010dn\u00edmi L3\/L4 DDoS \u00fatoky. D\u00e1le je tam n\u00e1\u0161 p\u0159edsunut\u00fd SYN filtr, kter\u00fd blokuje stovky tis\u00edc probl\u00e9mov\u00fdch IP adres. Ty tam mohou b\u00fdt na p\u00e1r minut, hodin, dn\u016f anebo trvale. Postupn\u011b je tam p\u0159id\u00e1vaj\u00ed\/ub\u00edraj\u00ed roboti anebo kolegov\u00e9 na z\u00e1klad\u011b anal\u00fdzy provozu z v\u00edce jak 150 tis\u00edc web\u016f.<\/p>\n\n\n\n<p>To je dobr\u00fd z\u00e1klad, kter\u00fd v\u00e1m u\u0161et\u0159\u00ed n\u00e1klady na provoz (z\u00e1kazn\u00edci, kte\u0159\u00ed maj\u00ed chr\u00e1n\u011bn\u00e1 VPS, n\u00e1m potvrdili, \u017ee by jim sta\u010dila i ni\u017e\u0161\u00ed varianta, proto\u017ee odfiltrujeme v\u0161echny p\u0159et\u011b\u017eova\u010de a roboty). To se vzhledem k rostouc\u00edm cen\u00e1m elekt\u0159iny (a n\u00e1sledn\u011b i hostingov\u00fdch slu\u017eeb) m\u016f\u017ee hodit. Po\u010d\u00edt\u00e1me, \u017ee WEDOS Global Protection bude st\u00e1t &#8222;p\u00e1r stovek&#8220; m\u011bs\u00ed\u010dn\u011b pro firmy. Pokud jim u\u0161et\u0159\u00ed n\u011bjakou tu tis\u00edcovku m\u011bs\u00ed\u010dn\u011b, tak je to o d\u016fvod v\u00edc, pro\u010d WEDOS Global  pou\u017e\u00edvat \ud83d\ude42<\/p>\n\n\n\n<p>Dal\u0161\u00ed nastaven\u00ed ochran je u\u017e na v\u00e1s. Sami si nastav\u00edte, jak\u00e9 zem\u011b, kontinenty anebo IP chcete blokovat, p\u0159\u00edpadn\u011b u nich m\u016f\u017eete nastavit test captcha anebo cookie a redirect. <\/p>\n\n\n\n<p>V podstat\u011b se tak jedn\u00e1 o manu\u00e1ln\u00ed ochranu, kterou si mus\u00edte zapnout. Kdy\u017e se na v\u00e1s rozjede \u00fatok, tak m\u00e1te okam\u017eit\u011b mo\u017enost jednat. Nap\u0159\u00edklad pro v\u0161echny mimo \u010cR\/SK nastav\u00edte captcha. Do p\u00e1r minut m\u00e1te klid. <\/p>\n\n\n\n<p>R\u00e1di bychom to ale posunuli d\u00e1l a vytvo\u0159ili n\u011bjak\u00fd model automatick\u00e9 ochrany.  Kdy\u017e bude n\u011bjak\u00fd \u00fatok, tak se o v\u0161e postar\u00e1 robot.  S t\u00edmhle po\u010d\u00edt\u00e1me, \u017ee nasad\u00edme za n\u011bkolik dn\u00ed na ostr\u00e9 testy. <\/p>\n\n\n\n<p>K tomu slou\u017e\u00ed r\u016fzn\u00e9 modely, kter\u00e9 sleduj\u00ed, jak by si kter\u00fd filtr vedl v re\u00e1ln\u00e9m provozu. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">V\u00fdhody, kter\u00e9 jsme d\u0159\u00edve nem\u011bli<\/h2>\n\n\n\n<p>WEDOS Global p\u0159in\u00e1\u0161\u00ed dv\u011b nov\u00e9 v\u00fdhody, jak se vypo\u0159\u00e1dat s probl\u00e9mov\u00fdm provozem.<\/p>\n\n\n\n<p>M\u00e1te k dispozici jednotliv\u00e9 body, kter\u00e9 stahuj\u00ed lok\u00e1ln\u00ed provoz k sob\u011b a pos\u00edlaj\u00ed jej d\u00e1l. Ten je v\u017edy n\u011b\u010d\u00edm specifick\u00fd a m\u016f\u017eete se k n\u011bmu chovat jinak. Standardn\u011b v\u00e1m doraz\u00ed provoz z cel\u00e9ho sv\u011bta na server a vy mus\u00edte pracovat s t\u00edm, co o n\u011bm v\u00edte. To nen\u00ed ide\u00e1ln\u00ed. Podle IP t\u0159eba v\u00edte, \u017ee pat\u0159\u00ed \u010desk\u00e9 firm\u011b, ale ve skute\u010dnosti se jedn\u00e1 o zahrani\u010dn\u00ed provoz. U WEDOS Global toto pozn\u00e1te, proto\u017ee ten provoz jde nejkrat\u0161\u00ed cestou. <\/p>\n\n\n\n<p>Schv\u00e1ln\u011b se pod\u00edvejte na n\u00e1sleduj\u00edc\u00ed tabulku. V\u0161echny IP adresy &#8222;tvrdily&#8220;, \u017ee jsou \u010desk\u00e9. P\u0159itom \u010desk\u00e9 jdou jen p\u0159es Hlubokou nad Vltavou a Prahu.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"373\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/wedos-global-cesi-20221006-1024x373.png\" alt=\"\" class=\"wp-image-118190 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/wedos-global-cesi-20221006-1024x373.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/wedos-global-cesi-20221006-300x109.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/wedos-global-cesi-20221006-768x280.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/wedos-global-cesi-20221006.png 1177w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/373;\" \/><figcaption>Provoz z \u010desk\u00fdch IP adres p\u0159es jednotliv\u00e9 body WEDOS Global 06.10.2022<\/figcaption><\/figure>\n\n\n\n<p>IP adresy, kter\u00e9 jdou t\u0159eba p\u0159es Tokio, proto\u017ee to je pro n\u011b nejkrat\u0161\u00ed cesta, jsou podez\u0159el\u00e9 a m\u016f\u017eeme se k nim chovat jinak.<\/p>\n\n\n\n<p>Druhou v\u00fdhodou je, \u017ee nemus\u00edte hned podez\u0159el\u00fd provoz blokovat. Sta\u010d\u00ed mu do cesty d\u00e1t p\u0159ek\u00e1\u017eku, kterou bez probl\u00e9mu p\u0159ekon\u00e1 \u010dlov\u011bk ov\u0161em \u00fato\u010d\u00edc\u00ed robot u\u017e ne. N\u00e1m se osv\u011bd\u010dila t\u0159eba cookie + javascriptov\u00e9 p\u0159esm\u011brov\u00e1n\u00ed. Pro internetov\u00fd prohl\u00ed\u017ee\u010d to nen\u00ed probl\u00e9m. Ulo\u017e\u00ed a ov\u011b\u0159\u00ed cookie a z javascriptu se dozv\u00ed, kam m\u00e1 j\u00edt. Takov\u00fdto u\u017eivatel je ozna\u010den a nemus\u00ed test n\u011bkolik minut opakovat (je na v\u00e1s, kolik mu d\u00e1te \u010dasu). <\/p>\n\n\n\n<p>Samoz\u0159ejm\u011b jsou pokro\u010dil\u00ed roboti, kte\u0159\u00ed tohle um\u00ed \u0159e\u0161it, a dokonce i metody, jak to obej\u00edt. No a na ty m\u016f\u017eeme nasadit captchu. Ov\u0161em k masivn\u00edm \u00fatok\u016fm se nepou\u017e\u00edvaj\u00ed, proto\u017ee to je n\u00e1kladn\u011bj\u0161\u00ed ne\u017e prost\u011b p\u00e1lit des\u00edtky tis\u00edc request\u016f za vte\u0159inu. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Jak budeme ov\u011b\u0159ovat provoz<\/h2>\n\n\n\n<p>Zm\u011b\u0159it anom\u00e1lii v r\u00e1mci cel\u00e9ho provozu nen\u00ed tak snadn\u00e9, zvl\u00e1\u0161t\u011b kdy\u017e jste na vysok\u00fd provoz zvykl\u00ed. Ov\u0161em kdy\u017e sledujete provoz na ka\u017ed\u00e9m bod\u011b zvl\u00e1\u0161\u0165, tak ty anom\u00e1lie pom\u011brn\u011b dob\u0159e vid\u00edte. V\u011bt\u0161ina \u00fatok\u016f jde toti\u017e z cel\u00e9ho sv\u011bta.<\/p>\n\n\n\n<p>To znamen\u00e1, \u017ee sta\u010d\u00ed m\u011b\u0159it ka\u017ed\u00fd bod samostatn\u011b. Pokud v\u00e1\u0161 web c\u00edl\u00ed na \u010cechy, tak uvid\u00edme jen nepatrn\u00fd n\u00e1r\u016fst na bod\u011b Hlubok\u00e1 a Praha, ov\u0161em markantn\u00ed na ostatn\u00edch bodech. Na ostatn\u00edch bodech tak pust\u00edme t\u0159eba ten redirect s cookie. Nen\u00ed to nic, co by b\u011b\u017en\u00e9mu n\u00e1v\u0161t\u011bvn\u00edkovi vadilo a \u00fatoky to zastav\u00ed. Nepatrn\u00fd n\u00e1r\u016fst z \u010cR web ustoj\u00ed. A pokud by nebyl nepatrn\u00fd, tak se spust\u00ed ochrana. <\/p>\n\n\n\n<p>V n\u00e1sleduj\u00edc\u00ed tabulce vid\u00edte jednoduchou tabulku postavenou na re\u00e1ln\u00e9m provozu v jednom z 15 bod\u016f. V prvn\u00edm sloupci jsou dom\u00e9ny, v druh\u00e9m je provoz za posledn\u00edch 5 minut, v t\u0159et\u00edm za p\u0159edchoz\u00edch 5 minut a ve \u010dtvrt\u00e9m jsou 5 minutov\u00e9 pr\u016fm\u011bry za posledn\u00ed hodinu.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"504\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/hledani-utoku-body-1024x504.png\" alt=\"\" class=\"wp-image-118194 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/hledani-utoku-body-1024x504.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/hledani-utoku-body-300x148.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/hledani-utoku-body-768x378.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/hledani-utoku-body.png 1203w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/504;\" \/><\/figure>\n\n\n\n<p>\u0158ekn\u011bme, \u017ee by p\u0159i\u0161el \u00fatok a po\u010det request\u016f by byl t\u0159eba 5x oproti 5 minutov\u00fdm pr\u016fm\u011br\u016fm (s n\u011bjak\u00fdm minimem). Tak v tom bod\u011b m\u016f\u017eeme prost\u011b pustit kontrolu cookie + redirekt.<\/p>\n\n\n\n<p>Tohle je \u00fapln\u011b nejednodu\u0161\u00ed koncept. P\u0159i vyhodnocen\u00ed m\u016f\u017eeme pracovat s jak\u00fdmikoliv daty z access logu v\u010detn\u011b toho, jak dlouho trvaj\u00ed po\u017eadavky. M\u016f\u017eeme tak ud\u011blat i ochranu, kter\u00e1 bude omezovat v dan\u00e9m bod\u011b provoz, proto\u017ee jeho vy\u0159\u00edzen\u00ed trv\u00e1 dlouho (\u00fatok na necachovan\u00e9 str\u00e1nky). A to pro celou dom\u00e9nu anebo pro IP adresu. <\/p>\n\n\n\n<p>Mo\u017enost\u00ed je nespo\u010det. M\u00e1me spousty n\u00e1pad\u016f a hlavn\u011b dostatek provozu, na kter\u00e9m to jde re\u00e1ln\u011b nasimulovat. <\/p>\n\n\n\n<p>V budoucnu je v pl\u00e1nu toto v\u0161e posunout d\u00e1l s vyu\u017eit\u00edm AI (strojov\u00e9ho u\u010den\u00ed). <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Co se nepovedlo #1<\/h2>\n\n\n\n<p>N\u011bkter\u00e9 metody detekce \u00fatok\u016f byly tak dobr\u00e9, \u017ee poskytovaly slu\u0161n\u00fd seznam kompromitovan\u00fdch IP adres. Kdy\u017e takov\u00e9 IP zablokujete, tak to nikomu nevad\u00ed a naopak u\u0161et\u0159\u00edte spoustu serverov\u00fdch zdroj\u016f, proto\u017ee IP pat\u0159\u00ed po\u010d\u00edta\u010di (serveru) v botnetu, kter\u00fd po\u0159\u00e1d n\u011bco d\u011bl\u00e1. R\u00e1no hled\u00e1 zranitelnosti, odpoledne zkou\u0161\u00ed brute force \u00fatoky a v noci spamuje koment\u00e1\u0159e. <\/p>\n\n\n\n<p>Jeden takov\u00fd &#8222;honeypot&#8220; sledoval brute force \u00fatoky na p\u0159ihla\u0161ovac\u00ed str\u00e1nku WordPress. Funguje perfektn\u011b. Ka\u017ed\u00fd den to bylp des\u00edtky nov\u00fdch IP adres zapojen\u00fdch v n\u011bjak\u00e9m botnetu. No a jednou kolegov\u00e9 z podpory napsali, pro\u010d m\u00e1me na blacklistech Uptimerobot, co\u017e je slu\u017eba na sledov\u00e1n\u00ed dostupnosti slu\u017eeb. \u017de by opravu prov\u00e1d\u011bl brute force \u00fatoky?<\/p>\n\n\n\n<p>Popravd\u011b spadl tam zaslou\u017een\u011b, ale mohl za to u\u017eivatel. Zjistili jsme, \u017ee n\u011bkolik na\u0161ich z\u00e1kazn\u00edk\u016f (opravdu n\u011bkolik) se rozhodlo, \u017ee si budou kontrolovat dostupnost p\u0159ihla\u0161ovac\u00edho formul\u00e1\u0159e. V\u0161echny jsme pou\u010dili, ale kdy\u017e koukneme do statistik, dal\u0161\u00ed to za\u010dali d\u011blat.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"659\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/uptime-robot-dotazy-na-wp-login-1024x659.png\" alt=\"\" class=\"wp-image-118196 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/uptime-robot-dotazy-na-wp-login-1024x659.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/uptime-robot-dotazy-na-wp-login-300x193.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/uptime-robot-dotazy-na-wp-login-768x494.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/uptime-robot-dotazy-na-wp-login.png 1257w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/659;\" \/><figcaption>Statistiky kontrol dostupnosti WP-login p\u0159es Uptimerobot.<\/figcaption><\/figure>\n\n\n\n<p>Tohle ale byla sp\u00ed\u0161e na\u0161e chyba. Jednak je t\u0159eba kontrolovat i metodu po\u017eadavku. Tedy, zdali jsou na formul\u00e1\u0159 posl\u00e1na n\u011bjak\u00e1 data (p\u0159es POST) a hlavn\u011b IP adresy slu\u017eby jako Uptimerobot mus\u00edme m\u00edt na whitelistech. Co\u017e v dob\u011b psan\u00ed \u010dl\u00e1nku u\u017e m\u00e1me. <\/p>\n\n\n\n<p>Vzhledem k po\u010dtu \u00fatok\u016f na soubor wp-login.php, budou v\u0161echny tyto soubory na WEDOS Global Protection automaticky chr\u00e1n\u011bn\u00e9. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Co se nepovedlo #2<\/h2>\n\n\n\n<p>O pr\u00e1zdnin\u00e1ch jsme detekovali rozs\u00e1hlou aktivitu botnet\u016f, kter\u00e9 hledala zranitelnosti p\u0159es SQLi. Dokonce jsme tomuto t\u00e9matu v\u011bnovali <a href=\"https:\/\/blog.wedos.cz\/v-poslednich-dnech-evidujeme-narust-sqli-utoku-jak-nam-s-tim-pomuze-wedos-global-protection\" target=\"_blank\" rel=\"noopener\">\u010dl\u00e1nek na blogu<\/a>. \u00dato\u010dn\u00edci pou\u017e\u00edvali dv\u011b metody p\u0159\u00edmo z napaden\u00fdch VPS a p\u0159es obl\u00edben\u00e9 slu\u017eby poskytuj\u00edc\u00ed VPN. V n\u011bkter\u00e9 dny to byly i vy\u0161\u0161\u00ed stovky tis\u00edc request\u016f z des\u00edtek tis\u00edc IP adres.<\/p>\n\n\n\n<p>Vzhledem k tomu, \u017ee jsme to hl\u00eddali opravdu detailn\u011b, tak jsme mimo postupn\u00e9ho p\u0159esouv\u00e1n\u00ed aktivity mezi r\u016fzn\u00fdmi poskytovali VPN a VPS na tom zkou\u0161eli i model ochrany, z kter\u00e9ho by byl filtr pro WEDOS Global Protection.<\/p>\n\n\n\n<p>No a spadl n\u00e1m do n\u011bj Googlebot, respektive jeden  jeho rozsah, kter\u00fd nebyl na aktivn\u00edch whitelistech. Upozornil n\u00e1s na to jeden ze z\u00e1kazn\u00edk\u016f, tak\u017ee tam byl jen p\u00e1r hodin. Nic, co by ovlivnilo pozici webu ve vyhled\u00e1va\u010d\u00edch.  Google po\u010d\u00edt\u00e1 s t\u00edm, \u017ee ob\u010das server odm\u00edtne po\u017eadavky.<\/p>\n\n\n\n<p>Jednalo se o tyto po\u017eadavky. Na prvn\u00ed pohled opravdu vypadaj\u00ed jako pokus o SQLi.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-2.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"893\" height=\"609\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-2.png\" alt=\"\" class=\"wp-image-119367 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-2.png 893w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-2-300x205.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-2-768x524.png 768w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 893px; --smush-placeholder-aspect-ratio: 893\/609;\" \/><\/a><figcaption>Google prov\u00e1d\u00ed SQLi<\/figcaption><\/figure>\n\n\n\n<p>A \u0161lo to z t\u011bchto IP adres.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"773\" height=\"336\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti.png\" alt=\"\" class=\"wp-image-119369 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti.png 773w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-300x130.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-768x334.png 768w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 773px; --smush-placeholder-aspect-ratio: 773\/336;\" \/><\/a><figcaption>Google prov\u00e1d\u00ed SQLi<\/figcaption><\/figure>\n\n\n\n<p>Jedn\u00e1 se o podobn\u00fd vzor \u00fatok\u016f, kter\u00fd jsme detekovali z botnet\u016f p\u0159es poskytovatele VPN. Systematick\u00e9 zkou\u0161en\u00ed v relativn\u011b mal\u00e9m rozsahu, z v\u00edce IP na jednom \/24 rozsahu, kde se m\u011bn\u00ed prohl\u00ed\u017ee\u010de. Pro \u00faplnost prohl\u00ed\u017ee\u010de v p\u0159\u00edpad\u011b &#8222;pr\u00e1zdninov\u00fdch \u00fatok\u016f&#8220; p\u0159es VPN jsou automaticky generov\u00e1ny, tak\u017ee na ka\u017ed\u00fd p\u0159\u00edstup by byl jin\u00fd. <\/p>\n\n\n\n<p>Tyto IP adresy pat\u0159\u00ed Google a pou\u017e\u00edv\u00e1 je pro Googlebota.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"491\" height=\"254\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/obrazek-1.png\" alt=\"\" class=\"wp-image-119376 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/obrazek-1.png 491w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/obrazek-1-300x155.png 300w\" data-sizes=\"(max-width: 491px) 100vw, 491px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 491px; --smush-placeholder-aspect-ratio: 491\/254;\" \/><\/figure>\n\n\n\n<p>A zrovna tato konkr\u00e9tn\u00ed m\u00e1 i hezk\u00fd z\u00e1znam v AbuseIPDB.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-3.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"760\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-3-1024x760.png\" alt=\"\" class=\"wp-image-119371 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-3-1024x760.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-3-300x223.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-3-768x570.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/10\/google-hleda-SQLi-zranitelnosti-3.png 1221w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/760;\" \/><\/a><\/figure>\n\n\n\n<p>Jedn\u00e1 se opravdu o ofici\u00e1ln\u00ed IP adresu Googlebota, kterou si m\u016f\u017eete <a href=\"https:\/\/developers.google.com\/static\/search\/apis\/ipranges\/googlebot.json\" target=\"_blank\" rel=\"noopener\">ov\u011b\u0159it p\u0159\u00edmo u nich<\/a>. <\/p>\n\n\n\n<p>Prov\u00e1d\u00ed tedy Googlebot SQLi \u00fatoky? To s nejv\u011bt\u0161\u00ed pravd\u011bpodobnost\u00ed ne. \u00dato\u010dn\u00edk jen p\u0159ipravil pro Googlebota URL, kterou m\u00e1 nav\u0161t\u00edvit. Googlebot je v\u0161ude whitelistovan\u00fd, tak\u017ee mu tento \u00fatok prost\u011b projde. A na to \u00fato\u010dn\u00edk vs\u00e1z\u00ed. Celkem origin\u00e1ln\u00ed, ne? \ud83d\ude42<\/p>\n\n\n\n<p><strong>P\u0159\u00ed\u0161t\u011b naopak nap\u00ed\u0161eme o tom, co se n\u00e1m povedlo. Uk\u00e1\u017eeme p\u00e1r uk\u00e1zek o tom, jak WEDOS Global pomohl zrychlit web, zlep\u0161it dostupnost, vylep\u0161il pozice ve vyhled\u00e1va\u010d\u00edch a jak chr\u00e1n\u00ed proti \u00fatok\u016fm nebo \u0161et\u0159\u00ed pen\u00edze za elekt\u0159inu nebo drah\u00fd hardware.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>Na WEDOS Global Protection pracujeme na v\u0161ech front\u00e1ch. Hled\u00e1me nov\u00e9 lokality, domlouv\u00e1me se s datacentry i poskytovali konektivity ve vybran\u00fdch lokalit\u00e1ch, prob\u00edh\u00e1 konfigurace HPE Moonshot 1500, kter\u00fd se pos\u00edl\u00e1 do lokalit, domlouv\u00e1 se odvoz a pap\u00edrov\u00e1n\u00ed, instalace p\u0159\u00edmo na m\u00edst\u011b, vyv\u00edj\u00ed se backend i frontend, lad\u00ed obchodn\u00ed model a samoz\u0159ejm\u011b se navrhuj\u00ed i ochrany. Je to nejv\u011bt\u0161\u00ed projekt, na kter\u00e9m jsme kdy u WEDOS d\u011blali. A samoz\u0159ejm\u011b hled\u00e1me i dal\u0161\u00ed testery. Tak nev\u00e1hejte a vyzkou\u0161ejte <a href=\"https:\/\/www.wedos.global\/\" target=\"_blank\" rel=\"noopener\">wedos.global<\/a>. Nemus\u00edte u n\u00e1s m\u00edt hosting ani dom\u00e9nu, sta\u010d\u00ed jen vyu\u017e\u00edt na\u0161e DNS, kter\u00e1 z\u00e1rove\u0148 budou maskovat, kde je v\u00e1\u0161 skute\u010dn\u00fd hosting.<\/p>\n\n\n\n<p>Brzo chceme p\u0159idat dal\u0161\u00ed slu\u017eby zalo\u017een\u00e9 na na\u0161\u00ed glob\u00e1ln\u00ed celosv\u011btov\u00e9 s\u00edti WEDOS Global. Ji\u017e brzo se do\u010dk\u00e1te DNS server\u016f. D\u00edky tomu budou va\u0161e dom\u00e9ny a weby bezpe\u010dn\u011bj\u0161\u00ed a celosv\u011btov\u011b dostupn\u011bj\u0161\u00ed a rychleji a spolehliv\u011bji  budou odpov\u00eddat. To u\u017e testujeme v ostr\u00e9m nasazen\u00ed.<br>Potom chceme p\u0159idat inteligentn\u00ed filtraci mail\u016f a ochranu proti spamu.  Tam u\u017e b\u011b\u017e\u00ed v\u00fdvoj. <br>Je\u0161t\u011b letos nasad\u00edme WEDOS OnLine &#8211; n\u00e1\u0161 monitoring, kter\u00fd bude m\u00edt sondy po cel\u00e9m sv\u011bt\u011b. <br>Co d\u00e1l? Pl\u00e1nujeme tam priv\u00e1tn\u00ed VPN s\u00edt\u011b a  mnoho dal\u0161\u00edho.  Nechte se p\u0159ekvapit. Jsme sice \u010desk\u00e1 firma, s dv\u011bma datacentry na Hlubok\u00e9, ale chceme b\u00fdt glob\u00e1ln\u00ed firmou s celosv\u011btov\u00fdm pokryt\u00edm a glob\u00e1ln\u00ed nab\u00eddkou.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WEDOS Global Protection bude prvn\u00ed slu\u017eba postaven\u00e1 na WEDOS Global. Aktu\u00e1ln\u011b u\u017e jsme ve stavu otev\u0159en\u00e9ho testov\u00e1n\u00ed. V r\u00e1mci testov\u00e1n\u00ed m\u016f\u017eete zdarma p\u0159idat va\u0161i dom\u00e9nu na wedos.global a zkou\u0161et r\u016fzn\u00e9 formy ochran a filtrov\u00e1n\u00ed provozu. V polovin\u011b \u0159\u00edjna se po\u010det tester\u016f p\u0159ehoupl p\u0159es 100. Dom\u00e9nu ani hosting u n\u00e1s nemus\u00edte m\u00edt. Pot\u0159eba je jen pou\u017e\u00edvat &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blog.wedos.com\/cs\/wedos-global-protection-par-zajimavosti-z-testu-automatickych-ochran\" class=\"more-link\">Pokra\u010dovat ve \u010dten\u00ed<span class=\"screen-reader-text\"> &#8222;WEDOS Global Protection &#8211; p\u00e1r zaj\u00edmavost\u00ed z test\u016f automatick\u00fdch ochran&#8220;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":119379,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[186,177],"class_list":["post-118097","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sluzby","tag-wedos-global","tag-wedos-global-protection"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/118097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=118097"}],"version-history":[{"count":9,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/118097\/revisions"}],"predecessor-version":[{"id":120996,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/118097\/revisions\/120996"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/119379"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=118097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=118097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=118097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}