{"id":138059,"date":"2023-06-13T09:34:29","date_gmt":"2023-06-13T07:34:29","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=138059"},"modified":"2023-06-13T10:02:13","modified_gmt":"2023-06-13T08:02:13","slug":"waf-report-z-wedos-global-protection-za-kveten-2023","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/waf-report-z-wedos-global-protection-za-kveten-2023","title":{"rendered":"WAF report z WEDOS Global Protection za kv\u011bten 2023"},"content":{"rendered":"\n<p>V kv\u011btnu jsme pokra\u010dovali v budov\u00e1n\u00ed na\u0161\u00ed infrastruktury WEDOS Global. Posunuli jsme se tak\u00e9 se slu\u017ebou WEDOS Zone, kter\u00e1 v\u00e1m umo\u017en\u00ed vyu\u017e\u00edvat jen na\u0161e anycast DNS. Slu\u017eba WEDOS Global Protection za\u017eila tak\u00e9 nejv\u011bt\u0161\u00ed L7 DDoS n\u00e1por od doby, co detailn\u011b m\u011b\u0159\u00edme a zaznamen\u00e1v\u00e1me \u00fatoky. <\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global<\/h2>\n\n\n\n<p>WEDOS Global je n\u00e1zev na\u0161\u00ed infrastruktury, na kter\u00e9 jede stejnojmenn\u00e1 celosv\u011btov\u00e1 s\u00ed\u0165.  Cel\u00e1 infrastruktura WEDOS Global m\u00e1 aktu\u00e1ln\u011b k dispozici p\u0159es 1500 fyzick\u00fdch server\u016f a konektivitu p\u0159es 2,5 Tbps. Na konci kv\u011btna jsme m\u011bli servery ve 24 lokalit\u00e1ch v 19 st\u00e1tech na 5 kontinentech. Dal\u0161\u00ed 2 lokality jsou ve f\u00e1zi dokon\u010dov\u00e1n\u00ed.<\/p>\n\n\n\n<p>Pokud se o WEDOS Global chcete dozv\u011bd\u011bt v\u00edce, tak si pus\u0165te z\u00e1znam p\u0159edn\u00e1\u0161ky z Kubernetes Community Days Czech &amp; Slovak 2023 v Bratislav\u011b, kde na\u0161i dva kolegov\u00e9, kte\u0159\u00ed na v\u00fdvoji slu\u017eby pracuj\u00ed, m\u011bli p\u0159edn\u00e1\u0161ku &#8222;WEDOS Global &#8211; glob\u00e1ln\u00ed Kubernetes infrastruktura, jej\u00ed v\u00fdvoj a \u00fadr\u017eba&#8220;.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Glob\u00e1ln\u00ed Kubernetes infrastruktura, jej\u00ed v\u00fdvoj a \u00fadr\u017eba-WEDOS Global - Jakub Sassmann a Martin Du\u0161ek\" width=\"525\" height=\"295\" data-src=\"https:\/\/www.youtube.com\/embed\/siA5YFE5N4E?start=25&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Nov\u00fd bod WEDOS Global v Istanbulu<\/h3>\n\n\n\n<p>V \u00fater\u00fd 02.05.2023 ve 14:04 jsme spustili novou lokalitu WEDOS Global v Turecku se 45 fyzick\u00fdmi servery a konektivitou 100 Gbps. Tato lokalitu je velice d\u016fle\u017eit\u00e1, proto\u017ee bude m\u00edt na starosti provoz pro st\u0159edn\u00ed v\u00fdchod a \u010d\u00e1st Afriky. Bude p\u0159es ni p\u0159istupovat v\u00edce jak 400 milion\u016f internetov\u00fdch u\u017eivatel\u016f v regionu. Istanbul je ji\u017e 24. lokalita WEDOS Global.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nov\u00e9 propoje WEDOS Global<\/h3>\n\n\n\n<p>V dubnu jsme ozn\u00e1mili na\u0161e p\u0159ipojen\u00ed k Bulgarian Internet eXchange (BIX.bg) prost\u0159ednictv\u00edm na\u0161eho bodu v Sofii v Bulharsku. Toto byl d\u016fle\u017eit\u00fd krok, kter\u00fd n\u00e1m potvrdil, \u017ee jdeme spr\u00e1vnou cestou. Dokonce v\u00fdsledky p\u0159ed\u010dily na\u0161e o\u010dek\u00e1v\u00e1n\u00ed.<\/p>\n\n\n\n<p>V r\u00e1mci pos\u00edlen\u00ed WEDOS Global v dan\u00e9 oblasti jsme se p\u0159ipojili i k Balkan-IX. Zat\u00edmco BIX.bg n\u00e1m zajist\u00ed skv\u011blou dostupnost a odezvu p\u0159edev\u0161\u00edm v Bulharsku, Balkan-IX j\u00ed zlep\u0161\u00ed odezvu a dostupnost v cel\u00e9m regionu.<\/p>\n\n\n\n<p>WEDOS Global se neust\u00e1le roz\u0161i\u0159uje. Usilovn\u011b pracujeme na p\u0159id\u00e1v\u00e1n\u00ed dal\u0161\u00edch lokalit a nav\u00edc sou\u010dasn\u011b jedn\u00e1me o spolupr\u00e1ci s patn\u00e1cti provozovateli IXP (Internet Exchange Points), v\u011bt\u0161inou evropsk\u00fdmi.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je to IXP (Internet Exchange Point)?<\/strong><\/p>\n\n\n\n<p>IXP (Internet Exchange Point) je fyzick\u00e9 m\u00edsto, kde se propojuj\u00ed r\u016fzn\u00e9 s\u00edt\u011b. Provozovatel\u00e9 s\u00edt\u00ed se zde mohou propojit a vym\u011b\u0148ovat data. D\u00edky tomu se sni\u017euje latence a zvy\u0161uje rychlost p\u0159enosu dat mezi jejich s\u00edt\u011bmi. V podstat\u011b je to k\u0159i\u017eovatka lok\u00e1ln\u00edho internetu. <\/p>\n<\/div><\/div>\n\n\n\n<p>WEDOS Global se t\u00edm posune na novou \u00farove\u0148. U\u017e jsme se dostali do TOP 10 v Evrop\u011b a v\u00edme, \u017ee to bude je\u0161t\u011b lep\u0161\u00ed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statistiky<\/h2>\n\n\n\n<p>N\u00e1sleduj\u00edc\u00ed statistiky jsou z proxy server\u016f na jednotliv\u00fdch bodech, kter\u00e9 odbavuj\u00ed po\u017eadavky o\u010di\u0161t\u011bn\u00e9 od L3\/L4 DDoS \u00fatok\u016f.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co jsou L3\/L4 \u00fatoky?<\/strong><\/p>\n\n\n\n<p>DDoS \u00fatoky na L3 a L4 vrstv\u011b se zam\u011b\u0159uj\u00ed na s\u00ed\u0165ovou a transportn\u00ed vrstvu a vyu\u017e\u00edvaj\u00ed r\u016fzn\u00e9 techniky, jak zahlcovat c\u00edlov\u00e9 servery nebo za\u0159\u00edzen\u00ed.<br><br>S\u00ed\u0165ov\u00e1 vrstva (L3) &#8211; zaji\u0161\u0165uje sm\u011brov\u00e1n\u00ed dat mezi r\u016fzn\u00fdmi s\u00edt\u011bmi pomoc\u00ed logick\u00fdch adres (IP).<br><br>Transportn\u00ed vrstva (L4) &#8211; zaji\u0161\u0165uje spolehliv\u00fd a \u0159\u00edzen\u00fd p\u0159enos dat mezi koncov\u00fdmi body pomoc\u00ed protokol\u016f jako TCP nebo UDP.<\/p>\n<\/div><\/div>\n\n\n\n<p>D\u00e1le jsou o\u010di\u0161t\u011bny o v\u0161echny po\u017eadavky, kter\u00e9 jdou ze server\u016f na na\u0161ich blacklistech.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Jak pou\u017e\u00edv\u00e1 WEDOS blacklisty?<\/strong><\/p>\n\n\n\n<p>WEDOS vyu\u017e\u00edv\u00e1 \u0159adu blacklist\u016f, kter\u00e9 si tvo\u0159\u00edme sami anebo z\u00edsk\u00e1v\u00e1me od t\u0159et\u00edch stran. <\/p>\n\n\n\n<p>Nejv\u00edce IP adres je na automaticky generovan\u00fdch blacklistech, kter\u00e9 se vytv\u00e1\u0159\u00ed algoritmy na z\u00e1klad\u011b anal\u00fdzy provozu v re\u00e1ln\u00e9m \u010dase. IP adresa zde m\u016f\u017ee b\u00fdt jednotky minut anebo i hodin. <\/p>\n\n\n\n<p>D\u00e1le m\u00e1me standardn\u00ed blacklisty, kter\u00e9 tvo\u0159\u00ed na\u0161i odborn\u00edci na kybernetickou bezpe\u010dnost v reakci na \u00fatoky anebo z anal\u00fdzy log\u016f. Pou\u017e\u00edv\u00e1me i placen\u00e9 blacklisty t\u0159et\u00edch stran (Udger, AbuseIPdb).<\/p>\n<\/div><\/div>\n\n\n\n<p>D\u00e1le do p\u0159ehledu nejsou zahrnuty n\u011bkter\u00e9 po\u017eadavky, kter\u00e9 pou\u017e\u00edv\u00e1me pro monitorov\u00e1n\u00ed dostupnosti a fungov\u00e1n\u00ed jednotliv\u00fdch bod\u016f, aby statistiky nezkreslovaly.<\/p>\n\n\n\n<p>Ke konci kv\u011btna po\u010det chr\u00e1n\u011bn\u00fdch dom\u00e9n WEDOS Global Protection narostl na <strong>3034<\/strong>. V\u011bt\u0161inou jsou to dom\u00e9ny, kter\u00e9 p\u0159idala podpora kv\u016fli \u00fatok\u016fm anebo to jsou n\u00e1ro\u010dn\u00e9 weby, kter\u00fdm v\u00fdrazn\u011b pom\u00e1h\u00e1 automatick\u00e1 cache na proxy serveru (v podstat\u011b CDN). Mimo n\u00e1s vyu\u017e\u00edv\u00e1 WEDOS Global Protection <strong>804 u\u017eivatel\u016f<\/strong>.<\/p>\n\n\n\n<p>V kv\u011btnu bylo zaznamen\u00e1no celkem <strong>2&nbsp;679&nbsp;570&nbsp;211 po\u017eadavk\u016f (+43,35 %)<\/strong> z <strong>8&nbsp;101&nbsp;233 (+1,96 %) unik\u00e1tn\u00edch IP adres<\/strong>, kter\u00e9 sm\u011b\u0159ovaly na chr\u00e1n\u011bn\u00e9 dom\u00e9ny. V pr\u016fm\u011bru za den odbavily proxy servery <strong>86&nbsp;437&nbsp;749 po\u017eadavk\u016f<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230602-denni-graf.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"356\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230602-denni-graf-1024x356.png\" alt=\"\" class=\"wp-image-138166 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230602-denni-graf-1024x356.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230602-denni-graf-300x104.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230602-denni-graf-768x267.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230602-denni-graf-1536x534.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230602-denni-graf.png 1845w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/356;\" \/><\/a><figcaption class=\"wp-element-caption\">Denn\u00ed graf p\u0159\u00edstup\u016f na WEDOS Global za kv\u011bten, o\u010di\u0161t\u011bn\u00fdch od L3\/L4.<\/figcaption><\/figure>\n\n\n\n<p>Za n\u00e1r\u016fst m\u016f\u017ee jednak p\u0159ib\u00fdvaj\u00edc\u00ed po\u010det chr\u00e1n\u011bn\u00fdch dom\u00e9n, ale tak\u00e9 del\u0161\u00ed L7 DDoS \u00fatoky, kter\u00e9 v posledn\u00edch letech v\u00fdrazn\u011b z\u00edskaly na popularit\u011b. K jejich eliminaci je pot\u0159eba vid\u011bt do provozu, proto\u017ee z venku vypadaj\u00ed jako legitimn\u00ed p\u0159\u00edstupy. Co\u017e pro n\u00e1s nen\u00ed probl\u00e9m \ud83d\ude42<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je L7 DDoS \u00fatok?<\/strong><\/p>\n\n\n\n<p>L7 DDoS \u00fatok je typ kybernetick\u00fdch \u00fatok\u016f na web anebo aplikaci, kter\u00fd pou\u017e\u00edv\u00e1 b\u011b\u017en\u00e9 internetov\u00e9 po\u017eadavky jako GET a POST. C\u00edlem je zpomalit anebo znep\u0159\u00edstupnit webovou str\u00e1nku anebo t\u0159eba API. <\/p>\n\n\n\n<p>\u00datoky na L7 jsou obt\u00ed\u017en\u011b odhaliteln\u00e9 a odli\u0161iteln\u00e9 od norm\u00e1ln\u00edho provozu, proto\u017ee pou\u017e\u00edvaj\u00ed stejn\u00e9 protokoly a metody jako legitimn\u00ed u\u017eivatel\u00e9. K jejich eliminaci je pot\u0159eba pou\u017e\u00edt speci\u00e1ln\u00ed n\u00e1stroje a techniky a d\u016fkladnou anal\u00fdzu s\u00ed\u0165ov\u00e9ho provozu.<\/p>\n<\/div><\/div>\n\n\n\n<p>V kv\u011btnu se ladila a vylep\u0161ovala ochrana, tak\u017ee bohu\u017eel nem\u00e1me p\u0159esn\u00e9 statistiky kolik toho zachytila kter\u00e1 metoda ochrany jako je limitov\u00e1n\u00ed po\u017eadavk\u016f, limitov\u00e1n\u00ed p\u0159ipojen\u00ed atd. Jedn\u00e1 se v\u0161ak o stovky milion\u016f po\u017eadavk\u016f.<\/p>\n\n\n\n<p>\u010cist\u011b WAF zablokoval <strong>12&nbsp;489&nbsp;704 po\u017eadavk\u016f<\/strong>. <\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je WAF (Web Application Firewall)?<\/strong><\/p>\n\n\n\n<p>WAF (Web Application Firewall) je ochrana na na\u0161ich reverzn\u00edch proxy serverech, kter\u00e1 je um\u00edst\u011bna mezi \u00fato\u010dn\u00edkem a va\u0161\u00edm webem. V re\u00e1ln\u00e9m \u010dase proch\u00e1z\u00ed ka\u017ed\u00fd po\u017eadavek a hled\u00e1 v n\u011bm specifick\u00e9 znaky \u00fatoku anebo zneu\u017eit\u00ed bezpe\u010dnostn\u00ed d\u00edry. Pokud naraz\u00ed na podez\u0159el\u00fd po\u017eadavek, m\u016f\u017ee jej p\u0159esm\u011brovat na test (p\u0159esm\u011brov\u00e1n\u00ed, captcha) anebo zablokovat.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Nejsiln\u011bj\u0161\u00ed DDoS \u00fatoky<\/h2>\n\n\n\n<p>V kv\u011btnu jsem zaznamenali zv\u00fd\u0161enou aktivitu \u00fatok\u016f p\u0159es slu\u017eby nab\u00edzej\u00edc\u00ed anonymn\u00ed VPN. P\u0159ev\u00e1\u017en\u011b se jednalo o hled\u00e1n\u00ed zranitelnost\u00ed a SQLi \u00fatoky. Prozat\u00edm to \u0159e\u0161\u00edme individu\u00e1ln\u011b, ale do budoucna zvl\u00e1\u0161t\u011b slu\u017eby nab\u00edzej\u00edc\u00ed bezplatnou VPN \u010di n\u011bjakou formu testovac\u00edho obdob\u00ed zdarma budeme muset d\u00e1t permanentn\u011b na seznam potenci\u00e1ln\u011b nebezpe\u010dn\u00fdch. P\u0159\u00edstupy z nich budou v\u017edy testov\u00e1ny zdali se nejedn\u00e1 o roboty. Nebudou tedy blokov\u00e1ny, ale n\u00e1v\u0161t\u011bvn\u00edk bude muset po\u010dkat na p\u0159esm\u011brov\u00e1n\u00ed JavaScriptem anebo v n\u011bkter\u00fdch p\u0159\u00edpadech vyplnit jednoduchou captchu. <\/p>\n\n\n\n<p>Ale te\u010f u\u017e k nejsiln\u011bj\u0161\u00edm L7 DDoS \u00fatok\u016fm za kv\u011bten, kter\u00e9 dorazily a\u017e na proxy server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. \u00fatok na WEDOS.com &#8211; \u0161pi\u010dka 1,65M po\u017eadavk\u016f za minutu<\/h3>\n\n\n\n<p>Na\u0161e weby b\u00fdvaj\u00ed pod \u00fatokem pravideln\u011b, ale tentokr\u00e1t to bylo trochu komplikovan\u011bj\u0161\u00ed, proto\u017ee jsme prov\u00e1d\u011bli sjednocen\u00ed v\u0161ech web\u016f pod jednu dom\u00e9nu a ne v\u0161echno bylo je\u0161t\u011b dota\u017een\u00e9. \u00dato\u010dn\u00edci tak z\u0159ejm\u011b vytu\u0161ili p\u0159\u00edle\u017eitost a rozjeli celkem siln\u00fd \u00fatok, kter\u00fd postupn\u011b \u0161k\u00e1lovali. \u00datok trval 4 hodiny a a\u017e na samotn\u00fd proxy server b\u011bhem t\u00e9 doby pro\u0161lo <strong>53,8M po\u017eadavk\u016f z 11&nbsp;154 IP adres<\/strong>. Ve \u0161pi\u010dce to bylo <strong>1&nbsp;657&nbsp;083 po\u017eadavk\u016f za minutu<\/strong>. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230522-utok-na-wedos-com.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"376\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230522-utok-na-wedos-com-1024x376.png\" alt=\"\" class=\"wp-image-138341 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230522-utok-na-wedos-com-1024x376.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230522-utok-na-wedos-com-300x110.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230522-utok-na-wedos-com-768x282.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230522-utok-na-wedos-com-1536x564.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230522-utok-na-wedos-com.png 1795w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/376;\" \/><\/a><\/figure>\n\n\n\n<p>V\u017edy kdy\u017e je velmi siln\u00fd \u00fatok, tak se na bodech, odkud jde, spust\u00ed captcha pro v\u0161echny jako prevence. Tohle m\u00e1me u v\u0161ech chr\u00e1n\u011bn\u00fdch dom\u00e9n a jde o to zabr\u00e1nit &#8222;zad\u00fdch\u00e1n\u00ed&#8220; webserveru z\u00e1kazn\u00edka. Ne v\u017edy toti\u017e jde o jeden druh \u00fatoku. Mohou prob\u00edhat dal\u0161\u00ed s r\u016fzn\u00fdm c\u00edlem. <\/p>\n\n\n\n<p>Mimo to jsou tam aktivn\u00ed r\u016fzn\u00e9 limity po\u017eadavk\u016f, pokus\u016f o p\u0159ipojen\u00ed atd. podle dal\u0161\u00edch pravidel.<\/p>\n\n\n\n<p>Pokud by tohle v\u0161echno z n\u011bjak\u00e9ho d\u016fvodu selhalo, tak m\u00e1me z\u00e1lo\u017en\u00ed pl\u00e1n, kdy se identifikuj\u00ed \u00fato\u010d\u00edc\u00ed IP adresy prost\u011b hod\u00ed na blacklist, ne\u017e se probl\u00e9m vy\u0159e\u0161\u00ed. <\/p>\n\n\n\n<p>Tady n\u011bco nezafungovalo \u00fapln\u011b spr\u00e1vn\u011b (v d\u016fsledku seskupov\u00e1n\u00ed web\u016f). Nicm\u00e9n\u011b, jak je to n\u00e1\u0161 web a ne z\u00e1kazn\u00edka, tak n\u011bjak\u00e9 zpomalen\u00ed anebo krat\u0161\u00ed v\u00fdpadek moc ne\u0159e\u0161\u00edme. Prioritou je zjistit, pro\u010d probl\u00e9m nastal, sesb\u00edrat data a v\u0161e vy\u0159e\u0161it. Samoz\u0159ejm\u011b pokud by to byla z\u00e1kaznick\u00e1 administrace anebo n\u011bco jin\u00e9ho, co omez\u00ed na\u0161e z\u00e1kazn\u00edky, tak si &#8222;hr\u00e1t&#8220; nebudeme.<\/p>\n\n\n\n<p>Zaj\u00edmav\u00e9 bylo, \u017ee tohle na\u0161e zkoum\u00e1n\u00ed asi brali \u00fato\u010dn\u00edci jako, \u017ee m\u00e1me probl\u00e9m a da\u0159\u00ed se jim. Aktivn\u00edch bylo hned n\u011bkolik lid\u00ed u n\u00e1s, tak\u017ee zat\u00edmco technici kontrolovali, zdali webserver st\u00edh\u00e1, v\u00fdvoj\u00e1\u0159i hledali a opravovali probl\u00e9m, tak analytici proch\u00e1zeli logy a sledovali, co a kam sm\u011b\u0159uje.<\/p>\n\n\n\n<p>Pro jistotu bylo zhruba 2 tis\u00edc\u00edch \u00fato\u010d\u00edc\u00edch IP adres d\u00e1no postupn\u011b na blacklist. No a pak \u00fato\u010dn\u00edci odhalili karty a pustili dal\u0161\u00ed \u00fatoky z \u00fapln\u011b nov\u00fdch rozsah\u016f. Je mo\u017en\u00e9, \u017ee si n\u011bkoho nov\u00e9ho jen pozvali na pomoc, kdo b\u011b\u017en\u011b ne\u00fato\u010d\u00ed, nehled\u00e1 zranitelnost\u00ed atd. Po p\u016flnoci jsme tak hlavn\u011b sb\u00edrali data.<\/p>\n\n\n\n<p>Pak se rozhodlo, \u017ee je \u010das j\u00edt sp\u00e1t a pustily se ochrany. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. \u00fatok na WEDOS.com &#8211; \u0161pi\u010dka 1,31M po\u017eadavk\u016f za minutu<\/h3>\n\n\n\n<p>Za p\u00e1r dn\u00ed to zkusili \u00fato\u010dn\u00edci znovu, trochu d\u0159\u00edve. \u00datok m\u011bl n\u011bco p\u0159es 2 hodiny, bylo to ale jen <strong>36\u00a0401\u00a0597 request\u016f z 4\u00a0740 IP adres<\/strong>. \u0160pi\u010dka na za\u010d\u00e1tku <strong>1\u00a0318\u00a0016 po\u017eadavk\u016f za minutu<\/strong>. Chvilku trvalo ne\u017e sepnula ochrana. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230526-utok-na-wedos-com.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"378\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230526-utok-na-wedos-com-1024x378.png\" alt=\"\" class=\"wp-image-138344 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230526-utok-na-wedos-com-1024x378.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230526-utok-na-wedos-com-300x111.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230526-utok-na-wedos-com-768x283.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230526-utok-na-wedos-com-1536x566.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230526-utok-na-wedos-com.png 1787w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/378;\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">3. \u00fatok na hern\u00ed web &#8211; \u0161pi\u010dka 948K po\u017eadavk\u016f za minutu<\/h3>\n\n\n\n<p>Celkem zaj\u00edmav\u00fd \u00fatok prob\u011bhl za\u010d\u00e1tkem m\u011bs\u00edce na jeden web hern\u00edho serveru. \u00datoky komunit mezi sebou nejsou nic nov\u00e9ho, ale v\u011bt\u0161inou jsou primitivn\u00ed. Tento vypadal celkem slu\u0161n\u011b, k profesion\u00e1ln\u00edmu proveden\u00ed mu chyb\u011bla jen synchronizace. Trval necel\u00fdch 6 minut. <strong>2&nbsp;029&nbsp;781 request\u016f z 2&nbsp;273 IP<\/strong> nen\u00ed zrovna m\u00e1lo. \u0160pi\u010dka <strong>948&nbsp;0140 po\u017eadavk\u016f za minutu<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230502-utok-na-herni-server.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"323\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/06\/20230502-utok-na-herni-server-1024x323.png\" alt=\"\" class=\"wp-image-138349 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230502-utok-na-herni-server-1024x323.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230502-utok-na-herni-server-300x95.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230502-utok-na-herni-server-768x242.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230502-utok-na-herni-server-1536x484.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/06\/20230502-utok-na-herni-server.png 1796w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/323;\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>Kdokoliv m\u016f\u017ee vyu\u017e\u00edvat WEDOS Global  Protection pro rychlej\u0161\u00ed na\u010d\u00edt\u00e1n\u00ed a ochranu sv\u00fdch web\u016f. Slu\u017ebu je mo\u017en\u00e9 pou\u017e\u00edvat bez nutnosti st\u011bhovat hardware anebo m\u011bnit poskytovatele webhostingu. Sta\u010d\u00ed nasm\u011b\u0159ovat dom\u00e9nu na DNS WEDOS Global a p\u0159idat dom\u00e9nu do <a href=\"https:\/\/client.wedos.global\/protection\/dashboard\" target=\"_blank\" rel=\"noopener\">administrace WEDOS Global Protection<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>V kv\u011btnu jsme pokra\u010dovali v budov\u00e1n\u00ed na\u0161\u00ed infrastruktury WEDOS Global. Posunuli jsme se tak\u00e9 se slu\u017ebou WEDOS Zone, kter\u00e1 v\u00e1m umo\u017en\u00ed vyu\u017e\u00edvat jen na\u0161e anycast DNS. Slu\u017eba WEDOS Global Protection za\u017eila tak\u00e9 nejv\u011bt\u0161\u00ed L7 DDoS n\u00e1por od doby, co detailn\u011b m\u011b\u0159\u00edme a zaznamen\u00e1v\u00e1me \u00fatoky.<\/p>\n","protected":false},"author":9,"featured_media":138152,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[112],"tags":[122,200,186,177],"class_list":["post-138059","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-ddos","tag-waf","tag-wedos-global","tag-wedos-global-protection"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/138059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=138059"}],"version-history":[{"count":16,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/138059\/revisions"}],"predecessor-version":[{"id":156043,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/138059\/revisions\/156043"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/138152"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=138059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=138059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=138059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}