{"id":1582006,"date":"2026-04-08T17:19:17","date_gmt":"2026-04-08T15:19:17","guid":{"rendered":"https:\/\/blog.wedos.com\/?p=1582006"},"modified":"2026-04-08T17:42:04","modified_gmt":"2026-04-08T15:42:04","slug":"utok-co-se-deje-na-serveru-behem-utoku-z-pohledu-spravce","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/utok-co-se-deje-na-serveru-behem-utoku-z-pohledu-spravce","title":{"rendered":"\u00datok! Co se d\u011bje na serveru b\u011bhem \u00fatoku z pohledu spr\u00e1vce?"},"content":{"rendered":"\n

U\u017eivatel vid\u00ed pomal\u00fd web nebo chybovou str\u00e1nku. Administr\u00e1tor vid\u00ed warning v monitoringu. Spr\u00e1vce serveru vid\u00ed \u00fapln\u011b jin\u00fd p\u0159\u00edb\u011bh \u2014 detailn\u00ed, vrstven\u00fd a mnohdy alarmuj\u00edc\u00ed.<\/p>\n\n\n\n

\n\n\n\n\n\n\n\n

F\u00e1ze 1 \u2013 Klid p\u0159ed bou\u0159\u00ed<\/h3>\n\n\n\n

Server b\u011b\u017e\u00ed norm\u00e1ln\u011b. Z\u00e1t\u011b\u017e se pohybuje v rozmez\u00ed hodnot 0.3\u20130.8, procesy jsou v po\u0159\u00e1dku, logy rostou pomalu a pravideln\u011b. Nic nenasv\u011bd\u010duje probl\u00e9mu.<\/p>\n\n\n\n

\n\n\n\n

F\u00e1ze 2 \u2013 Za\u010d\u00e1tek \u00fatoku<\/h3>\n\n\n\n

Spr\u00e1vce si nejd\u0159\u00edve v\u0161imne, \u017ee z\u00e1t\u011b\u017e serveru za\u010d\u00edn\u00e1 pomalu stoupat \u2013 z 0.8 na 1.5, pak na 3. Nen\u00ed to dramatick\u00e9, ale trend je z\u0159ejm\u00fd. Soub\u011b\u017en\u011b se d\u011bj\u00ed v\u011bci, kter\u00e9 admin ve webov\u00e9m panelu neuvid\u00ed.<\/p>\n\n\n\n

Logy p\u0159\u00edstup\u016f rostou alarmuj\u00edc\u00ed rychlost\u00ed. Ka\u017ed\u00fd po\u017eadavek znamen\u00e1 \u0159\u00e1dek v logu \u2013 p\u0159i tis\u00edc\u00edch po\u017eadavk\u016f za sekundu naroste log o stovky MB za hodinu. Co r\u00e1no zab\u00edralo 50 MB, odpoledne m\u016f\u017ee m\u00edt 8 GB.<\/p>\n\n\n\n

Po\u010det otev\u0159en\u00fdch spojen\u00ed stoup\u00e1. Server mus\u00ed udr\u017eovat v pam\u011bti z\u00e1znamy o v\u0161ech p\u0159\u00edchoz\u00edch p\u0159ipojen\u00edch, kter\u00e1 se hromad\u00ed rychleji, ne\u017e je mo\u017en\u00e9 jejich zpracov\u00e1n\u00ed.<\/p>\n\n\n\n

Worker procesy webserveru jsou pln\u011b obsazen\u00e9. Ka\u017ed\u00fd p\u0159\u00edchoz\u00ed po\u017eadavek si \u201ezabere“ jedno m\u00edsto ve front\u011b zpracov\u00e1n\u00ed \u2013 typicky je jich k dispozici 100 a\u017e 200. P\u0159i \u00fatoku jsou v\u0161echna obsazen\u00e1 a nov\u00e9 po\u017eadavky \u010dekaj\u00ed nebo jsou odm\u00edtnuty.<\/p>\n\n\n\n

\n\n\n\n

F\u00e1ze 3 \u2013 Eskalace<\/h3>\n\n\n\n

Situace se za\u010d\u00edn\u00e1 vymykat. Z\u00e1t\u011b\u017e p\u0159esahuje hodnotu 16 na serveru se 4 j\u00e1dry \u2013 to znamen\u00e1, \u017ee procesy \u010dekaj\u00ed na p\u0159id\u011blen\u00ed v\u00fdkonu \u010dty\u0159n\u00e1sobn\u011b d\u00e9le, ne\u017e by m\u011bly. V\u0161e se zpomaluje kask\u00e1dovit\u011b.<\/p>\n\n\n\n

Fyzick\u00e1 RAM je pln\u00e1. Syst\u00e9m za\u010dne odkl\u00e1dat \u010d\u00e1st pam\u011bti na disk \u2013 takzvan\u00fd swap \u2013 co\u017e celou situaci v\u00fdrazn\u011b zhor\u0161uje, proto\u017ee disk je \u0159\u00e1dov\u011b pomalej\u0161\u00ed ne\u017e RAM.<\/p>\n\n\n\n

Disk je vyt\u00ed\u017een\u00fd na 90\u2013100 % \u2013 ale ne kv\u016fli datab\u00e1zi nebo aplikaci. Z\u00e1znamy o \u00fatoku se zapisuj\u00ed tak rychle, \u017ee kapacita disku je vy\u010derp\u00e1na samotn\u00fdm logov\u00e1n\u00edm.<\/p>\n\n\n\n

M\u00edsto na disku doch\u00e1z\u00ed. Logy mohou zaplnit cel\u00fd diskov\u00fd odd\u00edl b\u011bhem hodin. Pokud se tak stane, server p\u0159estane b\u00fdt schopen zapisovat cokoli \u2013 v\u010detn\u011b datab\u00e1ze nebo do\u010dasn\u00fdch soubor\u016f aplikace.<\/p>\n\n\n\n

Zaj\u00edmav\u00fd efekt: p\u0159enosov\u00e1 rychlost na s\u00ed\u0165ov\u00e9m rozhran\u00ed m\u016f\u017ee b\u00fdt paradoxn\u011b n\u00edzk\u00e1. \u00dato\u010dn\u00edk nepos\u00edl\u00e1 velk\u00e1 data \u2013 pos\u00edl\u00e1 jen hlavi\u010dky HTTP po\u017eadavk\u016f, ale klidn\u011b 10 000 za sekundu. Server na ka\u017ed\u00fd reaguje, generuje z\u00e1znamy a alokuje pam\u011b\u0165.<\/p>\n\n\n\n

\n\n\n\n

F\u00e1ze 4 \u2013 P\u0159et\u00ed\u017een\u00ed a v\u00fdpadek<\/h3>\n\n\n\n

Syst\u00e9m se bl\u00ed\u017e\u00ed kolapsu. Spr\u00e1vce vid\u00ed jevy, kter\u00e9 u\u017eivatel ani admin nikdy nezaznamenaj\u00ed.<\/p>\n\n\n\n

Opera\u010dn\u00ed syst\u00e9m za\u010dne s\u00e1m n\u00e1siln\u011b ukon\u010dovat procesy, aby uvolnil pam\u011b\u0165. V syst\u00e9mov\u00fdch z\u00e1znamech se objev\u00ed hl\u00e1\u0161en\u00ed, \u017ee byl bez varov\u00e1n\u00ed zastaven t\u0159eba datab\u00e1zov\u00fd server nebo aplika\u010dn\u00ed vrstva. \u017d\u00e1dn\u00e9 upozorn\u011bn\u00ed pro u\u017eivatele \u2013 v\u011bci prost\u011b p\u0159estanou fungovat.<\/p>\n\n\n\n

M\u016f\u017ee doj\u00edt k vy\u010derp\u00e1n\u00ed maxim\u00e1ln\u00edho po\u010dtu proces\u016f. Ka\u017ed\u00fd opera\u010dn\u00ed syst\u00e9m m\u00e1 nastaven\u00fd strop \u2013 typicky tis\u00edce a\u017e des\u00edtky tis\u00edc sou\u010dasn\u011b b\u011b\u017e\u00edc\u00edch proces\u016f. Jakmile je dosa\u017een, nelze spustit \u017e\u00e1dn\u00fd nov\u00fd proces \u2013 ani vzd\u00e1len\u00e9 p\u0159ihl\u00e1\u0161en\u00ed spr\u00e1vce nen\u00ed mo\u017en\u00e9.<\/p>\n\n\n\n

Pokud je disk zcela zapln\u011bn, syst\u00e9m automaticky p\u0159epne do re\u017eimu jen pro \u010dten\u00ed, aby p\u0159ede\u0161el po\u0161kozen\u00ed dat. Server form\u00e1ln\u011b \u201eb\u011b\u017e\u00ed“, ale nic nezapisuje \u2013 datab\u00e1ze selh\u00e1vaj\u00ed, aplikace h\u00e1z\u00ed chyby, nov\u00e1 p\u0159ipojen\u00ed nejsou mo\u017en\u00e1.<\/p>\n\n\n\n

P\u0159i extr\u00e9mn\u00edm zat\u00ed\u017een\u00ed p\u0159estane opera\u010dn\u00ed syst\u00e9m st\u00edhat ani zaznamen\u00e1vat ud\u00e1losti \u2013 m\u016f\u017ee p\u0159esko\u010dit tis\u00edce z\u00e1znam\u016f, proto\u017ee je nest\u00edh\u00e1 zpracovat. Spr\u00e1vce tak ztr\u00e1c\u00ed p\u0159ehled o tom, co p\u0159esn\u011b se d\u011bje.<\/p>\n\n\n\n

\n\n\n\n

Co \u00fato\u010dn\u00edk vid\u00ed vs. co vid\u00ed spr\u00e1vce<\/h3>\n\n\n\n
Co vid\u00ed \u00fato\u010dn\u00edk<\/th>Co vid\u00ed spr\u00e1vce<\/th><\/tr><\/thead>
Timeout nebo chyba 503<\/td>Z\u00e1znamy o n\u00e1siln\u00e9m ukon\u010den\u00ed proces\u016f<\/td><\/tr>
Pomal\u00e9 odpov\u011bdi<\/td>Z\u00e1t\u011b\u017e 16+ na 4j\u00e1drov\u00e9m serveru<\/td><\/tr>
Nic \u2013 \u00fatok \u201efunguje“<\/td>Disk 100% zapln\u011bn\u00fd logy, swap vy\u010derpan\u00fd<\/td><\/tr>
Server st\u00e1le odpov\u00edd\u00e1<\/td>Tis\u00edce polootev\u0159en\u00fdch spojen\u00ed \u010dekaj\u00edc\u00edch na vy\u0159\u00edzen\u00ed<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n

Pozn\u00e1mka k brute-force \u00fatok\u016fm<\/h3>\n\n\n\n

U brute-force \u00fatok\u016f \u2013 opakovan\u00fdch pokus\u016f o p\u0159ihl\u00e1\u0161en\u00ed \u2013 je pr\u016fb\u011bh m\u00edrn\u011bj\u0161\u00ed, ale specifick\u00fd. Spr\u00e1vce vid\u00ed v bezpe\u010dnostn\u00edch z\u00e1znamech tis\u00edce \u0159\u00e1dk\u016f o ne\u00fasp\u011b\u0161n\u00fdch pokusech z jedn\u00e9 nebo v\u00edce IP adres. Ochrann\u00e9 n\u00e1stroje tyto adresy postupn\u011b blokuj\u00ed, ale z\u00e1znamy mezit\u00edm nar\u016fstaj\u00ed. Efekt je stejn\u00fd \u2013 logy rostou, disk se pln\u00ed, a pokud nen\u00ed rotace log\u016f spr\u00e1vn\u011b nakonfigurovan\u00e1, m\u016f\u017ee i tento zd\u00e1nliv\u011b \u201em\u00edrn\u00fd“ \u00fatok server polo\u017eit.<\/p>\n\n\n\n

\n\n\n\n

Jak tomu p\u0159edej\u00edt? Nasadit ochranu p\u0159edt\u00edm, ne\u017e \u00fatok doraz\u00ed na server!<\/h3>\n\n\n\n

V\u0161echny v\u00fd\u0161e popsan\u00e9 situace maj\u00ed jedno spole\u010dn\u00e9: odehr\u00e1vaj\u00ed se p\u0159\u00edmo na koncov\u00e9m serveru. Ten je na konci \u0159et\u011bzce a dost\u00e1v\u00e1 \u00fatok v pln\u00e9 s\u00edle \u2013 zpracov\u00e1v\u00e1 ka\u017ed\u00fd po\u017eadavek, zapisuje ka\u017ed\u00fd log, alokuje pam\u011b\u0165 pro ka\u017ed\u00e9 spojen\u00ed.<\/p>\n\n\n\n

\u0158e\u0161en\u00edm nen\u00ed siln\u011bj\u0161\u00ed server. \u0158e\u0161en\u00edm je to, aby \u00fatok na koncov\u00fd server v\u016fbec nedorazil.<\/p>\n\n\n\n

P\u0159esn\u011b na tomto principu funguje WEDOS.Protection. Provoz z\u00e1kazn\u00edka je p\u0159esm\u011brov\u00e1n p\u0159es s\u00ed\u0165 scrubbing center \u2013 specializovan\u00fdch uzl\u016f rozm\u00edst\u011bn\u00fdch po sv\u011bt\u011b \u2013 kter\u00e9 \u0161kodliv\u00fd provoz zachyt\u00ed, filtruj\u00ed a odstran\u00ed d\u0159\u00edve, ne\u017e se v\u016fbec dostane k samotn\u00e9mu serveru. Legitimn\u00ed n\u00e1v\u0161t\u011bvn\u00edci projdou, \u00fatok nikoliv.<\/p>\n\n\n\n

Kl\u00ed\u010dovou technologi\u00ed, kter\u00e1 toto umo\u017e\u0148uje, je BGP Anycast. Jde o zp\u016fsob sm\u011brov\u00e1n\u00ed provozu v internetu, kdy stejn\u00e1 IP adresa existuje na v\u00edce m\u00edstech sv\u011bta sou\u010dasn\u011b. Pokud \u00fato\u010dn\u00edk po\u0161le obrovsk\u00fd objem dat, internet jej automaticky nasm\u011bruje na nejbli\u017e\u0161\u00ed scrubbing centrum \u2013 a ne na server z\u00e1kazn\u00edka. Scrubbing centrum m\u00e1 kapacitu a v\u00fdkon na to, aby takov\u00fd n\u00e1por vst\u0159ebalo. Koncov\u00fd server mezit\u00edm ani netu\u0161\u00ed, \u017ee se n\u011bco d\u011bje.<\/p>\n\n\n\n

V praxi to znamen\u00e1, \u017ee spr\u00e1vce serveru m\u00edsto v\u00fd\u0161e popsan\u00e9ho sc\u00e9n\u00e1\u0159e \u2013 rostouc\u00ed z\u00e1t\u011b\u017ee, pln\u00edc\u00edho se disku a n\u00e1siln\u011b ukon\u010dovan\u00fdch proces\u016f \u2013 neuvid\u00ed nic. Z\u00e1t\u011b\u017e z\u016fstane na hodnot\u00e1ch 0.3\u20130.8. Logy porostou norm\u00e1ln\u011b. Server funguje, web je dostupn\u00fd, z\u00e1kazn\u00edci nakupuj\u00ed.<\/p>\n\n\n\n

\u00datok pohlt\u00ed na\u0161e s\u00ed\u0165. Ne v\u00e1\u0161 server.<\/p>\n","protected":false},"excerpt":{"rendered":"

U\u017eivatel vid\u00ed pomal\u00fd web nebo chybovou str\u00e1nku. Administr\u00e1tor vid\u00ed warning v monitoringu. Spr\u00e1vce serveru vid\u00ed \u00fapln\u011b jin\u00fd p\u0159\u00edb\u011bh \u2014 detailn\u00ed, vrstven\u00fd a mnohdy alarmuj\u00edc\u00ed.<\/p>\n","protected":false},"author":14,"featured_media":1582086,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[305],"tags":[],"class_list":["post-1582006","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-company"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/1582006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=1582006"}],"version-history":[{"count":3,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/1582006\/revisions"}],"predecessor-version":[{"id":1582060,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/1582006\/revisions\/1582060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/1582086"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=1582006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=1582006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=1582006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}