{"id":230317,"date":"2023-08-21T13:00:24","date_gmt":"2023-08-21T11:00:24","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=230317"},"modified":"2023-08-21T13:00:26","modified_gmt":"2023-08-21T11:00:26","slug":"waf-report-z-wedos-global-protection-za-cervenec-2023","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/waf-report-z-wedos-global-protection-za-cervenec-2023","title":{"rendered":"WAF report z WEDOS Global Protection za \u010dervenec 2023"},"content":{"rendered":"\n<p>Ani o pr\u00e1zdnin\u00e1ch jsme nelenili a pokra\u010dovali v v budov\u00e1n\u00ed na\u0161\u00ed infrastruktury WEDOS Global. Optimalizovalo se routov\u00e1n\u00ed ve vybran\u00fdch lokalit\u00e1ch, pokra\u010dovali jsme v domlouv\u00e1n\u00ed nov\u00fdch a dotahujeme n\u011bkter\u00e9 rozd\u011blan\u00e9.  V\u00fdsledkem je lep\u0161i odezva v n\u011bkolika zem\u00edch a tak\u00e9 testujeme n\u011bkolik nov\u00fdch funkc\u00ed, kter\u00e9 se chyst\u00e1me zp\u0159\u00edstupnit pro v\u0161echny u\u017eivatele. Samoz\u0159ejm\u011b nechyb\u011bly ani DDoS \u00fatoky, i kdy\u017e co do po\u010dtu a s\u00edly to byl sp\u00ed\u0161e takov\u00fd pr\u00e1zdninov\u00fd provoz.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global<\/h2>\n\n\n\n<p>WEDOS Global je n\u00e1zev na\u0161\u00ed celosv\u011btov\u00e9 infrastruktury, kter\u00e1 nab\u00edz\u00ed automatizovan\u00e1 \u0159e\u0161en\u00ed v oblasti kybernetick\u00e9 bezpe\u010dnosti, zvy\u0161ov\u00e1n\u00ed rychlosti webu a integraci modern\u00edch internetov\u00fdch technologi\u00ed.<\/p>\n\n\n\n<p>Je postavena na velk\u00e9m mno\u017estv\u00ed na\u0161ich vlastn\u00edch fyzick\u00fdch server\u016f (aktu\u00e1ln\u011b p\u0159es 1500) v 25 lokalit\u00e1ch po cel\u00e9m sv\u011bt\u011b, s konektivitou aktu\u00e1ln\u011b p\u0159esahuj\u00edc\u00ed 2500 GB\/s. V\u0161e je postaveno na technologi\u00edch BGP Anycast a reverzn\u00edch proxy. co\u017e poskytuje WEDOS Global u\u017eivatel\u016fm rychl\u00e9, stabiln\u00ed a bezpe\u010dn\u00e9 p\u0159ipojen\u00ed. <\/p>\n\n\n\n<p>Slu\u017eba WEDOS Global Protection, kterou na n\u00ed provozujeme, a kterou si ji\u017e <a href=\"https:\/\/www.wedos.com\/cs\/protection\/\" target=\"_blank\" rel=\"noopener\">m\u016f\u017eete zakoupit a pou\u017e\u00edvat<\/a>, vystupuje jako reverzn\u00ed proxy. Ten optimalizuje rychlost, filtruje hrozby a zaji\u0161\u0165uje, \u017ee webov\u00e9 str\u00e1nky jsou dostupn\u00e9 a rychle na\u010d\u00edt\u00e1ny z jak\u00e9koli \u010d\u00e1sti sv\u011bta. D\u00edky propojen\u00ed s m\u00edstn\u00edmi a glob\u00e1ln\u00edmi s\u00ed\u0165ov\u00fdmi uzly (IXP) a pou\u017eit\u00ed modern\u00edch technologi\u00ed, jako je HTTP\/3 nebo IPv6, WEDOS Global zaji\u0161\u0165uje, \u017ee webov\u00e9 str\u00e1nky jsou nejen rychl\u00e9, dostupn\u00e9 a bezpe\u010dn\u00e9, ale tak\u00e9 jednodu\u0161e nasad\u00edte a udr\u017eujete technologie, kter\u00e9 zprovoznit nen\u00ed v\u017edy jednoduch\u00e9.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WEDOS Global Anycast DNS<\/h3>\n\n\n\n<p>Pro srovn\u00e1n\u00ed s konkurenc\u00ed pou\u017e\u00edv\u00e1me placen\u00e9 m\u011b\u0159en\u00ed t\u0159et\u00ed strany. To prim\u00e1rn\u011b slou\u017e\u00ed k lad\u011bn\u00ed rychlosti v jednotliv\u00fdch st\u00e1tech (v\u00edme kde m\u00e1me slabiny, kam d\u00e1t dal\u0161\u00ed bod, kde hledat peering atd.)<\/p>\n\n\n\n<p>Aktu\u00e1ln\u011b jsme:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TOP 25 na sv\u011bt\u011b<\/li>\n\n\n\n<li>TOP 10 v Evrop\u011b<\/li>\n\n\n\n<li>TOP 30 v Severn\u00ed Americe (jedn\u00e1 se o extr\u00e9mn\u011b konkuren\u010dn\u00ed prost\u0159ed\u00ed)<\/li>\n\n\n\n<li>Dostali jsme se do TOP 20 v regionu Austr\u00e1lie a Oce\u00e1nie<\/li>\n\n\n\n<li>Dostali jsme se do TOP 20 v Asii (tento region je nesm\u00edrn\u011b t\u011b\u017ek\u00fd, proto\u017ee \u0159ada st\u00e1t\u016f m\u00e1 specifick\u00e9 z\u00e1kony, ISP spolu \u010dasto &#8222;nemluv\u00ed&#8220; atd.)<\/li>\n\n\n\n<li>V Africe jsme v TOP 20<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230818-aktualni-stav-1.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"531\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230818-aktualni-stav-1-1024x531.png\" alt=\"\" class=\"wp-image-236322 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230818-aktualni-stav-1-1024x531.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230818-aktualni-stav-1-300x155.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230818-aktualni-stav-1-768x398.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230818-aktualni-stav-1-1536x796.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230818-aktualni-stav-1.png 1611w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/531;\" \/><\/a><figcaption class=\"wp-element-caption\">Odezva WEDOS Global Anycast DNS z r\u016fzn\u00fdch \u010d\u00e1st\u00ed sv\u011bta &#8211; srpen.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Dal\u0161\u00ed body na kter\u00fdch pracujeme<\/h3>\n\n\n\n<p>V \u010dervenci jsme nov\u00fd bod nespustili. Ty &#8222;lehk\u00e9&#8220; lokality u\u017e m\u00e1me, te\u010f jsou na \u0159ad\u011b ty obt\u00ed\u017en\u011bj\u0161\u00ed, kde to \u010dasto v\u00e1zne na legislativ\u011b a garanc\u00edch.<\/p>\n\n\n\n<p>S t\u00edm jak celou slu\u017ebu posouv\u00e1me d\u00e1l a z\u00edsk\u00e1v\u00e1me i nov\u00e9 n\u00e1ro\u010dn\u00e9 z\u00e1kazn\u00edky, tak\u00e9 objevujeme nov\u00e1 zaj\u00edmav\u00e1 m\u00edsta, kde bychom v budoucnu mohli vybudovat dal\u0161\u00ed body.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Irsko (Dublin)<\/h4>\n\n\n\n<p>Chceme pos\u00edlit na\u0161e slu\u017eby v EU. Irsko, konkr\u00e9tn\u011b Dublin, se n\u00e1m jev\u00ed jako zaj\u00edmav\u00e1 volba. Lokalitu u\u017e m\u00e1me domluvenou. Servery, switche a dal\u0161\u00ed hardware u\u017e jsou zabalen\u00e9 v na\u0161em druh\u00e9m datacentru WEDOS DC2. Chyb\u00ed n\u00e1m v\u0161ak domluvit konektivitu. Jakmile n\u011bkde chcete garantovan\u00fdch 100 Gbps s mo\u017enost\u00ed dal\u0161\u00edho nav\u00fd\u0161en\u00ed, tak to jde pomalu.<\/p>\n\n\n\n<p>Pokud v\u0161e p\u016fjde podle pl\u00e1nu, tak do konce pr\u00e1zdnin bychom lokalitu v Irsku mohli spustit.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">S\u00e3o Paulo (Braz\u00edlie)<\/h4>\n\n\n\n<p>Ji\u017en\u00ed Amerika je posledn\u00ed trvale obydlen\u00fd kontinent, kter\u00fd n\u00e1m chyb\u00ed. Naj\u00edt v\u0161ak vhodnou lokalitu je pom\u011brn\u011b n\u00e1ro\u010dn\u00e9. Jedn\u00e1n\u00ed se t\u00e1hnou u\u017e p\u0159es p\u016fl roku. Zat\u00edm se n\u00e1m poda\u0159ilo dot\u00e1hnout jen Braz\u00edlii (S\u00e3o Paulo), kde servery aktu\u00e1ln\u011b \u010dekaj\u00ed na proclen\u00ed. Po zku\u0161enostech z Mexika a Turecka, v\u0161ak rad\u0161i neuv\u00e1d\u00edme \u017e\u00e1dn\u00fd ani p\u0159ibli\u017en\u00fd datum spu\u0161t\u011bn\u00ed.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Frankfurt nad Mohanem (N\u011bmecko)<\/h4>\n\n\n\n<p>Mo\u017en\u00e1 si \u0159\u00edk\u00e1te, \u017ee N\u011bmecko je kousek a t\u011bch p\u00e1r des\u00edtek ms u\u017e za to nestoj\u00ed. Tak jednoduch\u00e9 to v\u0161ak nen\u00ed. WEDOS Global pot\u0159ebujte m\u00edt lokality na v\u0161ech d\u016fle\u017eit\u00fdch k\u0159i\u017eovatk\u00e1ch Internetu. A jedna z nejd\u016fle\u017eit\u011bj\u0161\u00edch je pr\u00e1v\u011b v N\u011bmecku. Nav\u00edc pokud chceme pat\u0159it do TOP 5 v Evrop\u011b, tak bez lokality a propoj\u016f v N\u011bmecku to ned\u00e1te.<\/p>\n\n\n\n<p>Tento m\u011bs\u00edc jsme podepsali pot\u0159ebn\u00e9 smlouvy. Te\u010f mus\u00edme p\u0159ipravit servery, switche a dal\u0161\u00ed hardwere. Zajistit dopravu atd.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Dal\u0161\u00ed pl\u00e1novan\u00e9 lokality WEDOS Global<\/h4>\n\n\n\n<p>R\u00e1di bychom v r\u00e1mci prvn\u00ed f\u00e1ze m\u011bli lokalitu v Dubai a Om\u00e1nu, tam jsou v\u0161ak probl\u00e9my s legislativou a cenou. Velmi l\u00e1kav\u00e1 je tak\u00e9 Indie, nicm\u00e9n\u011b zde nar\u00e1\u017e\u00edme na stejn\u00e9 probl\u00e9my a nav\u00edc bychom zde museli ud\u011blat i pobo\u010dku. Se v\u0161\u00edm se n\u011bjak \u010dasem popereme.<\/p>\n\n\n\n<p>D\u00e1le \u0159e\u0161\u00edme lokality pro zlep\u0161en\u00ed slu\u017eeb v EU &#8211; hlavn\u011b Hamburg a \u0158\u00edm. Pak to bude o domlouv\u00e1n\u00ed propoj\u016f. V dal\u0161\u00ed f\u00e1zi pak p\u0159id\u00e1me lokality Ma\u010farsko, Rakousko, \u0160pan\u011blsko a zva\u017eujeme i Slovensko. Rozhodn\u011b v\u0161ak sp\u00ed\u0161e popt\u00e1vka ze strany z\u00e1kazn\u00edk\u016f v t\u011bchto zem\u00edch. Pokud n\u011bkde v\u00fdrazn\u011b stoupne o na\u0161e slu\u017eby z\u00e1jem, tak tam z\u0159\u00edd\u00edme lokalitu pom\u011brn\u011b rychle.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nov\u00e9 peeringy<\/h3>\n\n\n\n<p>Roz\u0161\u00ed\u0159ili jsme na\u0161i s\u00ed\u0165ovou infrastrukturu v Silicon Valley a Chicagu. A to nov\u00fdm propojen\u00edm do IXP (Internet Exchange Point) a ECX (Equinix Cloud Exchange).<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je to IXP peering?<\/strong><\/p>\n\n\n\n<p>Peering je dohoda mezi dv\u011bma poskytovateli internetov\u00fdch slu\u017eeb (ISP), kter\u00e1 umo\u017e\u0148uje, aby jejich s\u00ed\u0165ov\u00fd provoz proch\u00e1zel p\u0159\u00edmo mezi nimi, ani\u017e by musel proj\u00edt t\u0159et\u00ed stranou. <\/p>\n\n\n\n<p>Tento p\u0159\u00edm\u00fd p\u0159enos dat m\u016f\u017ee zv\u00fd\u0161it rychlost a spolehlivost internetov\u00e9ho p\u0159ipojen\u00ed, proto\u017ee \u00fadaje nemus\u00ed cestovat tak daleko nebo p\u0159es dal\u0161\u00ed r\u016fzn\u00e9 s\u00edt\u011b. Tak\u00e9 to m\u016f\u017ee sn\u00ed\u017eit n\u00e1klady, proto\u017ee ob\u011b strany se mohou vyhnout poplatk\u016fm, kter\u00e9 by jinak mohly platit t\u0159et\u00edm stran\u00e1m za p\u0159enos dat.<\/p>\n\n\n\n<p>Peering obvykle prob\u00edh\u00e1 na tzv. internetov\u00fdch v\u00fdm\u011bnn\u00fdch bodech (IXP), kde m\u016f\u017ee mnoho ISP propojit sv\u00e9 s\u00edt\u011b dohromady.<\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je to ECX?<\/strong><\/p>\n\n\n\n<p>Equinix Cloud Exchange (ECX) je produkt vyv\u00edjen\u00fd spole\u010dnost\u00ed Equinix, co\u017e je jeden z nejv\u011bt\u0161\u00edch provozovatel\u016f datacentrer na sv\u011bt\u011b (provozuj\u00ed jich p\u0159es 240).<\/p>\n\n\n\n<p>ECX umo\u017e\u0148uje rychl\u00e9 a bezpe\u010dn\u00e9 propojen\u00ed s r\u016fzn\u00fdmi cloudov\u00fdmi poskytovateli. To umo\u017e\u0148uje spole\u010dnostem p\u0159istupovat ke cloudov\u00fdm slu\u017eb\u00e1m s vylep\u0161enou latenc\u00ed a zaji\u0161\u0165uje vy\u0161\u0161\u00ed \u00farove\u0148 v\u00fdkonu a spolehlivosti.<\/p>\n<\/div><\/div>\n\n\n\n<p>Nov\u00e9 propoje budou postaveny na 10G portech, co\u017e znamen\u00e1, \u017ee budou schopny p\u0159en\u00e1\u0161et data rychlost\u00ed 10 gigabit\u016f za sekundu. V ka\u017ed\u00e9 z lokalit bude zprovozn\u011bno n\u011bkolik t\u011bchto 10G port\u016f. Zlep\u0161en\u00ed v\u00fdkonu a propustnosti bude d\u00e1le dosa\u017eeno vyu\u017eit\u00edm technologie LAG (Link Aggregation), co\u017e umo\u017en\u00ed spojit dva 10G fyzick\u00e9 porty do jednoho logick\u00e9ho portu o celkov\u00e9 kapacit\u011b 20G. Tento krok povede ke zv\u00fd\u0161en\u00ed dostupn\u00e9 \u0161\u00ed\u0159ky p\u00e1sma a zv\u00fd\u0161en\u00e9 redundanci.<\/p>\n\n\n\n<p>Ob\u011b lokality maj\u00ed vysokou koncentraci datacenter a s\u00ed\u0165ov\u00fdch za\u0159\u00edzen\u00ed. D\u00edky tomu jsou st\u0159edisky internetov\u00e9ho provozu a v\u00fdznamn\u00fdmi uzly, kudy proch\u00e1z\u00ed velk\u00e9 mno\u017estv\u00ed dat. V\u0161echny v\u00fdznamn\u00e9 spole\u010dnosti (jako jsou Apple, Google, Facebook a mnoho dal\u0161\u00edch) to tak k n\u00e1m budou m\u00edt bl\u00ed\u017ee a provoz z nich (hlavn\u011b jejich robot\u016f) nen\u00ed opravdu zanedbateln\u00fd.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"block-cf8be3ad-2224-472b-a4bd-d94ca3c9f21c\">Chcete se o WEDOS Global dozv\u011bd\u011bt v\u00edce?<\/h3>\n\n\n\n<p id=\"block-7a0e9de9-994a-4368-83c1-98199a50b21d\">Pokud v\u00e1s zaj\u00edm\u00e1 WEDOS Global a r\u00e1di byste se dozv\u011bd\u011bli v\u00edce o pokro\u010dil\u00fdch technologi\u00edch kter\u00e9 pou\u017e\u00edv\u00e1me, tak pro hlub\u0161\u00ed a detailn\u00ed pohled do technologick\u00e9 architektury, na n\u00ed\u017e je postavena infrastruktura WEDOS Global, v\u00e1m doporu\u010dujeme poslechnout na\u0161\u00edch p\u0159edn\u00e1\u0161ku z Kubernetes Community Days Czech &amp; Slovak 2023. Tuto odbornou prezentaci vedli dva kolegov\u00e9, kte\u0159\u00ed hraj\u00ed kl\u00ed\u010dovou roli ve v\u00fdvoji WEDOS Global.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Glob\u00e1ln\u00ed Kubernetes infrastruktura, jej\u00ed v\u00fdvoj a \u00fadr\u017eba-WEDOS Global - Jakub Sassmann a Martin Du\u0161ek\" width=\"525\" height=\"295\" data-src=\"https:\/\/www.youtube.com\/embed\/siA5YFE5N4E?start=25&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global Protection<\/h2>\n\n\n\n<p>WEDOS Global Protection je prvn\u00ed slu\u017ebou spu\u0161t\u011bnou na infrastruktu\u0159e WEDOS Global. P\u016fvodn\u011b m\u011bla slou\u017eit jako ochrana p\u0159ed r\u016fzn\u00fdmi druhy DDoS \u00fatok\u016f, ale uk\u00e1zalo se, \u017ee na n\u011bkter\u00e9 \u00fatoky funguje perfektn\u011b cachov\u00e1n\u00ed obsahu. Trochu jsme to posunuli a WEDOS Global Protection te\u010f funguje jako takov\u00e1 webov\u00e1 CDN. Tak\u017ee za ide\u00e1ln\u00edch podm\u00ednek lze pou\u017e\u00edt i k ust\u00e1n\u00ed velmi velmi velk\u00e9ho n\u00e1poru regul\u00e9rn\u00edch n\u00e1v\u0161t\u011bvn\u00edk\u016f.<\/p>\n\n\n\n<p>To byl nakonec i d\u016fvod, pro\u010d jsme upustili od tarifu zdarma pro osobn\u00ed nekomer\u010dn\u00ed weby. U\u017e toho um\u00ed tolik a jej\u00ed p\u0159\u00ednos je tak velk\u00fd, \u017ee v\u011b\u0159\u00edme \u017ee z\u00e1kazn\u00edkovi se v\u017edy vyplat\u00ed zaplatit 25 K\u010d za m\u011bs\u00edc. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Testujeme HTTP\/3<\/h3>\n\n\n\n<p>V \u010dervnu jsme za\u010dali testovat mo\u017enost nasazen\u00ed HTTP\/3 pro u\u017eivatele WEDOS Global Protection. V \u010dervenci jsme se posunuli d\u00e1l a n\u00e1\u0161 web jede kompletn\u011b na HTTP\/3. Pokud nenaraz\u00edme p\u0159i testov\u00e1n\u00ed na probl\u00e9m, tak HTTP\/3 spust\u00edme pro v\u0161echny, kdo pou\u017e\u00edvaj\u00ed WEDOS Global Protection (WGP lze pou\u017e\u00edvat i pokud m\u00e1te hosting u konkurence).<\/p>\n\n\n\n<p>A pro\u010d by V\u00e1s HTTP\/3 m\u011bl zaj\u00edmat?<\/p>\n\n\n\n<p>HTTP\/3 je nejnov\u011bj\u0161\u00ed verze protokolu HTTP, kter\u00fd je z\u00e1kladem pro p\u0159enos dat na internetu a d\u00edky n\u011bmu m\u016f\u017eete p\u0159istupovat na webov\u00e9 str\u00e1nky.<\/p>\n\n\n\n<p>D\u0159\u00edv\u011bj\u0161\u00ed verze HTTP (HTTP\/1 a HTTP\/2) vyu\u017e\u00edvaj\u00ed protokol TCP (Transmission Control Protocol) pro p\u0159enos paket\u016f. TCP je spolehliv\u00fd, proto\u017ee zaji\u0161\u0165uje, \u017ee v\u0161echny pakety doraz\u00ed na spr\u00e1vn\u00e9 m\u00edsto a v spr\u00e1vn\u00e9m po\u0159ad\u00ed. Ale m\u00e1 to tak\u00e9 nev\u00fdhody \u2013 pokud se jeden paket ztrat\u00ed nebo se zpozd\u00ed, v\u0161echny n\u00e1sleduj\u00edc\u00ed pakety mus\u00ed \u010dekat, dokud se ztracen\u00fd paket neobjev\u00ed. To se naz\u00fdv\u00e1 Head-of-line blocking (blokov\u00e1n\u00ed hlavy \u0159ady).<\/p>\n\n\n\n<p>HTTP\/3 m\u00edsto toho pou\u017e\u00edv\u00e1 nov\u011bj\u0161\u00ed protokol nazvan\u00fd QUIC, kter\u00fd byl navr\u017een tak, aby p\u0159ekonal probl\u00e9m Head-of-line blocking. QUIC pou\u017e\u00edv\u00e1 UDP (User Datagram Protocol), kter\u00fd nevy\u017eaduje, aby pakety dorazily v ur\u010dit\u00e9m po\u0159ad\u00ed. To znamen\u00e1, \u017ee pokud se jeden paket ztrat\u00ed nebo zpozd\u00ed, ostatn\u00ed pakety mohou pokra\u010dovat bez \u010dek\u00e1n\u00ed.<\/p>\n\n\n\n<p>V\u00fdhody HTTP\/3 zahrnuj\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lep\u0161\u00ed v\u00fdkon v nestabiln\u00edch s\u00edt\u00edch<\/strong>: HTTP\/3 m\u016f\u017ee efektivn\u011bji p\u0159en\u00e1\u0161et data v s\u00edt\u00edch, kter\u00e9 jsou nestabiln\u00ed nebo maj\u00ed vysokou odezvu, jako je nap\u0159\u00edklad mobiln\u00ed internet. U z\u00e1kazn\u00edk\u016f s mobily v \u0161patn\u011b pokryt\u00fdch oblastech, ve vlaku atd. z\u00edsk\u00e1te konkuren\u010dn\u00ed v\u00fdhodu.<\/li>\n\n\n\n<li>&nbsp;<strong>Rychlej\u0161\u00ed p\u0159ipojen\u00ed<\/strong>: QUIC umo\u017e\u0148uje rychlej\u0161\u00ed nastaven\u00ed nov\u00fdch spojen\u00ed, proto\u017ee je pot\u0159eba k nastaven\u00ed spojen\u00ed mezi klientem a serverem m\u00e9n\u011b kroku.<\/li>\n\n\n\n<li><strong>Zabezpe\u010den\u00ed je v\u00fdchoz\u00ed<\/strong>: QUIC vyu\u017e\u00edv\u00e1 \u0161ifrov\u00e1n\u00ed jako standard, co\u017e zlep\u0161uje zabezpe\u010den\u00ed dat.<\/li>\n\n\n\n<li><strong>\u017d\u00e1dn\u00e9 Head-of-line blocking<\/strong>: QUIC umo\u017e\u0148uje, aby pakety pokra\u010dovaly, ani\u017e by musely \u010dekat na ztracen\u00e9 nebo zpo\u017ed\u011bn\u00e9 pakety. To zlep\u0161uje rychlost a efektivitu p\u0159enosu dat.<\/li>\n<\/ul>\n\n\n\n<p>S WEDOS Global Protection bude V\u00e1\u0161 web nejen chr\u00e1n\u011bn, ale bude i d\u00edky celosv\u011btov\u00e9 s\u00edti WEDOS Global rychlej\u0161\u00ed (webov\u00e1 CDN, Anycast&nbsp;DNS). Stejn\u011b jako HTTP\/3 tak i IPv6 anebo HTTPS, lze pou\u017e\u00edvat i kdy\u017e jej v\u00e1\u0161 poskytovatel hostingu nepodporuje. Dal\u0161\u00ed technologie p\u0159ipravujeme.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Vlastn\u00ed certifik\u00e1ty na WEDOS Global Protection<\/h3>\n\n\n\n<p>Mo\u017enost pou\u017e\u00edvat vlastn\u00ed SSL\/TLS certifik\u00e1t ve WEDOS Global Protection byl dal\u0161\u00ed z \u00fakol\u016f, kter\u00fd jsme m\u011bli v na\u0161em to do listu. V \u010dervenci jsme provedli posledn\u00ed testov\u00e1n\u00ed a ji\u017e zanedlouho se objev\u00ed v administraci u tarif\u016f Expert a Ultimate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statistik WEDOS Global Protection<\/h2>\n\n\n\n<p>Statistiky byly v \u010dervenci ovlivn\u011bny hlavn\u011b men\u0161\u00ed aktivitou \u00fato\u010dn\u00edk\u016f. Des\u00edtky milion\u016f request\u016f formou L7 HTTP flood \u00fatoku nikdo nezkusil. Pro \u00fato\u010dn\u00edky je to prost\u011b pl\u00fdtv\u00e1n\u00ed zdroji. Zkus\u00ed n\u011bkolik stovek IP adres a synchronizovan\u00fd \u00fatok, kter\u00fd m\u00e1 zp\u016fsobit probl\u00e9m ne\u017e se sepne specifick\u00e1 ochrana, uplatn\u00ed limity, zapne lok\u00e1ln\u00ed blokov\u00e1n\u00ed atd. V\u011bt\u0161inou je to p\u00e1r vte\u0159in, pak to vypnou. Velk\u00e9 \u00fatoky jsou tak sp\u00ed\u0161e v\u00fdjimkou a nov\u00fd standard L7 HTTP flood je tak kr\u00e1tk\u00fd \u00fatok v ni\u017e\u0161\u00edch jednotk\u00e1ch minut. <\/p>\n\n\n\n<p>P\u0159\u00edsn\u011bj\u0161\u00ed jsme tak\u00e9 k provozu ze slu\u017eeb VPN, kter\u00e9 jsou zdarma anebo nab\u00edz\u00ed obdob\u00ed zdarma. Z IP adres t\u011bchto slu\u017eeb jde prakticky jen \u0161kodliv\u00fd provoz. Do budoucna p\u0159\u00edstupy z t\u011bchto IP adres budou muset proj\u00edt v\u017edy testem na p\u0159esm\u011brov\u00e1n\u00ed.<\/p>\n\n\n\n<p>N\u00e1sleduj\u00edc\u00ed statistiky jsou z reverzn\u00edch proxy server\u016f na jednotliv\u00fdch bodech, kter\u00e9 odbavuj\u00ed po\u017eadavky o\u010di\u0161t\u011bn\u00e9 od L3\/L4 DDoS \u00fatok\u016f.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co jsou L3\/L4 \u00fatoky?<\/strong><\/p>\n\n\n\n<p>DDoS \u00fatoky na L3 a L4 vrstv\u011b se zam\u011b\u0159uj\u00ed na s\u00ed\u0165ovou a transportn\u00ed vrstvu a vyu\u017e\u00edvaj\u00ed r\u016fzn\u00e9 techniky, jak zahlcovat c\u00edlov\u00e9 servery nebo za\u0159\u00edzen\u00ed.<br><br>S\u00ed\u0165ov\u00e1 vrstva (L3) &#8211; zaji\u0161\u0165uje sm\u011brov\u00e1n\u00ed dat mezi r\u016fzn\u00fdmi s\u00edt\u011bmi pomoc\u00ed logick\u00fdch adres (IP).<br><br>Transportn\u00ed vrstva (L4) &#8211; zaji\u0161\u0165uje spolehliv\u00fd a \u0159\u00edzen\u00fd p\u0159enos dat mezi koncov\u00fdmi body pomoc\u00ed protokol\u016f jako TCP nebo UDP.<\/p>\n<\/div><\/div>\n\n\n\n<p>D\u00e1le do p\u0159ehledu nejsou zahrnuty n\u011bkter\u00e9 po\u017eadavky, kter\u00e9 pou\u017e\u00edv\u00e1me pro monitorov\u00e1n\u00ed dostupnosti a fungov\u00e1n\u00ed jednotliv\u00fdch bod\u016f, aby statistiky nezkreslovaly.<\/p>\n\n\n\n<p>Ke konci \u010dervence po\u010det chr\u00e1n\u011bn\u00fdch dom\u00e9n WEDOS Global Protection narostl na <strong>4278 dom\u00e9n<\/strong> (+524). \u010c\u00e1st jsou dom\u00e9ny, kter\u00e9 p\u0159idala podpora kv\u016fli \u00fatok\u016fm anebo to jsou to n\u00e1ro\u010dn\u00e9 weby, kter\u00fdm v\u00fdrazn\u011b pom\u00e1h\u00e1 automatick\u00e1 cache na proxy serveru. Mimo n\u00e1s vyu\u017e\u00edv\u00e1 WEDOS Global Protection <strong>1029 u\u017eivatel\u016f<\/strong> (+89).<\/p>\n\n\n\n<p>V kv\u011btnu bylo zaznamen\u00e1no celkem <strong>3&nbsp;568&nbsp;662&nbsp;296  po\u017eadavk\u016f (+5,34 %)<\/strong> z <strong>8&nbsp;641&nbsp;401  (+11,79 %) unik\u00e1tn\u00edch IP adres<\/strong>, kter\u00e9 sm\u011b\u0159ovaly na chr\u00e1n\u011bn\u00e9 dom\u00e9ny. V pr\u016fm\u011bru za den odbavily proxy servery <strong>115&nbsp;118&nbsp;138 po\u017eadavk\u016f<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230802-wedos-global-cervenec-body.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"453\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230802-wedos-global-cervenec-body-1024x453.png\" alt=\"\" class=\"wp-image-234508 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230802-wedos-global-cervenec-body-1024x453.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230802-wedos-global-cervenec-body-300x133.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230802-wedos-global-cervenec-body-768x339.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230802-wedos-global-cervenec-body-1536x679.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230802-wedos-global-cervenec-body.png 1853w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/453;\" \/><\/a><figcaption class=\"wp-element-caption\">Denn\u00ed graf p\u0159\u00edstup\u016f na WEDOS Global za \u010dervenec, o\u010di\u0161t\u011bn\u00fdch od L3\/L4 a statistik.<\/figcaption><\/figure>\n\n\n\n<p>Co se t\u00fdk\u00e1 n\u00e1r\u016fstu unik\u00e1tn\u00edch IP adres, tak vliv na to m\u00e1 sez\u00f3nnost. V\u011bt\u0161ina u\u017eivatel\u016f WGP je st\u00e1le z \u010cR a SR. Jejich n\u00e1v\u0161t\u011bvn\u00edci se v\u00edce p\u0159ipojovali ze zahrani\u010d\u00ed. D\u00e1le p\u0159ib\u00fdv\u00e1 velk\u00fdch z\u00e1kazn\u00edk\u016f ze zahrani\u010d\u00ed. M\u00e1me tam i weby ministerstev (ne \u010cR, ti se s n\u00e1mi o na\u0161\u00ed ochran\u011b necht\u011bj\u00ed ani bavit). To je jin\u00e9 slo\u017een\u00ed n\u00e1v\u0161t\u011bvnosti.<\/p>\n\n\n\n<p>T\u00edm jak vylep\u0161ujeme algoritmy, kter\u00e9 d\u00e1vaj\u00ed do\u010dasn\u011b IP adresy na blacklisty, tak kles\u00e1 po\u010det po\u017eadavk\u016f, kter\u00e9 mus\u00edme blokovat na reverzn\u00ed proxy (limity p\u0159\u00edstup\u016f, limity spojen\u00ed a webov\u00fd firewall). <\/p>\n\n\n\n<p>Statistiky nud\u00edc\u00edch se ochran \ud83d\ude42<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"block-6c3391e3-ba1d-44bd-a1a5-7d1807b3a05e\">\n<li>L7 DDoS &#8211; zachycen\u00fdch limitov\u00e1n\u00edm p\u0159\u00edstup\u016f (HTTP flood): <br><strong>1 667 752<\/strong><\/li>\n\n\n\n<li>L7 DDoS &#8211; zachycen\u00fdch probl\u00e9mov\u00fdch spojen\u00ed (Slowloris, Connection Exhaustion atd.): <br><strong>1 657 563<\/strong><\/li>\n\n\n\n<li>Blokov\u00e1no pravidlem WAF: <strong>10 662 108<\/strong><\/li>\n\n\n\n<li>Dal\u0161\u00ed blokov\u00e1n\u00ed L7: <strong>5 581 467<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Tato \u010d\u00edsla jsou jen prvn\u00ed pokusy. Jakmile se jedn\u00e1 o opakovan\u00e9 pokusy, kter\u00e9 naberou na s\u00edle (t\u0159eba des\u00edtky tis\u00edc probl\u00e9mov\u00fdch na za minutu), tak IP adresa jde na blacklist. Je to v\u0161ak slo\u017eit\u011bj\u0161\u00ed, proto\u017ee k r\u016fzn\u00fdm IP se chov\u00e1me odli\u0161n\u011b. Stejn\u011b tak o odli\u0161n\u00fdm form\u00e1m \u00fatok\u016f.<\/p>\n\n\n\n<p>P\u0159\u00ed\u0161t\u00ed report budou statistiky vy\u0161\u0161\u00ed. Po testovac\u00edm provozu nasad\u00edme v\u0161em chr\u00e1n\u011bn\u00fdm WordPress web\u016fm ochranu na formul\u00e1\u0159 s p\u0159ihl\u00e1\u0161en\u00edm. V posledn\u00edch t\u00fddnech evidujeme extr\u00e9mn\u00ed n\u00e1por brute force \u00fatok\u016f na prolomen\u00ed hesla. \u00dato\u010dn\u00edci si po\u010d\u00ednaj\u00ed zna\u010dn\u011b nevhodn\u011b a perou to do formul\u00e1\u0159\u016f ve velk\u00e9m, co\u017e vede k vy\u010derp\u00e1n\u00ed p\u0159id\u011blen\u00fdch serverov\u00fdch zdroj\u016f. Pokud v posledn\u00edch t\u00fddnech evidujete ob\u010dasnou nedostupnost anebo zpomalen\u00ed WordPress toto m\u016f\u017ee b\u00fdt d\u016fvod.<\/p>\n\n\n\n<p>My to vy\u0159e\u0161\u00edme tak, \u017ee kdy\u017e se n\u011bkdo bude cht\u00edt p\u0159ihl\u00e1sit tak bude muset proj\u00edt p\u0159es p\u0159esm\u011brov\u00e1n\u00ed anebo captcha v p\u0159\u00edpad\u011b podez\u0159el\u00e9 IP. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">L3\/L4 DDoS \u00fatoky<\/h3>\n\n\n\n<p>Popravd\u011b s po\u0159\u00e1dn\u00fdmi L3\/L4 \u00fatoky se v posledn\u00edch m\u011bs\u00edc\u00edch u\u017e moc nesetk\u00e1v\u00e1me. D\u0159\u00edve jsme \u00fatoky 10 Gbps+ za\u017e\u00edvali n\u011bkolikr\u00e1t do t\u00fddne, posledn\u00ed byl v \u010dervnu.<\/p>\n\n\n\n<p>V \u010dervenci jich na n\u00e1s \u0161lo sice 6192, ale nejsiln\u011bj\u0161\u00ed byl 7,7 Gbps a 2,9 milion\u016f paket\u016f za vte\u0159inu ve \u0161pi\u010dce a m\u00ed\u0159il na jednoho na\u0161eho z\u00e1kazn\u00edka s VPS.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"539\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230817-ddos-l3l4-cervenec-1024x539.png\" alt=\"\" class=\"wp-image-234406 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230817-ddos-l3l4-cervenec-1024x539.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230817-ddos-l3l4-cervenec-300x158.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230817-ddos-l3l4-cervenec-768x404.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230817-ddos-l3l4-cervenec.png 1158w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/539;\" \/><figcaption class=\"wp-element-caption\">L3\/L4 DDoS \u00fatoky za \u010dervenec 2023.<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nejsiln\u011bj\u0161\u00ed L7 DDoS \u00fatoky<\/h3>\n\n\n\n<p>\u010cervenec charakterizovaly dv\u011b v\u011bci. Zv\u00fd\u0161en\u00e1 aktivita \u00fatok\u016f ze s\u00edt\u00ed poskytuj\u00edc\u00ed VPN. Jedn\u00e1 se p\u0159itom o velkou \u0161k\u00e1lu \u00fatok\u016f, od L7 HTTP flood, p\u0159es hled\u00e1n\u00ed zranitelnost\u00ed v obl\u00edben\u00fdch redak\u010dn\u00edch syst\u00e9mech a\u017e po SQLi \u00fatoky. Prohl\u00e1\u0161en\u00edm, \u017ee VPN zdarma jsou ve skute\u010dnosti skryt\u00e9 botnety, v \u010dervenci a i v srpnu rozhodn\u011b nen\u00ed daleko od pravdy. <\/p>\n\n\n\n<p>Dal\u0161\u00ed zaj\u00edmavost\u00ed byl zv\u00fd\u0161en\u00fd po\u010det \u00fatok\u016f sm\u011b\u0159uj\u00edc\u00ed na str\u00e1nky hern\u00edch web\u016f a server\u016f. N\u011bkter\u00e9 byly celkem siln\u00e9. Tento druh web\u016f je pod \u00fatoky pravideln\u011b, ov\u0161em v \u010dervenci v\u00edce ne\u017e je to obvykl\u00e9. Pokud podobn\u00fd projekt provozujete rozhodn\u011b zva\u017ete WEDOS Global protection &#8211; viz. <a href=\"https:\/\/www.wedos.com\/cs\/protection\/wedos-global-protection-pro-herni-servery-gamingove-a-esports-platformy\/\" target=\"_blank\" rel=\"noopener\">WEDOS Global Protection pro Hern\u00ed servery, Gamingov\u00e9 a eSports platformy<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. \u00datok na web hern\u00edho serveru p\u0159es 2M po\u017eadavk\u016f za minutu<\/h3>\n\n\n\n<p>Jednalo se o nejsiln\u011bj\u0161\u00ed \u00fatok co do po\u010dtu po\u017eadavk\u016f ve \u0161pi\u010dce za minutu. Podle log\u016f to bylo p\u0159es <strong>2&nbsp;041&nbsp;522<\/strong> za minutu. Celkem \u0161lo na c\u00edl t\u00e9m\u011b\u0159 4M po\u017eadavk\u016f z 2693 unik\u00e1tn\u00edch IP adres. \u00dato\u010dn\u00edci v\u011bd\u00ed, \u017ee tyto \u00fatoky WGP za\u010dne rychle blokovat a nejaktivn\u011bj\u0161\u00ed IP skon\u010d\u00ed pro jistotu na blacklistu, co\u017e je vid\u011bt i na grafu. Zaj\u00edmav\u00e9 bylo, \u017ee tentokr\u00e1t byli netrp\u011bliv\u00ed a zkusili to za necel\u00fdch 10 minut znovu, ov\u0161em nejaktivn\u011bj\u0161\u00ed IP adresy, kter\u00e9 nikomu nebudou chyb\u011bt u\u017e byly na blacklistu a o ten zbytek se postaral WAF.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230723-utok-na-herni-server.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1024\" height=\"374\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230723-utok-na-herni-server-1024x374.png\" alt=\"\" class=\"wp-image-236410 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230723-utok-na-herni-server-1024x374.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230723-utok-na-herni-server-300x110.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230723-utok-na-herni-server-768x281.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230723-utok-na-herni-server-1536x562.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230723-utok-na-herni-server.png 1797w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/374;\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">2. \u00datok na web hern\u00edho serveru p\u0159es 1M po\u017eadavk\u016f za minutu<\/h3>\n\n\n\n<p>Dal\u0161\u00ed \u00fatok byl opravdov\u00e1 bleskovka. Trval n\u011bco m\u00e1lo p\u0159es minutu. Celkem 1,25M po\u017eadavk\u016f z 1616 UIP. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-1024x374.png\" alt=\"\" class=\"wp-image-236416 lazyload\" width=\"674\" height=\"246\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-1024x374.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-300x110.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-768x281.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-1536x561.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server.png 1793w\" data-sizes=\"(max-width: 674px) 100vw, 674px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 674px; --smush-placeholder-aspect-ratio: 674\/246;\" \/><\/a><\/figure>\n\n\n\n<p>Tento \u00fatok byl zaj\u00edmav\u00fd, proto\u017ee skute\u010dn\u00e1 hrub\u00e1 s\u00edla, \u0161la p\u0159es lokalitu v Singapuru a Dallasu. Jak\u00e9koliv centralizovan\u00e9 \u00fatoky, m\u016f\u017ee daleko efektivn\u011bji \u0159e\u0161it dan\u00e1 lokalita ani\u017e by to ovlivnilo zbytek sv\u011bta. Nap\u0159\u00edklad v nouzi bychom na t\u00e9 lokalit\u011b mohli spustit pro v\u0161echny (mimo whitelist) kontrolu p\u0159es javascript redirekt anebo captcha.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"296\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-rozlozeni-1024x296.png\" alt=\"\" class=\"wp-image-236423 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-rozlozeni-1024x296.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-rozlozeni-300x87.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-rozlozeni-768x222.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-rozlozeni-1536x443.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/20230722-utok-na-herni-server-rozlozeni.png 1881w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/296;\" \/><figcaption class=\"wp-element-caption\">Rozlo\u017een\u00ed \u00fatoku podle lokalit WEDOS Global, kter\u00e9 jej \u0159e\u0161ily.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">3. m\u00edsto \u00fatok na web hern\u00edho serveru p\u0159es 633 tis\u00edc po\u017eadavk\u016f za minutu<\/h3>\n\n\n\n<p>Dal\u0161\u00ed web hern\u00edho serveru byl pod \u00fatokem v druh\u00e9 polovin\u011b \u010dervence. Op\u011bt velmi kr\u00e1tk\u00fd \u00fatok n\u011bco p\u0159es minutu. 862 tis\u00edc request\u016f z 692 unik\u00e1tn\u00edch IP adres. Ve \u0161pi\u010dce &#8222;jen&#8220; 633&nbsp;468 za minutu. Tady to vypad\u00e1, \u017ee se \u00fapln\u011b nezda\u0159ila celosv\u011btov\u00e1 synchronizace \u00fatoku, tak\u017ee ochrany to m\u011bly snadn\u00e9. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"371\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2023\/08\/2023072023-utok-na-herni-server-1024x371.png\" alt=\"\" class=\"wp-image-236432 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/2023072023-utok-na-herni-server-1024x371.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/2023072023-utok-na-herni-server-300x109.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/2023072023-utok-na-herni-server-768x279.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/2023072023-utok-na-herni-server-1536x557.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/08\/2023072023-utok-na-herni-server.png 1811w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/371;\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>Kdokoliv m\u016f\u017ee vyu\u017e\u00edvat WEDOS Global  Protection pro rychlej\u0161\u00ed na\u010d\u00edt\u00e1n\u00ed a ochranu sv\u00fdch web\u016f. Slu\u017ebu je mo\u017en\u00e9 pou\u017e\u00edvat bez nutnosti st\u011bhovat hardware anebo m\u011bnit poskytovatele webhostingu. Sta\u010d\u00ed nasm\u011b\u0159ovat dom\u00e9nu na DNS WEDOS Global a p\u0159idat dom\u00e9nu do <a href=\"https:\/\/client.wedos.global\/protection\/dashboard\" target=\"_blank\" rel=\"noopener\">administrace WEDOS Global Protection<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ani o pr\u00e1zdnin\u00e1ch jsme nelenili a pokra\u010dovali v v budov\u00e1n\u00ed na\u0161\u00ed infrastruktury WEDOS Global. Optimalizovalo se routov\u00e1n\u00ed ve vybran\u00fdch lokalit\u00e1ch, pokra\u010dovali jsme v domlouv\u00e1n\u00ed nov\u00fdch a dotahujeme n\u011bkter\u00e9 rozd\u011blan\u00e9. V\u00fdsledkem je lep\u0161i odezva v n\u011bkolika zem\u00edch a tak\u00e9 testujeme n\u011bkolik nov\u00fdch funkc\u00ed, kter\u00e9 se chyst\u00e1me zp\u0159\u00edstupnit pro v\u0161echny u\u017eivatele. Samoz\u0159ejm\u011b nechyb\u011bly ani DDoS \u00fatoky, i &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blog.wedos.com\/cs\/waf-report-z-wedos-global-protection-za-cervenec-2023\" class=\"more-link\">Pokra\u010dovat ve \u010dten\u00ed<span class=\"screen-reader-text\"> &#8222;WAF report z WEDOS Global Protection za \u010dervenec 2023&#8220;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":236319,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[112],"tags":[204,203,122,200,186,177],"class_list":["post-230317","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-cache","tag-cdn","tag-ddos","tag-waf","tag-wedos-global","tag-wedos-global-protection"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/230317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=230317"}],"version-history":[{"count":8,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/230317\/revisions"}],"predecessor-version":[{"id":242225,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/230317\/revisions\/242225"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/236319"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=230317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=230317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=230317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}