{"id":504152,"date":"2024-01-27T09:09:42","date_gmt":"2024-01-27T08:09:42","guid":{"rendered":"https:\/\/blog.wedos.com\/?p=504152"},"modified":"2024-01-31T16:29:15","modified_gmt":"2024-01-31T15:29:15","slug":"waf-report-z-wedos-global-protection-za-prosinec-2023","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/waf-report-z-wedos-global-protection-za-prosinec-2023","title":{"rendered":"WAF report z WEDOS Global Protection za prosinec 2023"},"content":{"rendered":"\n<p>Zhruba v polovin\u011b prosince se zastavil po\u010det v\u00fdznamn\u00fdch \u00fatok\u016f na e-shopy. To jsou \u00fatoky p\u0159esahuj\u00edc\u00ed vy\u0161\u0161\u00ed stovky tis\u00edc po\u017eadavk\u016f za minutu na sedm\u00e9 (aplika\u010dn\u00ed) vrstv\u011b, p\u0159\u00edpadn\u011b veden\u00e9 z v\u00edce jak tis\u00edc unik\u00e1tn\u00edch IP adres. To n\u00e1s utvrdilo, \u017ee tento druh \u00fatok\u016f se st\u00e1v\u00e1 b\u011b\u017enou sou\u010d\u00e1st\u00ed konkuren\u010dn\u00edho boje v \u010cesku. Nicm\u00e9n\u011b prosinec nebyl v porovn\u00e1n\u00ed s listopadem klidn\u011bj\u0161\u00ed.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global<\/h2>\n\n\n\n<p>Nejd\u0159\u00edve kr\u00e1tce o WEDOS Global. <\/p>\n\n\n\n<p>WEDOS Global je n\u00e1zev pro na\u0161i glob\u00e1ln\u00ed s\u00ed\u0165ovou infrastrukturu postavenou na v\u00edce ne\u017e dvou tis\u00edc\u00edch fyzick\u00fdch serverech, kter\u00e9 jsou v na\u0161em vlastnictv\u00ed. Servery jsou strategicky um\u00edst\u011bn\u00e9 v des\u00edtk\u00e1ch lokalit po cel\u00e9m sv\u011bt\u011b. Tato um\u00edst\u011bn\u00ed jsou pe\u010dliv\u011b vyb\u00edr\u00e1na tak, aby poskytovala optim\u00e1ln\u00ed rychlost a bezpe\u010dnost p\u0159ipojen\u00ed pro webov\u00e9 str\u00e1nky. S celkovou s\u00ed\u0165ovou konektivitou p\u0159esahuj\u00edc\u00ed 3 000 Gbps m\u00e1me dostatek rezerv pro odol\u00e1n\u00ed i t\u011bm nejsiln\u011bj\u0161\u00edm DDoS \u00fatok\u016fm.  WEDOS Global nav\u00edc rychle roste a tak se st\u00e1v\u00e1 robustn\u011bj\u0161\u00ed a rychlej\u0161\u00ed.  <\/p>\n\n\n\n<p>Hlavn\u00ed technologickou oporou s\u00edt\u011b WEDOS Global je implementace BGP AnyCast, co\u017e je technologie, kter\u00e1 efektivn\u011b distribuuje internetov\u00fd provoz nap\u0159\u00ed\u010d celou s\u00edt\u00ed. Tato distribuce je kl\u00ed\u010dov\u00e1 pro minimalizaci dopadu DDoS \u00fatok\u016f, kter\u00e9 maj\u00ed za c\u00edl zpomalit nebo zablokovat s\u00ed\u0165ov\u00fd provoz. D\u00edky BGP AnyCast jsou \u00fatoky velice efektivn\u011b rozpt\u00fdleny po r\u016fzn\u00fdch lokalit\u00e1ch, \u010d\u00edm\u017e se v\u00fdrazn\u011b sni\u017euje jejich potenci\u00e1ln\u00ed \u0161kodliv\u00fd vliv. V podstat\u011b je eliminov\u00e1no to nejnebezpe\u010dn\u011bj\u0161\u00ed, co DDoS \u00fatoky p\u0159edstavuj\u00ed. <\/p>\n\n\n\n<p>Druhou z\u00e1sadn\u00ed technologi\u00ed je implementace reverzn\u00ed proxy. Tento mezi\u010dl\u00e1nek mezi n\u00e1v\u0161t\u011bvn\u00edkem a c\u00edlov\u00fdm serverem nejen p\u0159epos\u00edl\u00e1 po\u017eadavky, ale m\u00e1 tak\u00e9 schopnost identifikovat a eliminovat \u0161kodliv\u00fd provoz. V\u00fdznamn\u011b tak p\u0159isp\u00edv\u00e1 k bezpe\u010dnosti webov\u00e9ho prost\u0159ed\u00ed.<\/p>\n\n\n\n<p>Krom\u011b toho, d\u00edky integraci webov\u00e9 CDN cache v r\u00e1mci WEDOS Global Protection, umo\u017e\u0148uje reverzn\u00ed proxy ulo\u017een\u00ed statick\u00fdch kopi\u00ed webov\u00e9ho obsahu na r\u016fzn\u00fdch geografick\u00fdch m\u00edstech. Tento p\u0159\u00edstup vede k rychlej\u0161\u00edmu na\u010d\u00edt\u00e1n\u00ed webov\u00fdch str\u00e1nek pro u\u017eivatele z r\u016fzn\u00fdch region\u016f sv\u011bta a z\u00e1rove\u0148 efektivn\u011b sni\u017euje z\u00e1t\u011b\u017e na hostingov\u00e9m serveru.<\/p>\n\n\n\n<p>Toto v\u0161e m\u00e1 za n\u00e1sledek nejen v\u00fdrazn\u00e9 zv\u00fd\u0161en\u00ed bezpe\u010dnosti, ale tak\u00e9 zlep\u0161en\u00ed u\u017eivatelsk\u00e9ho z\u00e1\u017eitku a celkov\u00e9 efektivity webov\u00fdch str\u00e1nek. Jakmile za\u010dne webov\u00e1 CDN cache fungovat u nov\u011b p\u0159idan\u00e9ho webu, v pr\u016fm\u011bru zaznamen\u00e1v\u00e1me zrychlen\u00ed o 30-40 %.<\/p>\n\n\n\n<p>Cachov\u00e1n\u00ed obsahu pou\u017e\u00edv\u00e1me tak\u00e9 jako velice efektivn\u00ed zp\u016fsob, jak se vypo\u0159\u00e1dat s DDoS \u00fatoky.  <\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-blog-wedos wp-block-embed-blog-wedos\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"cx2xcPbMSl\"><a href=\"https:\/\/blog.wedos.com\/cs\/otestovali-jsme-na-sobe-novou-ochranu-proti-l7-ddos-utokum\">Otestovali jsme na sob\u011b novou ochranu proti L7 DDoS \u00fatok\u016fm<\/a><\/blockquote><iframe class=\"wp-embedded-content lazyload\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8222;Otestovali jsme na sob\u011b novou ochranu proti L7 DDoS \u00fatok\u016fm&#8220; &#8212; Blog WEDOS\" data-src=\"https:\/\/blog.wedos.com\/cs\/otestovali-jsme-na-sobe-novou-ochranu-proti-l7-ddos-utokum\/embed#?secret=4VKqD00gKQ#?secret=cx2xcPbMSl\" data-secret=\"cx2xcPbMSl\" width=\"525\" height=\"296\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Nov\u00e9 p\u0159ipojen\u00ed k IXP ve Finsku<\/h3>\n\n\n\n<p>Po \u00fasp\u011b\u0161n\u00e9 integraci s Netnodem, jedn\u00edm z p\u0159edn\u00edch internetov\u00fdch v\u00fdm\u011bnn\u00fdch bod\u016f (IXP) v severn\u00ed Evrop\u011b, jsme roz\u0161\u00ed\u0159ili na\u0161i s\u00ed\u0165ovou infrastrukturu o peering v Helsink\u00e1ch (Finsko). <\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-blog-wedos wp-block-embed-blog-wedos\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"qXE3XtQMtP\"><a href=\"https:\/\/blog.wedos.com\/cs\/wedos-global-nyni-jeste-rychlejsi-ve-finsku-diky-spusteni-ixp-netnode-v-helsinkach\">WEDOS Global nyn\u00ed je\u0161t\u011b rychlej\u0161\u00ed ve Finsku d\u00edky spu\u0161t\u011bn\u00ed IXP Netnode v Helsink\u00e1ch<\/a><\/blockquote><iframe class=\"wp-embedded-content lazyload\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8222;WEDOS Global nyn\u00ed je\u0161t\u011b rychlej\u0161\u00ed ve Finsku d\u00edky spu\u0161t\u011bn\u00ed IXP Netnode v Helsink\u00e1ch&#8220; &#8212; Blog WEDOS\" data-src=\"https:\/\/blog.wedos.com\/cs\/wedos-global-nyni-jeste-rychlejsi-ve-finsku-diky-spusteni-ixp-netnode-v-helsinkach\/embed#?secret=ijjsLNo526#?secret=qXE3XtQMtP\" data-secret=\"qXE3XtQMtP\" width=\"525\" height=\"296\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"block-cf8be3ad-2224-472b-a4bd-d94ca3c9f21c\">Chcete se o WEDOS Global dozv\u011bd\u011bt v\u00edce?<\/h3>\n\n\n\n<p id=\"block-7a0e9de9-994a-4368-83c1-98199a50b21d\">Pokud v\u00e1s zaj\u00edm\u00e1 WEDOS Global a r\u00e1di byste se dozv\u011bd\u011bli v\u00edce o pokro\u010dil\u00fdch technologi\u00edch, kter\u00e9 pou\u017e\u00edv\u00e1me, tak pro hlub\u0161\u00ed a detailn\u00ed pohled do technologick\u00e9 architektury, na n\u00ed\u017e je postavena infrastruktura WEDOS Global, v\u00e1m doporu\u010dujeme poslechnout si na\u0161i p\u0159edn\u00e1\u0161ku z konference Kubernetes Community Days Czech &amp; Slovak 2023. Tuto odbornou prezentaci vedli dva kolegov\u00e9, kte\u0159\u00ed hraj\u00ed kl\u00ed\u010dovou roli ve v\u00fdvoji WEDOS Global.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Glob\u00e1ln\u00ed Kubernetes infrastruktura, jej\u00ed v\u00fdvoj a \u00fadr\u017eba-WEDOS Global - Jakub Sassmann a Martin Du\u0161ek\" width=\"525\" height=\"295\" data-src=\"https:\/\/www.youtube.com\/embed\/siA5YFE5N4E?start=25&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global Protection<\/h2>\n\n\n\n<p>P\u0159edstavte si, \u017ee v\u00e1\u0161 web je neust\u00e1le pod ochranou tis\u00edc\u016f server\u016f rozm\u00edst\u011bn\u00fdch po cel\u00e9m sv\u011bt\u011b. To nen\u00ed jen oby\u010dejn\u00e1 ochrana proti \u00fatok\u016fm, to je jako m\u00edt osobn\u00ed arm\u00e1du kybernetick\u00fdch str\u00e1\u017ec\u016f. A\u0165 u\u017e jde o nezbedn\u00e9 boty, kte\u0159\u00ed zkou\u0161ej\u00ed prolomit va\u0161e heslo nebo o masivn\u00ed DDoS \u00fatoky, WEDOS Global Protection dr\u017e\u00ed va\u0161i str\u00e1nku v bezpe\u010d\u00ed 24 hodin denn\u011b, 7 dn\u00ed v t\u00fddnu. Nav\u00edc sledujeme aktu\u00e1ln\u00ed hrozby a upravujeme na m\u00edru ochrany pro v\u0161echny weby. <\/p>\n\n\n\n<p>WEDOS Global Protection kombinuje jak klasickou ochranu proti volumetrick\u00fdm DDoS \u00fatok\u016fm, tak i proti nov\u00e9 generaci \u00fatok\u016f sm\u011b\u0159uj\u00edc\u00ed na aplika\u010dn\u00ed vrstvu. Nav\u00edc je k dispozici masivn\u00ed WAF, kter\u00fd neust\u00e1le vylep\u0161ujeme proti nov\u00fdm hrozb\u00e1m.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je WAF (Web Application Firewall)?<\/strong><\/p>\n\n\n\n<p>WAF (Web Application Firewall) je ochrana na na\u0161ich reverzn\u00edch proxy serverech, kter\u00e1 je um\u00edst\u011bna mezi \u00fato\u010dn\u00edkem a va\u0161\u00edm webem. V re\u00e1ln\u00e9m \u010dase proch\u00e1z\u00ed ka\u017ed\u00fd po\u017eadavek a hled\u00e1 v n\u011bm specifick\u00e9 znaky \u00fatoku anebo zneu\u017eit\u00ed bezpe\u010dnostn\u00ed d\u00edry. Pokud naraz\u00ed na podez\u0159el\u00fd po\u017eadavek, m\u016f\u017ee jej p\u0159esm\u011brovat na test (p\u0159esm\u011brov\u00e1n\u00ed, captcha), anebo zablokovat.<\/p>\n<\/div><\/div>\n\n\n\n<p>S WEDOS Global Protection nav\u00edc m\u016f\u017ee v\u00e1\u0161 web zna\u010dn\u011b zrychlit. D\u00edky AnyCast DNS a webov\u00e9 CDN cache je obsah va\u0161eho webu distribuov\u00e1n tak efektivn\u011b, \u017ee u\u017eivatel\u00e9 budou m\u00edt pocit, \u017ee data maj\u00ed na dosah ruky, a\u0165 jsou kdekoli na sv\u011bt\u011b. A to je skv\u011bl\u00e9 nejen pro u\u017eivatelsk\u00fd komfort, ale i pro va\u0161e SEO. <\/p>\n\n\n\n<p>Dal\u0161\u00ed v\u00fdhodou WEDOS Global Protection je, \u017ee v\u00e1m umo\u017en\u00ed vyu\u017e\u00edvat nejnov\u011bj\u0161\u00ed internetov\u00e9 technologie, jako je IPv6 nebo HTTP\/3, bez ohledu na to, jestli v\u00e1\u0161 hostingov\u00fd poskytovatel tyto technologie podporuje. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statistiky WEDOS Global Protection<\/h2>\n\n\n\n<p>V prosinci narostl po\u010det u\u017eivatel\u016f WEDOS Global Protection na <strong>1 443<\/strong> (+95) a celkov\u00fd po\u010det chr\u00e1n\u011bn\u00fdch dom\u00e9n na <strong>7 858 <\/strong>(+1 341). V prosinci vzrostl po\u010det \u00fatok\u016f i b\u011b\u017en\u00e1 z\u00e1t\u011b\u017e na e-commerce weby. Velkou \u010d\u00e1st dom\u00e9n tak p\u0159idala podpora z na\u0161eho hostingu (<a href=\"https:\/\/www.wedos.com\/cs\/webhosting\/lowcost\/\" target=\"_blank\" rel=\"noopener\">LowCost <\/a>a <a href=\"https:\/\/www.wedos.com\/cs\/webhosting\/nolimit\/\" target=\"_blank\" rel=\"noopener\">NoLimit<\/a>), aby ulevila server\u016fm a z\u00e1rove\u0148 zajistila, \u017ee z\u00e1kazn\u00edk\u016fm v\u0161e p\u016fjde hladce i v dob\u011b p\u0159edv\u00e1no\u010dn\u00edho nakupov\u00e1n\u00ed.<\/p>\n\n\n\n<p>Narychlo k n\u00e1m tak\u00e9 p\u0159e\u0161lo n\u011bkolik z\u00e1kazn\u00edk\u016f, kte\u0159\u00ed maj\u00ed sv\u00e9 e-shopy u t\u0159et\u00edch stran. D\u016fvodem bylo ulevit z\u00e1t\u011b\u017ei a odvr\u00e1tit \u00fatoky. Jsme v kontaktu s provozovateli t\u0159et\u00edch stran a zji\u0161\u0165ujeme nap\u0159\u00edklad, jak\u00e9 maj\u00ed limity. \u0158ada z nich m\u00e1 n\u011bjak\u00e9 automatick\u00e9 opat\u0159en\u00ed v p\u0159\u00edpad\u011b, \u017ee je jejich z\u00e1kazn\u00edk pod \u00fatokem, a web pak t\u0159eba na hodinu vypnou, aby neohrozili sv\u00e9 dal\u0161\u00ed z\u00e1kazn\u00edky. Na WEDOS Global Protection um\u00edme jednak \u00fatoky zastavit, ale tak\u00e9 zajistit, \u017ee nedojde k p\u0159ekro\u010den\u00ed t\u011bchto limit\u016f. <\/p>\n\n\n\n<p>V prosinci bylo zaznamen\u00e1no <strong>3 685 589 157<\/strong> (-11,55 %) po\u017eadavk\u016f z <strong>14 380 823<\/strong> (+27,53 %) unik\u00e1tn\u00edch IP adres, kter\u00e9 sm\u011b\u0159ovaly na chr\u00e1n\u011bn\u00e9 dom\u00e9ny. V pr\u016fm\u011bru za den odbavily proxy servery <strong>118&nbsp;889&nbsp;972<\/strong> po\u017eadavk\u016f na aplika\u010dn\u00ed vrstv\u011b (v re\u00e1lu, v\u010detn\u011b L3, L4 \u00fatok\u016f je to  o dva \u0159\u00e1dy v\u00edce).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20240101-global-requesty.png\"><img decoding=\"async\" width=\"1024\" height=\"413\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20240101-global-requesty-1024x413.png\" alt=\"\" class=\"wp-image-504244 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20240101-global-requesty-1024x413.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20240101-global-requesty-300x121.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20240101-global-requesty-768x310.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20240101-global-requesty-1536x620.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20240101-global-requesty.png 1849w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/413;\" \/><\/a><figcaption class=\"wp-element-caption\">Provoz sm\u011b\u0159uj\u00edc\u00ed na chr\u00e1n\u011bn\u00e9 dom\u00e9ny b\u011bhem prosince 2023. Ty propady jsou zp\u016fsobeny testov\u00e1n\u00edm ARM serveru, kter\u00fd odbavoval jen provoz a logov\u00e1n\u00ed na n\u011bm bylo vypnut\u00e9.<\/figcaption><\/figure>\n\n\n\n<p>Pokles je zp\u016fsoben intenzivn\u00edm testov\u00e1n\u00edm ARM server\u016f koleg\u016f z v\u00fdvoje, kde kv\u016fli p\u0159esn\u011bj\u0161\u00edmu m\u011b\u0159en\u00ed z\u00e1t\u011b\u017ee vypnuli n\u00e1ro\u010dn\u00e9 logov\u00e1n\u00ed.<\/p>\n\n\n\n<p>ARM servery se stanou budouc\u00edmi lokalitami nov\u00e9 generace, kter\u00e9 \u201evypln\u00ed mezery\u201c na \u00farovni men\u0161\u00edch celk\u016f st\u00e1t\u016f. Tedy v jednom st\u00e1t\u011b bude n\u011bkolik lokalit s ARM servery. T\u00edm zahust\u00edme na\u0161i s\u00ed\u0165. Tento rok je v pl\u00e1nu zhruba 100 lokalit nov\u00e9 generace. V\u011bt\u0161ina v Evrop\u011b.<\/p>\n\n\n\n<p>Jedn\u00e1 se o 1U HPE server se 128 j\u00e1dry ARM CPU (3 GHz), 4 TB RAM a a\u017e 160 TB \u00falo\u017en\u00e9ho prostoru. Cen\u00edkov\u00e1 cena je kolem 1,5 M K\u010d. Lokalitu nov\u00e9 generace jsme testovali ve V\u00eddni a na Hlubok\u00e9 pod po\u0159\u00e1dnou z\u00e1t\u011b\u017e\u00ed a jedna byla spu\u0161t\u011bna v r\u00e1mci test\u016f na Slovensku. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"576\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/09\/P_20230313_091746_SRES-1024x576.jpg\" alt=\"\" class=\"wp-image-277348 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/09\/P_20230313_091746_SRES-1024x576.jpg 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/09\/P_20230313_091746_SRES-300x169.jpg 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/09\/P_20230313_091746_SRES-768x432.jpg 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/09\/P_20230313_091746_SRES-1536x864.jpg 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/09\/P_20230313_091746_SRES-scaled.jpg 2048w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/576;\" \/><figcaption class=\"wp-element-caption\">Testovac\u00ed ARM server od HPE.<\/figcaption><\/figure>\n\n\n\n<p>Co se t\u00fdk\u00e1 druhu \u00fatok\u016f, tak L7 DDoS \u00fatok HTTP\/2 Rapid Reset, kter\u00fd se objevuje od \u0159\u00edjna 2023, se stal b\u011b\u017enou sou\u010d\u00e1st\u00ed hlavn\u011b t\u011bch siln\u011bj\u0161\u00edch. <\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>L7 DDoS \u00fatok HTTP\/2 Rapid Reset<\/strong><\/p>\n\n\n\n<p>\u00datok \u201eHTTP\/2 rapid reset\u201c je specifick\u00fd typ kybernetick\u00e9ho \u00fatoku, kter\u00fd zneu\u017e\u00edv\u00e1 charakteristiky protokolu HTTP\/2. Tento protokol byl navr\u017een pro efektivn\u011bj\u0161\u00ed a rychlej\u0161\u00ed p\u0159enos dat ve srovn\u00e1n\u00ed s jeho p\u0159edch\u016fdcem HTTP\/1.1, d\u00edky pou\u017eit\u00ed technik jako multiplexov\u00e1n\u00ed po\u017eadavk\u016f, komprese hlavi\u010dek a jin\u00fdch vylep\u0161en\u00ed.<\/p>\n\n\n\n<p>Kl\u00ed\u010dov\u00e9 aspekty \u00fatoku \u201eHTTP\/2 rapid reset\u201c jsou:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Zneu\u017eit\u00ed stream\u016f a multiplexov\u00e1n\u00ed<\/strong>: HTTP\/2 umo\u017e\u0148uje multiplexov\u00e1n\u00ed, co\u017e znamen\u00e1, \u017ee v\u00edce po\u017eadavk\u016f m\u016f\u017ee b\u00fdt pos\u00edl\u00e1no sou\u010dasn\u011b p\u0159es jedno TCP spojen\u00ed. \u00dato\u010dn\u00edk zneu\u017e\u00edv\u00e1 tuto funkci t\u00edm, \u017ee rychle otev\u00edr\u00e1 a zav\u00edr\u00e1 velk\u00e9 mno\u017estv\u00ed stream\u016f.<\/li>\n\n\n\n<li><strong>Z\u00e1t\u011b\u017e na servery<\/strong>: Toto chov\u00e1n\u00ed m\u016f\u017ee zp\u016fsobit zna\u010dnou z\u00e1t\u011b\u017e na serveru. Server se sna\u017e\u00ed spravovat a udr\u017eovat mnoho otev\u0159en\u00fdch stream\u016f, co\u017e vy\u017eaduje v\u00fdpo\u010detn\u00ed v\u00fdkon a pam\u011b\u0165. Pokud je tento \u00fatok prov\u00e1d\u011bn intenzivn\u011b a po del\u0161\u00ed dobu, m\u016f\u017ee doj\u00edt k vy\u010derp\u00e1n\u00ed syst\u00e9mov\u00fdch zdroj\u016f serveru.<\/li>\n\n\n\n<li><strong>Resetov\u00e1n\u00ed stream\u016f<\/strong>: \u00dato\u010dn\u00edk po otev\u0159en\u00ed streamu po\u0161le r\u00e1mcov\u00fd sign\u00e1l RESET, kter\u00fd n\u00e1sledn\u011b donut\u00ed server k uzav\u0159en\u00ed dan\u00e9ho streamu. Opakovan\u00e9 vys\u00edl\u00e1n\u00ed t\u011bchto sign\u00e1l\u016f v rychl\u00e9m sledu m\u016f\u017ee zp\u016fsobit, \u017ee server se stane p\u0159et\u00ed\u017een\u00fdm a nedostupn\u00fdm pro legitimn\u00ed u\u017eivatele.<\/li>\n\n\n\n<li><strong>Obt\u00ed\u017en\u00e1 detekce<\/strong>: \u00datoky tohoto typu mohou b\u00fdt obt\u00ed\u017en\u011b detekovateln\u00e9, proto\u017ee se na prvn\u00ed pohled mohou jevit jako b\u011b\u017en\u00e1 komunikace podle protokolu HTTP\/2. To vy\u017eaduje pokro\u010dil\u00e9 monitorovac\u00ed a bezpe\u010dnostn\u00ed n\u00e1stroje schopn\u00e9 rozpoznat anom\u00e1ln\u00ed vzorce v r\u00e1mci HTTP\/2 komunikace.<\/li>\n\n\n\n<li><strong>C\u00edl \u00fatoku<\/strong>: Tento \u00fatok je obvykle zam\u011b\u0159en na webov\u00e9 servery a aplikace, kter\u00e9 pou\u017e\u00edvaj\u00ed HTTP\/2, a jeho c\u00edlem je vyvolat DoS (Denial of Service) stav, kdy server nen\u00ed schopen zpracov\u00e1vat dal\u0161\u00ed legitimn\u00ed po\u017eadavky.<\/li>\n<\/ul>\n\n\n\n<p>Vzhledem k tomu, \u017ee HTTP\/2 je \u0161iroce pou\u017e\u00edv\u00e1n v modern\u00edch webov\u00fdch aplikac\u00edch, je d\u016fle\u017eit\u00e9, aby byla infrastruktura vybavena odpov\u00eddaj\u00edc\u00edmi bezpe\u010dnostn\u00edmi mechanismy pro detekci a zm\u00edrn\u011bn\u00ed takov\u00fdchto \u00fatok\u016f.<\/p>\n\n\n\n<p>Anebo m\u016f\u017eete pou\u017e\u00edt WEDOS Global Protection. WEDOS Global Protection funguje jako reverzn\u00ed proxy, co\u017e znamen\u00e1, \u017ee ve\u0161ker\u00fd vstupn\u00ed provoz proch\u00e1z\u00ed p\u0159es infrastrukturu p\u0159ed dosa\u017een\u00edm c\u00edlov\u00e9ho serveru. Tato architektura umo\u017e\u0148uje efektivn\u011bj\u0161\u00ed filtrov\u00e1n\u00ed a anal\u00fdzu provozu, co\u017e je kl\u00ed\u010dov\u00e9 pro odhalen\u00ed a zastaven\u00ed \u201eHTTP\/2 rapid reset\u201c \u00fatok\u016f. Z\u00e1kazn\u00edk tak nemus\u00ed \u0159e\u0161it v podstat\u011b nic.<\/p>\n<\/div><\/div>\n\n\n\n<p>Co se t\u00fdk\u00e1 dal\u0161\u00edch L7 \u00fatok\u016f, tak v prosinci byl dominantn\u00ed pouze HTTP flood, c\u00edl\u00edc\u00ed na hlavn\u00ed str\u00e1nku. Ubyl trend parametrick\u00fdch \u00fatok\u016f, kde se sna\u017e\u00ed \u00fato\u010dn\u00edk obch\u00e1zet cache. <\/p>\n\n\n\n<p>Evidujeme tak\u00e9 velk\u00fd pokles \u00fatok\u016f blokovan\u00fdch na WAF (brute force \u00fatoky, hled\u00e1n\u00ed zranitelnost\u00ed atd.). Celkem jich WAF zablokoval <strong>23&nbsp;858&nbsp;935<\/strong>. Co\u017e je v pr\u016fm\u011bru <strong>3 036<\/strong> na chr\u00e1n\u011bnou dom\u00e9nu. Nicm\u00e9n\u011b na v\u011bt\u0161in\u011b dom\u00e9n z\u00e1kazn\u00edci provozuj\u00ed redak\u010dn\u00ed syst\u00e9m WordPress, pro kter\u00fd m\u00e1me tak\u00e9 vytvo\u0159enou speci\u00e1ln\u00ed \u0161ablonu ochran, kter\u00e1 vych\u00e1z\u00ed z toho, jak WordPress funguje. <\/p>\n\n\n\n<p>V\u00fd\u0161e uveden\u00e1 \u010d\u00edsla by mohla b\u00fdt daleko vy\u0161\u0161\u00ed, ale poda\u0159ilo se n\u00e1m identifikovat v prosinci n\u011bkolik nov\u00fdch botnet\u016f, kter\u00e9 jsme za\u010dali blokovat na blacklistech. Toto se n\u00e1m da\u0159\u00ed d\u00edky <a href=\"https:\/\/blog.wedos.com\/cs\/jak-vyuzivame-agregaci-dat-k-hledani-utoku\" data-type=\"post\" data-id=\"299300\">agregaci dat<\/a> ze stovek tis\u00edc web\u016f, kter\u00e9 u n\u00e1s hostuj\u00ed. I kdy\u017e se botnet sna\u017e\u00ed b\u00fdt nen\u00e1padn\u00fd, tak v takov\u00e9mto objemu na sebe prost\u011b upozorn\u00ed a kdy\u017e se na n\u011bj detailn\u011b zam\u011b\u0159\u00edme, tak jej snadn\u011bji identifikujeme. \u010casto je to v dob\u011b, kdy teprve zkou\u0161\u00ed nen\u00e1padn\u011b zranitelnosti a sna\u017e\u00ed se roz\u0161\u00ed\u0159it. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">L3\/L4<\/h3>\n\n\n\n<p>Na\u0161i z\u00e1kazn\u00edci jsou samoz\u0159ejm\u011b tak\u00e9 pod klasick\u00fdmi L3\/L4 DDoS \u00fatoky. Nicm\u00e9n\u011b ve v\u011bt\u0161in\u011b p\u0159\u00edpad\u016f to nestoj\u00ed za \u0159e\u010d. Prosinec byl obzvl\u00e1\u0161t\u011b nudn\u00fd. Na\u0161e ochrany jsou stav\u011bny na \u00fatoky ve stovk\u00e1ch Gbps. V\u0161e, co je pod 10 Gbps, ani nepos\u00edl\u00e1 notifikaci technik\u016fm. V\u0161e \u0159e\u0161\u00ed automaty.<\/p>\n\n\n\n<p>V prosinci m\u011bl nejsiln\u011bj\u0161\u00ed \u00fatok ve \u0161pi\u010dce pouze 6 Gbps a 1,5 milion\u016f paket\u016f za vte\u0159inu. Sm\u011b\u0159oval na server s webhostingy. U L3\/L4 v\u011bt\u0161inou nev\u00edme, kdo je c\u00edlem. <\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co jsou L3\/L4 \u00fatoky?<\/strong><\/p>\n\n\n\n<p>DDoS \u00fatoky na L3 a L4 vrstv\u011b se zam\u011b\u0159uj\u00ed na s\u00ed\u0165ovou a transportn\u00ed vrstvu a vyu\u017e\u00edvaj\u00ed r\u016fzn\u00e9 techniky, jak zahlcovat c\u00edlov\u00e9 servery nebo za\u0159\u00edzen\u00ed.<br><br>S\u00ed\u0165ov\u00e1 vrstva (L3) &#8211; zaji\u0161\u0165uje sm\u011brov\u00e1n\u00ed dat mezi r\u016fzn\u00fdmi s\u00edt\u011bmi pomoc\u00ed logick\u00fdch adres (IP).<br><br>Transportn\u00ed vrstva (L4) &#8211; zaji\u0161\u0165uje spolehliv\u00fd a \u0159\u00edzen\u00fd p\u0159enos dat mezi koncov\u00fdmi body pomoc\u00ed protokol\u016f jako TCP nebo UDP.<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Nejsiln\u011bj\u0161\u00ed L7 DDoS \u00fatoky<\/h3>\n\n\n\n<p>Ka\u017ed\u00fd m\u011bs\u00edc pro v\u00e1s p\u0159ipravujeme seznam nejsiln\u011bj\u0161\u00edch a zaj\u00edmav\u00fdch DDoS \u00fatok\u016f p\u0159es L7. Pracujeme pouze s po\u017eadavky, kter\u00e9 projdou a\u017e k WAF, tedy p\u0159es blacklisty a \u0159adu dal\u0161\u00edch ochran. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. \u00datok na e-shop &#8211; 2,3 M po\u017eadavk\u016f ve \u0161pi\u010dce <\/h4>\n\n\n\n<p>Za\u010d\u00e1tkem prosince byly pod palbou DDoS \u00fatok\u016f hlavn\u011b e-shopy. V\u011bt\u0161inou se jednalo o kr\u00e1tk\u00e9 \u00fatoky, kter\u00e9 m\u011bly za c\u00edl aktivovat ochrann\u00e9 mechanismy u poskytovatel\u016f e-commerce \u0159e\u0161en\u00ed. \u00dato\u010dn\u00edci toti\u017e zjistili, \u017ee nap\u0159\u00edklad u jednoho z provozovatel\u016f sta\u010d\u00ed vy\u0161\u0161\u00ed stovky po\u017eadavk\u016f za vte\u0159inu a vypne cel\u00fd e-shop na hodinu, aby ochr\u00e1nil ostatn\u00ed sv\u00e9 z\u00e1kazn\u00edky. <\/p>\n\n\n\n<p>Dole je uk\u00e1zka takov\u00e9ho \u00fatoku. Trval celkem minutu a p\u016fl, za kterou \u00fato\u010dn\u00edk poslal 3,4 M po\u017eadavk\u016f z 1 038 unik\u00e1tn\u00edch IP adres. Ve \u0161pi\u010dce to bylo 2,3 M za minutu, co\u017e byl i prosincov\u00fd rekord. Slu\u0161n\u00e1 \u010d\u00edsla, ale pro WEDOS Global Protection \u017e\u00e1dn\u00fd probl\u00e9m.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231203-utok-na-eshop.png\"><img decoding=\"async\" width=\"1024\" height=\"448\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231203-utok-na-eshop-1024x448.png\" alt=\"\" class=\"wp-image-505832 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231203-utok-na-eshop-1024x448.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231203-utok-na-eshop-300x131.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231203-utok-na-eshop-768x336.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231203-utok-na-eshop-1536x673.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231203-utok-na-eshop.png 1829w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/448;\" \/><\/a><\/figure>\n\n\n\n<p>Sna\u017e\u00edme se zji\u0161\u0165ovat, jak\u00fd poskytovatel e-commerce anebo CMS \u0159e\u0161en\u00ed m\u00e1 jak\u00e9 limity. Z na\u0161\u00ed strany um\u00edme aplikovat pojistku, kter\u00e1 zabr\u00e1n\u00ed, aby byl tento limit p\u0159ekro\u010den. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2. \u00datok na wedos.com &#8211; 2,2 M po\u017eadavk\u016f ve \u0161pi\u010dce <\/h4>\n\n\n\n<p>Snad v\u017edy, kdy\u017e spust\u00edme n\u011bjakou v\u011bt\u0161\u00ed reklamn\u00ed kampa\u0148, tak n\u00e1s n\u011bkdo obdaruje DDoS \u00fatokem. Nejinak tomu bylo u velk\u00e9 v\u00e1no\u010dn\u00ed akce, d\u00edky kter\u00e9 jste mohli z\u00edskat nov\u00e9 slu\u017eby s velkou slevou, anebo prodlou\u017eit ty st\u00e1vaj\u00edc\u00ed s bonusem za v\u011brnost. <\/p>\n\n\n\n<p>Tento \u00fatok n\u00e1s velice pot\u011b\u0161il, proto\u017ee zrovna kolegov\u00e9 testovali ARM server, jestli zvl\u00e1dne cel\u00fd provoz lokality Hlubok\u00e1 nad Vltavou &#8211; DC2, kde to norm\u00e1ln\u011b odbavuje 2x HPE Moonshot 1500 s 90 fyzick\u00fdmi servery. Na grafu n\u00ed\u017ee je tento ARM server jako <em>anycast29-arm Hluboka-dc2<\/em>.<\/p>\n\n\n\n<p>\u00datok m\u011bl ve \u0161pi\u010dce s\u00edlu 2,2 M po\u017eadavk\u016f za minutu, \u0161el z 207 UIP a celkem \u00fato\u010dn\u00edci poslali 7,6 M po\u017eadavk\u016f za necel\u00fdch 6 minut. Obe\u0161lo se to bez probl\u00e9m\u016f. A reakce koleg\u016f: \u201eKdybys to nenapsal, tak o tom nev\u00edme.\u201c<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos.png\"><img decoding=\"async\" width=\"1024\" height=\"447\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-1024x447.png\" alt=\"\" class=\"wp-image-505859 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-1024x447.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-300x131.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-768x335.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-1536x670.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos.png 1827w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/447;\" \/><\/a><\/figure>\n\n\n\n<p>Co se t\u00fdk\u00e1 v\u00fdkonu, tak na CPU to zanechalo n\u00e1sleduj\u00edc\u00ed \u201ezub\u201c. \u00datok nen\u00ed tak n\u00e1ro\u010dn\u00fd jako b\u011b\u017en\u00fd provoz. V\u011bt\u0161inu v\u00fdkonu nav\u00edc \u201ese\u017eere\u201c logov\u00e1n\u00ed dat.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"330\" height=\"265\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-cpu.png\" alt=\"\" class=\"wp-image-505880 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-cpu.png 330w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231220-utok-na-wedos-cpu-300x241.png 300w\" data-sizes=\"(max-width: 330px) 100vw, 330px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 330px; --smush-placeholder-aspect-ratio: 330\/265;\" \/><figcaption class=\"wp-element-caption\">ARM server se musel vypo\u0159\u00e1dat s \u00fatokem.<\/figcaption><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\">3. \u00datok na e-shop &#8211; 2 M ve \u0161pi\u010dce z 2 220 UIP<\/h4>\n\n\n\n<p>Dal\u0161\u00ed z p\u0159edv\u00e1no\u010dn\u00edch \u00fatok\u016f na e-shopy. Tentokr\u00e1t \u00fato\u010dn\u00edk pochopil, \u017ee do samotn\u00e9ho webu nem\u00e1 cenu j\u00edt, a tak zkusil administraci. Na prvn\u00ed pohled to vypadalo jako pokus obej\u00edt cachov\u00e1n\u00ed, p\u0159\u00edpadn\u011b naj\u00edt n\u011bjak\u00fd n\u00e1ro\u010dn\u011bj\u0161\u00ed skript a ten volat pomoc\u00ed r\u016fzn\u00fdch parametr\u016f. <\/p>\n\n\n\n<p>Bylo to pozd\u011b v noci, tak\u017ee sp\u00ed\u0161e n\u011bjak\u00fd test. Tomu by nasv\u011bd\u010dovala i v\u011bt\u0161\u00ed d\u00e9lka a zkou\u0161en\u00ed r\u016fzn\u00fdch metod, jak obej\u00edt ochranu. Za t\u011bch zhruba 20 minut \u00fato\u010dn\u00edk poslal 14 milion\u016f po\u017eadavk\u016f z 2 220 UIP, kde ve \u0161pi\u010dce to bylo a\u017e 2 M po\u017eadavk\u016f za minutu.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"449\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231212-utok-na-eshop-1024x449.png\" alt=\"\" class=\"wp-image-505901 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231212-utok-na-eshop-1024x449.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231212-utok-na-eshop-300x132.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231212-utok-na-eshop-768x337.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231212-utok-na-eshop-1536x674.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2024\/01\/20231212-utok-na-eshop.png 1825w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/449;\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>V prosinci jsme nenarazili na \u017e\u00e1dn\u00fd \u00fatok, kter\u00fd by n\u011bjak v\u00fdrazn\u011bji vy\u010dn\u00edval nebo byl jinak zaj\u00edmav\u00fd. Zaj\u00edmav\u00e9 jsou \u00fatoky na ministerstva (government) obecn\u011b. Zat\u00edmco v\u011bt\u0161ina \u00fatok\u016f trv\u00e1 do 10 minut, tak tyto \u00fatoky jsou del\u0161\u00ed a intenzivn\u011bj\u0161\u00ed. Nicm\u00e9n\u011b v prosinci \u00fato\u010dn\u00edci nic mimo\u0159\u00e1dn\u00e9ho nevymysleli. Leden bude v tomto ohledu jist\u011b zaj\u00edmav\u011bj\u0161\u00ed. M\u00e1te se na co t\u011b\u0161it. \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zhruba v polovin\u011b prosince se zastavil po\u010det v\u00fdznamn\u00fdch \u00fatok\u016f na e-shopy. To jsou \u00fatoky p\u0159esahuj\u00edc\u00ed vy\u0161\u0161\u00ed stovky tis\u00edc po\u017eadavk\u016f za minutu na sedm\u00e9 (aplika\u010dn\u00ed) vrstv\u011b, p\u0159\u00edpadn\u011b veden\u00e9 z v\u00edce jak tis\u00edc unik\u00e1tn\u00edch IP adres. To n\u00e1s utvrdilo, \u017ee tento druh \u00fatok\u016f se st\u00e1v\u00e1 b\u011b\u017enou sou\u010d\u00e1st\u00ed konkuren\u010dn\u00edho boje v \u010cesku. Nicm\u00e9n\u011b prosinec nebyl v porovn\u00e1n\u00ed s &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blog.wedos.com\/cs\/waf-report-z-wedos-global-protection-za-prosinec-2023\" class=\"more-link\">Pokra\u010dovat ve \u010dten\u00ed<span class=\"screen-reader-text\"> &#8222;WAF report z WEDOS Global Protection za prosinec 2023&#8220;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":506143,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-504152","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/504152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=504152"}],"version-history":[{"count":8,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/504152\/revisions"}],"predecessor-version":[{"id":535448,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/504152\/revisions\/535448"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/506143"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=504152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=504152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=504152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}