{"id":54717,"date":"2021-01-12T19:46:56","date_gmt":"2021-01-12T18:46:56","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=54717"},"modified":"2022-02-08T09:57:45","modified_gmt":"2022-02-08T08:57:45","slug":"prichazi-vlna-novych-a-zakernych-utoku-a-wedos-je-na-ne-pripraveny","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/prichazi-vlna-novych-a-zakernych-utoku-a-wedos-je-na-ne-pripraveny","title":{"rendered":"P\u0159ich\u00e1z\u00ed vlna nov\u00fdch a z\u00e1ke\u0159n\u00fdch \u00fatok\u016f a WEDOS je na n\u011b p\u0159ipraven\u00fd"},"content":{"rendered":"<p>O na\u0161ich ochran\u00e1ch jsme toho napsali u\u017e hodn\u011b. Bez nich bychom tu u\u017e nebyli. Neust\u00e1le je zlep\u0161ujeme a sna\u017e\u00edme se b\u00fdt o krok nap\u0159ed. Pokrok, kter\u00fd jsme ud\u011blali minul\u00fd rok v\u0161ak byl opravdu v\u00fdznamn\u00fd a jak se uk\u00e1zalo koncem roku i velice d\u016fle\u017eit\u00fd.<\/p>\n<p><!--more--><\/p>\n<h3>Aktu\u00e1ln\u00ed stav ochran<\/h3>\n<p>V sou\u010dasn\u00e9 dob\u011b jsou chr\u00e1n\u011bny weby a na\u0161e infrastruktura 3 stupni ochran.<\/p>\n<ul>\n<li>DDoS ochrana &#8211; chr\u00e1n\u00ed hlavn\u011b p\u0159ed \u00fatoky hrubou silou<\/li>\n<li>IPS\/IDS ochrana &#8211; chytr\u00e1 ochrana, kter\u00e1 filtruje \u0161kodliv\u00fd s\u00ed\u0165ov\u00fd provoz<\/li>\n<li>SYN Filtr &#8211; robustn\u00ed ochrana, kter\u00e1 na z\u00e1klad\u011b pravidel z na\u0161ich log\u016f a dal\u0161\u00edch zdroj\u016f blokuje anebo omezuje probl\u00e9mov\u00fd provoz ze stovek tis\u00edc IP adres.<\/li>\n<\/ul>\n<p>K tomuto v\u0161emu je\u0161t\u011b m\u00e1me dal\u0161\u00ed stupe\u0148 ochrany, kter\u00fd je st\u00e1le ve v\u00fdvoji, kter\u00fd chr\u00e1n\u00ed z\u00e1kazn\u00edky p\u0159ed specifick\u00fdmi hrozbami. Bude sou\u010d\u00e1st\u00ed na\u0161eho WEDOS AnyCast \u0159e\u0161en\u00ed. V\u00fdhodou je velmi rychle nasazen\u00ed a mo\u017enost\u00a0 zav\u00e9st ochrann\u00e9 prvky jako je captcha z na\u0161\u00ed strany.<\/p>\n<p>V\u00edce o na\u0161ich ochran\u00e1ch se dozv\u00edte z p\u0159edn\u00e1\u0161ky na\u0161eho \u0161\u00e9fa na OpenAlt 2020.<\/p>\n<p><iframe title=\"Josef Grill: Jak chr\u00e1n\u00ed sv\u00e9 klienty nejen p\u0159ed DDoS \u00fatoky nejv\u011bt\u0161\u00ed hosting v \u010cR WEDOS\" width=\"525\" height=\"295\" data-src=\"https:\/\/www.youtube.com\/embed\/Iyy4HnpO0OE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe><\/p>\n<h3>Jak se nen\u00e1padn\u011b shazuje web<\/h3>\n<p>V listopadu jsme si v\u0161imli nov\u00e9ho zaj\u00edmav\u00e9ho \u00fatoku. Jedna organizace byla pod \u0161patn\u011b dohledateln\u00fdm \u00fatokem, m\u011bli servery jinde, a po\u017e\u00e1dali n\u00e1s o pomoc. Nab\u00eddli jsme jim nasazen\u00ed na\u0161\u00ed nov\u00e9 ochrany a pomohlo to.<\/p>\n<p>Detailn\u011b jsme to tehdy nemohli analyzovat, proto\u017ee jsme nem\u011bli logy (nem\u011bli jsme p\u0159\u00edstup do jejich serveru). Tak\u017ee jsme nasadili \u010dist\u011b na\u0161e nov\u00e9 \u0159e\u0161en\u00ed a najednou jsme jim zachr\u00e1nili &#8222;ko\u017eich&#8220;. Jejich e-shop jel a fungoval. Nav\u00edc to byla z\u00e1chrana ve velmi v\u00e1\u017en\u00e9 situaci (cel\u00e1 organizace zvykl\u00e1 na off-line prost\u0159ed\u00ed, najednou byla z\u00e1visl\u00e1 jen na p\u0159\u00edjmech z on-line) a nav\u00edc v p\u0159edv\u00e1no\u010dn\u00edm obdob\u00ed.<\/p>\n<p>To se v\u0161ak zm\u011bnilo v lednu, kdy se stal c\u00edlem podobn\u00e9ho \u00fatoku jeden z na\u0161ich z\u00e1kazn\u00edk\u016f na <a href=\"https:\/\/www.wedos.cz\/webhosting\" target=\"_blank\" rel=\"noopener\">webhostingu NoLimit<\/a>. Jeho web je je\u0161t\u011b na star\u0161\u00edch serverech, kter\u00e9 nemaj\u00ed k dispozici proxy a vyu\u017e\u00edvaj\u00ed pomalej\u0161\u00ed procesory. Jeho b\u011b\u017en\u00fd provoz kolem 60 &#8211; 100 tis\u00edc po\u017eadavk\u016f za hodinu v\u0161ak v pohod\u011b ut\u00e1hne. Jenom\u017ee pak najednou p\u0159i\u0161lo t\u011bch po\u017eadavk\u016f mnohon\u00e1sobn\u011b v\u00edce. Bylo to p\u0159es milion po\u017eadavk\u016f za 10 minut a ka\u017ed\u00fd byl z jin\u00e9 IP adresy a sm\u011b\u0159ovaly na r\u016fzn\u00e9 URL.<\/p>\n<p>Nejednalo se o podvr\u017een\u00e9 IP, ale o skute\u010dn\u00e9 po\u017eadavky z veden\u00fdch IP adres.\u00a0 V r\u00e1mci po\u017eadavk\u016f tam prob\u00edhala re\u00e1ln\u00e1 (a oboustrann\u00e1) komunikace.<\/p>\n<p>Tyto po\u017eadavky byly velice rovnom\u011brn\u011b rozlo\u017een\u00e9. B\u011bhem 4 hodinov\u00e9ho \u00fatoku ne\u0161lo z jedn\u00e9 IP adresy v\u00edce jak 600 po\u017eadavk\u016f na jednu dom\u00e9nu. V\u011bt\u0161inou se jednalo o ni\u017e\u0161\u00ed stovky. Z\u00e1rove\u0148 po\u017eadavky sm\u011brovaly na r\u016fzn\u00e9 str\u00e1nky. Ze v\u0161ech \u00fato\u010d\u00edc\u00edch IP adres b\u011bhem cel\u00e9ho \u00fatoku, jedna nenav\u0161t\u00edvila jednu str\u00e1nku v\u00edce ne\u017e 4x. Pr\u016fm\u011br byl 2 n\u00e1v\u0161t\u011bvy stejn\u00e9 str\u00e1nky za 4 hodiny z 1 IP adresy.<\/p>\n<p>P\u0159\u00edstupy z 1 IP vypadaly zhruba takto:<\/p>\n<p><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-03.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"aligncenter wp-image-54724 size-large lazyload\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-03-1024x579.png\" alt=\"\" width=\"525\" height=\"297\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-03-1024x579.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-03-300x170.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-03-768x435.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-03.png 1239w\" data-sizes=\"(max-width: 525px) 100vw, 525px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 525px; --smush-placeholder-aspect-ratio: 525\/297;\" \/><\/a><\/p>\n<p>Jednotliv\u00e9 IP adresy m\u011bly r\u016fzn\u00e9 prohl\u00ed\u017ee\u010de, opera\u010dn\u00ed syst\u00e9my a \u0161ly z po\u010d\u00edta\u010d\u016f i mobiln\u00edch telefon\u016f.<\/p>\n<p>Z tohoto chov\u00e1n\u00ed p\u0159edpokl\u00e1d\u00e1me, \u017ee se jednalo o napaden\u00e1 za\u0159\u00edzen\u00ed, kter\u00e9 byly sou\u010d\u00e1st\u00ed n\u011bjak\u00e9ho botnetu.<\/p>\n<p>Nejaktivn\u011bj\u0161\u00ed IP adresy, kter\u00e9 se \u00fatoku \u00fa\u010dastnily:<\/p>\n<table border=\"0\" frame=\"VOID\" rules=\"NONE\" cellspacing=\"0\"><colgroup> <col width=\"139\" \/> <col width=\"46\" \/> <col width=\"267\" \/><\/colgroup>\n<tbody>\n<tr>\n<td align=\"LEFT\" width=\"139\" height=\"17\">IP adresa<\/td>\n<td align=\"LEFT\" width=\"46\">Po\u010det<\/td>\n<td align=\"LEFT\" width=\"267\">ISP<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">222.135.231.178<\/td>\n<td align=\"RIGHT\">1297<\/td>\n<td align=\"LEFT\">JINAN Xinhaikeji Net Bar<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.186.28<\/td>\n<td align=\"RIGHT\">1234<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.183.9<\/td>\n<td align=\"RIGHT\">1202<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">112.48.9.38<\/td>\n<td align=\"RIGHT\">1099<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">61.240.226.52<\/td>\n<td align=\"RIGHT\">1090<\/td>\n<td align=\"LEFT\">China Unicom<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">112.48.9.18<\/td>\n<td align=\"RIGHT\">1049<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">112.48.9.53<\/td>\n<td align=\"RIGHT\">1003<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.191.98<\/td>\n<td align=\"RIGHT\">928<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.181.39<\/td>\n<td align=\"RIGHT\">926<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.189.18<\/td>\n<td align=\"RIGHT\">876<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.181.159<\/td>\n<td align=\"RIGHT\">869<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.184.89<\/td>\n<td align=\"RIGHT\">840<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.179.175<\/td>\n<td align=\"RIGHT\">837<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">112.48.9.91<\/td>\n<td align=\"RIGHT\">797<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">112.48.9.6<\/td>\n<td align=\"RIGHT\">796<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">222.135.230.133<\/td>\n<td align=\"RIGHT\">785<\/td>\n<td align=\"LEFT\">JINAN Xinhaikeji Net Bar<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.181.132<\/td>\n<td align=\"RIGHT\">775<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">112.48.9.86<\/td>\n<td align=\"RIGHT\">766<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">222.135.230.122<\/td>\n<td align=\"RIGHT\">748<\/td>\n<td align=\"LEFT\">JINAN Xinhaikeji Net Bar<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.179.110<\/td>\n<td align=\"RIGHT\">734<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>Z\u00e1kazn\u00edk pou\u017e\u00edval v\u00edce dom\u00e9n (jako aliasy). \u00dato\u010dn\u00edk si d\u00e1val pozor, aby u \u017e\u00e1dn\u00e9 dom\u00e9ny nep\u0159ekro\u010dil 600 p\u0159\u00edstup\u016f z 1 IP adresy b\u011bhem 4 hodin.<\/em><\/p>\n<p>Jak vid\u00edte v\u0161echny IP adresy \u0161ly z \u010d\u00ednsk\u00fdch s\u00edt\u00ed &#8211; v\u011bt\u0161inou mobiln\u00edch poskytovatel\u016f. Kdy\u017e si IP adresy seskup\u00edme podle \/16 tak u\u017e ten \u00fatok za\u010d\u00edn\u00e1 b\u00fdt v\u00edce vid\u011bt.<\/p>\n<p>Zde je seznam nejaktivn\u011bj\u0161\u00edch.<\/p>\n<table border=\"0\" frame=\"VOID\" rules=\"NONE\" cellspacing=\"0\"><colgroup> <col width=\"139\" \/> <col width=\"46\" \/> <col width=\"267\" \/><\/colgroup>\n<tbody>\n<tr>\n<td align=\"LEFT\" width=\"139\" height=\"17\">IP adresa<\/td>\n<td align=\"LEFT\" width=\"46\">Po\u010det<\/td>\n<td align=\"LEFT\" width=\"267\">ISP<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">119.116.0.0\/16<\/td>\n<td align=\"RIGHT\">78884<\/td>\n<td align=\"LEFT\">China Unicom Liaoning Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">112.48.0.0\/16<\/td>\n<td align=\"RIGHT\">65868<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">125.115.0.0\/16<\/td>\n<td align=\"RIGHT\">61714<\/td>\n<td align=\"LEFT\">CHINANET-ZJ Ningbo node network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">183.27.0.0\/16<\/td>\n<td align=\"RIGHT\">56818<\/td>\n<td align=\"LEFT\">CHINANET Guangdong province network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">220.175.0.0\/16<\/td>\n<td align=\"RIGHT\">48405<\/td>\n<td align=\"LEFT\">CHINANET jiangxi province network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">141.101.0.0\/16<\/td>\n<td align=\"RIGHT\">44912<\/td>\n<td align=\"LEFT\">WildPark Co (Ukraina)<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">218.68.0.0\/16<\/td>\n<td align=\"RIGHT\">40428<\/td>\n<td align=\"LEFT\">Tianjin Huaqing Trade Co., Ltd.<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">58.214.0.0\/16<\/td>\n<td align=\"RIGHT\">35946<\/td>\n<td align=\"LEFT\">Wuxi Jiangying Telecom Finance Dept<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">101.17.0.0\/16<\/td>\n<td align=\"RIGHT\">34244<\/td>\n<td align=\"LEFT\">China Unicom Hebei province network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">220.202.0.0\/16<\/td>\n<td align=\"RIGHT\">29725<\/td>\n<td align=\"LEFT\">China Unicom<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">125.123.0.0\/16<\/td>\n<td align=\"RIGHT\">27786<\/td>\n<td align=\"LEFT\">CHINANET-ZJ Jiaxing node network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">183.250.0.0\/16<\/td>\n<td align=\"RIGHT\">25516<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">150.255.0.0\/16<\/td>\n<td align=\"RIGHT\">24530<\/td>\n<td align=\"LEFT\">China Unicom Hainan province network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">113.121.0.0\/16<\/td>\n<td align=\"RIGHT\">23735<\/td>\n<td align=\"LEFT\">CHINANET SHANDONG PROVINCE NETWORK<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">118.79.0.0\/16<\/td>\n<td align=\"RIGHT\">22350<\/td>\n<td align=\"LEFT\">sxxz-erfenju-BAS (CHINA UNICOM China169 Backbone)<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">39.184.0.0\/16<\/td>\n<td align=\"RIGHT\">21851<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">39.181.0.0\/16<\/td>\n<td align=\"RIGHT\">21697<\/td>\n<td align=\"LEFT\">China Mobile Communications Corporation<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">221.197.0.0\/16<\/td>\n<td align=\"RIGHT\">19441<\/td>\n<td align=\"LEFT\">China Unicom Tianjin Province Network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">101.24.0.0\/16<\/td>\n<td align=\"RIGHT\">17570<\/td>\n<td align=\"LEFT\">China Unicom Hebei province network<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"17\">211.97.0.0\/16<\/td>\n<td align=\"RIGHT\">15672<\/td>\n<td align=\"LEFT\">China United Network Communications Corporation Limited<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Toto jsou \u010dist\u011b IP adresy, kter\u00e9 u\u017e dorazily na server a ten je zalogoval. N\u011bkter\u00e9 rozsahy byly &#8222;za\u0159\u00edznuty&#8220; v r\u00e1mci jin\u00fdch pravidel. Nicm\u00e9n\u011b jak si \u00fato\u010dn\u00edk d\u00e1val pozor, tak mnoha filtr\u016fm se vyhnul. Nutno podotknout, \u017ee IP adresy v t\u011bchto rozsaz\u00edch jsou ve v\u011bt\u0161in\u011b p\u0159\u00edpad\u016f \u010dist\u00e9 a na r\u016fzn\u00fdch blacklistech za posledn\u00ed rok nem\u011bly ani jedno hl\u00e1\u0161en\u00ed o \u00fatoku, co\u017e je pom\u011brn\u011b vz\u00e1cn\u00e9.<\/p>\n<p>Op\u011bt m\u016f\u017eeme spekulovat, \u017ee se jedn\u00e1 o n\u011bjak\u00fd nov\u00fd botnet.<\/p>\n<h3>A co to ud\u011blalo s webem na\u0161eho z\u00e1kazn\u00edka?<\/h3>\n<p>Na n\u00e1sleduj\u00edc\u00edm grafu je pr\u016fm\u011brn\u00e1 doba odpov\u011bdi serveru na po\u017eadavek. Vid\u00edte na n\u011bm celkem 3 \u00fatoky. Prvn\u00ed sm\u011b\u0159oval na dv\u011b jeho dom\u00e9ny. Kdy\u017e \u00fato\u010dn\u00edk zjistil, \u017ee jsme nasadili ochranu, tak si na\u0161el dal\u0161\u00ed dom\u00e9nu (alias) a pustil druh\u00fd \u00fatok na ni. V\u0161e v r\u00e1mci jednoho hostingu NoLimit. Tu jsme tak\u00e9 p\u0159idali do ochrany. T\u0159et\u00ed \u00fatok (trochu jin\u00fd) p\u0159i\u0161el v noci, ale u\u017e nenap\u00e1chal \u017e\u00e1dn\u00e9 \u0161kody. Z\u00e1kazn\u00edk m\u011bl n\u011bkolik des\u00edtek\u00a0 dom\u00e9n v r\u016fzn\u00fdch TLD a \u00fatok sm\u011b\u0159oval postupn\u011b na v\u0161echny.<\/p>\n<p><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-02.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"aligncenter size-large wp-image-54726 lazyload\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-02-1024x289.png\" alt=\"\" width=\"525\" height=\"148\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-02-1024x289.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-02-300x85.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-02-768x216.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-02-1536x433.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-02.png 1650w\" data-sizes=\"(max-width: 525px) 100vw, 525px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 525px; --smush-placeholder-aspect-ratio: 525\/148;\" \/><\/a><\/p>\n<p>Na n\u00e1sleduj\u00edc\u00edm grafu vid\u00edte, co to ud\u011blalo s jeho webem. Fialovou barvou jsou zn\u00e1zorn\u011bny chyby 503, kter\u00e9 se za\u010daly objevovat v d\u016fsledku vy\u010derp\u00e1n\u00ed PHP vl\u00e1ken. Jsou to jen logy ze serveru. Na ochran\u00e1ch ji\u017e v t\u00e9 dob\u011b prob\u00edhalo filtrov\u00e1n\u00ed dal\u0161\u00edch stovek tis\u00edc request\u016f.<\/p>\n<p><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-01.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"aligncenter size-large wp-image-54730 lazyload\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-01-1024x289.png\" alt=\"\" width=\"525\" height=\"148\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-01-1024x289.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-01-300x85.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-01-768x216.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-01.png 1270w\" data-sizes=\"(max-width: 525px) 100vw, 525px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 525px; --smush-placeholder-aspect-ratio: 525\/148;\" \/><\/a><\/p>\n<p>Na tomto grafu je vyfiltrovan\u00fd \u010dist\u011b provoz z \u010c\u00edny.<\/p>\n<p><a href=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-04.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"aligncenter size-large wp-image-54728 lazyload\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-04-1024x349.png\" alt=\"\" width=\"525\" height=\"179\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-04-1024x349.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-04-300x102.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-04-768x262.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2021\/01\/nasazeni-ochrany-20210103-04.png 1167w\" data-sizes=\"(max-width: 525px) 100vw, 525px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 525px; --smush-placeholder-aspect-ratio: 525\/179;\" \/><\/a><\/p>\n<h3>Jak jsme weby z\u00e1kazn\u00edka ochr\u00e1nili<\/h3>\n<p>V podstat\u011b nejd\u00e9le trvala komunikace a v\u0161e domluvit. Z\u00e1kazn\u00edk pro v\u011bt\u0161inu dom\u00e9n pou\u017e\u00edval na\u0161e DNS, tak\u017ee zde nasazen\u00ed ochrany z na\u0161\u00ed strany nebyl probl\u00e9m. Men\u0161\u00ed z\u00e1drhel je jen\u00a0 vygenerov\u00e1n\u00ed certifik\u00e1tu Let&#8217;s Encrypt. Na nic dal\u0161\u00edho se tam \u010dekat nemus\u00ed. Nasadit tuto ochranu um\u00edme hned. Nasazen\u00ed trvalo jednotky minut a do cca 30 minut se zm\u011bnily v\u0161echny z\u00e1znamy v DNS.\u00a0<\/p>\n<p>Z\u00e1kazn\u00edkovi jsme napsali SMS a e-mail s informac\u00ed, co se d\u011bje. N\u00e1sledn\u011b jsme s n\u00edm byli v kontaktu.\u00a0<\/p>\n<p>U z\u00e1kazn\u00edka jsme okam\u017eit\u011b nasadili pro provoz z \u010c\u00edny captchu. Ze statistik jsme se pozd\u011bji dozv\u011bd\u011bli, \u017ee pouze kolem 300 n\u00e1v\u0161t\u011bvn\u00edk\u016f captchu za cel\u00fd den od nasazen\u00ed vyplnilo. Ti se na str\u00e1nky norm\u00e1ln\u011b dostali. Zbytek byl zablokov\u00e1n na ochran\u011b.<\/p>\n<p>Kdy\u017e \u00fato\u010dn\u00edk zjistil, \u017ee hlavn\u00ed dom\u00e9ny jsou chr\u00e1n\u011bn\u00e9, zkusil to na dal\u0161\u00ed dom\u00e9ny je\u0161t\u011b v\u011bt\u0161\u00ed silou. Tak\u00a0 jsme tam postupn\u011b p\u0159idali v\u0161echny a byl klid.<\/p>\n<p>Do budoucna p\u016fjde chr\u00e1nit takto v\u0161echno na jedno kliknut\u00ed. Nebude t\u0159eba dokonce ani u n\u00e1s m\u00edt hosting anebo server. Bude sta\u010dit jen dom\u00e9na a DNS. Cena? Zat\u00edm nev\u00edme. Z\u00e1kladn\u00ed varianta by mohla b\u00fdt za 500 K\u010d\/m\u011bs\u00edc.<\/p>\n<h3>Kdy slu\u017eba bude k dispozici<\/h3>\n<p>Tato ochrana by m\u011bla b\u00fdt sou\u010d\u00e1st\u00ed WEDOS AnyCast, co\u017e je projekt, kter\u00fd je v podstat\u011b p\u0159ipraven\u00fd a vyzkou\u0161en\u00fd a \u010dek\u00e1 na t\u00fdm, kter\u00fd jej dot\u00e1hne do konce a integruje do na\u0161eho syst\u00e9mu.<\/p>\n<p>Samoz\u0159ejm\u011b ochrana v testovac\u00edm re\u017eimu jede u\u017e te\u010f. Pokud jste pod n\u011bjak\u00fdm zaj\u00edmav\u00fdm \u00fatokem, m\u016f\u017eete n\u00e1m napsat a my ji na v\u00e1s r\u00e1di otestujeme \ud83d\ude42<\/p>\n<h3>Z\u00e1v\u011br<\/h3>\n<p>Tento druh chytr\u00fdch \u00fatok\u016f v posledn\u00ed dob\u011b v\u00edd\u00e1me st\u00e1le \u010dast\u011bji. P\u0159ed p\u00e1r lety se \u00fato\u010dilo silou (Gbps anebo po\u010dtem paket\u016f). Sout\u011b\u017eilo se kolik kdo po\u0161le des\u00edtek nebo stovek Gbps&#8230; Na tohle funguje na\u0161e DDoS ochrana.<\/p>\n<p>Postupn\u011b se ale trend p\u0159esouval k chytr\u00fdm a z\u00e1ke\u0159n\u00fdm \u00fatok\u016fm, kter\u00e9 se \u0161patn\u011b detekuj\u00ed. N\u00e1s hodn\u011b chr\u00e1n\u00ed IDS\/IPS ochrana.\u00a0 Tohle je v\u0161ak nov\u00fd trend a\u00a0 aktu\u00e1ln\u00ed stav.\u00a0<\/p>\n<p>Podobn\u00e9 \u00fatoky ale nejdou jen z \u010c\u00edny. To bude sp\u00ed\u0161e specifikum dan\u00e9ho botnetu, kter\u00fd nov\u00e9 zombie po\u010d\u00edta\u010de\/mobily z\u00edsk\u00e1v\u00e1 c\u00edlen\u00fdm zp\u016fsobem (nap\u0159\u00edklad fale\u0161n\u00e9 aplikace c\u00edlen\u00e9 na ur\u010dit\u00fd trh). Minul\u00fd rok jsme t\u0159eba tento druh \u00fatoku vid\u011bli z Ruska.<\/p>\n<p>Je ot\u00e1zkou \u010dasu (sp\u00ed\u0161e pen\u011bz a kontakt\u016f \u00fato\u010dn\u00edka), kdy je uvid\u00edme celosv\u011btov\u011b. Na toto chceme b\u00fdt p\u0159ipraveni a na\u0161im z\u00e1kazn\u00edk\u016fm nab\u00eddnout pat\u0159i\u010dnou ochranu.<\/p>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>O na\u0161ich ochran\u00e1ch jsme toho napsali u\u017e hodn\u011b. Bez nich bychom tu u\u017e nebyli. Neust\u00e1le je zlep\u0161ujeme a sna\u017e\u00edme se b\u00fdt o krok nap\u0159ed. Pokrok, kter\u00fd jsme ud\u011blali minul\u00fd rok v\u0161ak byl opravdu v\u00fdznamn\u00fd a jak se uk\u00e1zalo koncem roku i velice d\u016fle\u017eit\u00fd.<\/p>\n","protected":false},"author":9,"featured_media":119,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[112],"tags":[23,149,122,182,69],"class_list":["post-54717","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-bezpecnost","tag-botnet","tag-ddos","tag-layer-7-attack","tag-utoky"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/54717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=54717"}],"version-history":[{"count":20,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/54717\/revisions"}],"predecessor-version":[{"id":54965,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/54717\/revisions\/54965"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/119"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=54717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=54717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=54717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}