Businesses such as games, finance, and websites are the most vulnerable to attacks. If the server is attacked and enters a black hole, the server will automatically recover after 10 minutes. However, if there are continuous attacks, the black hole time will be extended, which will have a serious impact on the business.
When renting a server, we will consider how to solve the problem if the server is attacked? It's right to understand the server defense plan in advance,Server rack cabinet but it would be better if it could directly block overseas and UDP from the upper layer, so you don't have to worry about overseas attacks coming in.
1. Cut off the Internet
All attacks on the server originate from the network, so when the server is attacked, the first thing to do is to cut off the network.rack 42u On the one hand, it can cut off the source of attacks, and on the other hand, it can also protect other hosts on the network where the server is located.
2. Find the source of the attack
Based on your own experience and comprehensive judgment, you can find suspicious information and analyze suspicious programs by analyzing system logs or login log files. In addition to analyzing system logs, you can also install security software such as Tinder and Cloud Lock. It can monitor and scan files in real time,server rack server including HTTP protocol data, and intercept abnormal IP intrusions, violent attacks and other behaviors.
3. Back up data
When the server is attacked and the server is blocked, you should contact the service provider as soon as possible to communicate the solution. If you have not considered upgrading the protection, you can contact the service provider to see if you can unblock it first. After unblocking, go to the server to back up important data as soon as possible. At the same time, pay attention to whether there is an attack source in the data. If there is an attack source, delete the attack source completely first. , and then back up. Back up to cloud disk.
Don’t panic if you have backup files and are being chased. You can contact the service provider to open a machine with the same configuration to transfer, and then set up a CDN or a shield to hide the source IP.
4. Reinstall the system
When our server is attacked but we don’t want to change the server, we must redo the system to ensure that the source of the attack has been completely eliminated.
5. Fix program or system vulnerabilities
If a system vulnerability or program vulnerability has been discovered, the system vulnerability or program bug must be repaired in time.
By:Clement