To To Debian10 system, install nginx from the official source (the entire system only installs this software), SSH modifies the port plus only allows key login The entire system only open 80, 443, SSH high position, these three ports, no other open ports nginx sets limit_req to limit single IP access to only 1 time per second Place a 10KB static page under nginx The host has 1Tbps DDOS defense, 1G bandwidth port What are the weaknesses of the above configuration? How can it be hammered? Thank you brothers! <br>
-------------------------------------------- ---------
Netizens reply: To To There are so many fierce people on the forum. It’s incredible that 10k of g-port can be killed by http.
Netizen reply: To To So what, every time you visit your host, your machine assumes 1m concurrency?
Netizens reply: To To If the ssh version is not upgraded, there are loopholes Nginx vulnerability is not very clear
Netizen reply: To To Quote: 012 published on 2020-10-412:52 So what, every time you visit your host, your machine assumes 1m concurrency?
Netizens reply: To To Quote: fatal published on 2020-10-412:53 If the ssh version is not upgraded, there are loopholes Nginx vulnerability is not very clear
Netizen reply: To To It's useless, more than 100,000 CC requests, even if you put a text, you can blow up the CPU that is paralyzed by nginx
Netizen reply: To To Quote: Great God Published on 2020-10-412:58 It's useless, more than 100,000 CC requests, even if you put a text, you can blow up the CPU that is paralyzed by nginx
Netizen reply: To To Quote: hanhan7979 published on 2020-10-413:05 Thanks old iron If nginxlimit_req is set to limit the number of accesses per second for a single IP, will this 10KB static page still be hammered? ...
Netizens reply: To To Quote: hanhan7979 published on 2020-10-412:56 Not a domestic machine, 1Tbps DDOS defense, 1G bandwidth opening
Netizens reply: To To NGINX does not have the ability to discard attack IP traffic, so the system firewall must be called to blacklist the IP. NGINX is useless NGINX will still return 403
after discarding the IP. Netizen reply: To To Quote: hanhan7979 published on 2020-10-412:57 Is there a loophole in the ssh installed by default on debian10? The system has been apt-getupgradeed
Netizens reply: To To Quote: 012 published on 2020-10-413:07 I said your machine configuration is definitely not good, 1t anti-dd but not anti-cc, I cc your nginx blow up.
Netizens reply: To To Don't some hosting companies bring a firewall? It can be realized that SSH is usually turned off
Netizen reply: To To Quote: fatal published on 2020-10-413:11 Think simple, upgrade will not upgrade openssh, you have to manually compile it by yourself
Netizen reply: To To Quote: 34baidu published on 2020-10-413:25 LNMP has been deprecated, SSH configuration Fail2Ban
Netizens reply: To To Quote: tlanyan published on 2020-10-413:24 The weakness is that no one hits
Netizens reply: To To There are so many fierce people on the forum. It’s incredible that 10k of g-port can be killed by http.
Netizen reply: To To Quote: A cat published on 2020-10-414:00 Later, a boring person will bypass you and will promote you
Netizen reply: To To Quote: hanhan7979 published on 2020-10-413:12 Brother is terrible What is the approximate cost of shutting down a 1G server with only a 10KB static page on nginx? ...

Label: none