Skip to main content

How does the server distinguish the types of attacks?

As a server manager, whenever the server is down and cannot be accessed, it is necessary to check for failures and restore the server to operation as soon as possible. There are many reasons for the inaccessibility of the server. Simple system failures usually recover as soon as the system restarts. For more complex ones, such as system or application crashes, you must try to back up data and reinstall the system and programs; and more troublesome viruses Intrusion makes the server inaccessible. If it is impossible to compete for server authority or prevent data leakage, the only way to reinstall the system and reset the firewall is as soon as possible. The most troublesome thing is being attacked by traffic such as DDOS or CC. If the computer room is not defended, then the server can only return to normal after the attack stops. So when it is determined that the server is attacked and cannot be accessed, how to distinguish the attack type? Generally, after being attacked by traffic, the server will have the following situations.



1. The server connection is normal, but the website or program cannot be opened.


If the server connection is normal, it will not be attacked by a large traffic CC. At this point, you can check the server's task manager to check the server's CPU usage and network bandwidth usage.

If the W3wp.exe process occupies a lot of CPU, you can immediately confirm the CC attack. w3wp.exe is a process of IIS. If it is a dynamic site such as ASP/PHP, when it is attacked by CC, the w3wp.exe process may use a large amount of CPU to reach the server and the CPU cannot bear it. Of course, the website won't open.


For static sites, w3wp.exe does not use the CPU much. At this point, you can view the server's network bandwidth usage. This is because static sites can be directly returned to visitors without processing, so CPU is not used much. Of course, when subjected to a CC attack, a large number of static pages need to be returned, which will occupy the upstream bandwidth of the server. When subjected to a large number of CC attacks, the upstream bandwidth can reach 99-100%.


If one of these two symptoms occurs in the service, you may try to stop the server's IIS first. If the CPU or network bandwidth usage decreases immediately, it may soar immediately after starting IIS and be attacked by CC. Of course, the premise is that the server can still enter the management after being attacked. If the server cannot be logged in remotely, you can also log in through the KVM tool.


2. The server cannot be connected, and the website or program cannot be opened.


If the server is suddenly accessed and the website or program cannot be connected, you can also contact the computer room to ask the reason. The monitoring system of the computer room can display the bandwidth occupancy of all servers. If it is attacked by a large amount of traffic, the computer room will find abnormal traffic. If the server is not defended, in order to ensure the stability of the computer room network, the computer room will block the server's IP for a period of time. At this time, you can contact the computer room and request a screenshot of the traffic when it is attacked, so that you can know what kind of attack the server has suffered and how much attack traffic there is.


3. The server cannot be logged in, and the website or program can be opened, but the display is abnormal.


   If the website or program can be opened, but the display is abnormal, the server can be connected, but the remote login is not possible, it is very likely to be attacked by a virus at this time. Hackers use viruses to seize permissions, steal server data, and wreak havoc on the system and website programs. If they are not handled in time, they will cause irreversible damage to the server, and they can only reinstall the system. The general Trojan horse virus can be removed after restarting, but if it is a loophole in the website program itself, if it cannot be repaired, it will be difficult to prevent the next invasion even if the system is reinstalled and the security firewall is reset.

Comments

Popular posts from this blog

AMD's GPU technology enters the mobile phone chip market for the first time

In addition to the release of the Exynos2100 processor, Samsung also confirmed a major event at this Exynos event, that is, the custom GPU that they have worked with AMD for many years will soon appear and will be used on the next flagship machine. The current Exynos2100 processor uses ARM’s Mali-G78GPU core with a total of 14 cores, so the GPU architecture developed by Samsung will be the next Exynos processor, and the GPU will be the focus. This is probably the meaning of Exynos2100’s GPU stacking. The key reason. Dr. InyupKang, president of Samsung’s LSI business, confirmed that the next-generation mobile GPU in cooperation with AMD will be used in the next flagship product, but he did not specify which product. Samsung is not talking about the next-generation flagship but the next one, so it is very likely that a new Exynos processor will be available this year, either for the GalaxyNote21 series or the new generation of folding screen GalaxyZFold3. In 2019, AMD and Samsung reached

Apple and Intel want to join the game, what happened to the GPU market?

Intel recently announced that it will launch Xe-LP GPU at the end of this year, officially entering the independent GPU market, and will hand over to TSMC for foundry. At the 2020 WWDC held not long ago, Apple also revealed that it is possible to abandon AMD's GPU and use a self-developed solution based on the ARM architecture. It will launch a self-developed GPU next year. What happened to the GPU market? Why are the giants entering the game?    Massive data calls for high-performance GPU    Why has the demand for GPUs increased so rapidly in recent years? Because we are entering an era where everything needs to be visualized. Dai Shuyu, a partner of Aiwa (Beijing) Technology Co., Ltd., told a reporter from China Electronics News that visualization requires a large amount of graphics and image computing capabilities, and a large amount of high-performance image processing capabilities are required for both the cloud and the edge.    Aiwa (Beijing) Technology Co., Ltd. is an enterp

NVIDIA officially launches RTX 30 series mobile graphics cards

In the early morning of January 13, NVIDIA officially launched the RTX30 series of mobile graphics cards at the CES2021 exhibition. Ampere-based GPUs have also reached the mobile terminal, mainly including RTX3080, RTX3070 and RTX3060 models. In addition to improving game performance, the RTX30 series of mobile graphics cards have twice the energy efficiency of the previous generation, and support the third-generation Max-Q technology, mainly supporting DynamicBoost2.0 dynamic acceleration technology, WisperMode2.0 noise control, ResizableBAR (similar to AMD’s SAM technology) and DLSS. The third-generation Max-Q technology uses AI and new system optimization to make high-performance gaming laptops faster and more powerful than ever. These technologies include: ·DynamicBoost2.0: The CPU and GPU powers of traditional gaming notebooks are fixed, while games and creative applications are dynamic, and the requirements for the system will vary with the number of frames. With DynamicBoost2.0,