日期:2014-05-20  浏览次数:20948 次

DDOS 和 CC攻击 防范方案
之前公司网站被DDOS攻击了(另一同事取了个别名叫流量攻击)
刚刚一个朋友的网站(还是个企业级的)也被这样攻击了 聊天中看出很无奈的样子
在这请问下各位有经验的朋友 想这样的DDOS和CC攻击如何防范?
防火墙?代码优化(缓存来存储重复的查询内容)、页面尽可能的使用静态?
限制IP(或IP段)?
服务器升级(这个开销有点大,对于一般网站有些浪费)

之前我也回答过别人的屏蔽来防止攻击,如
http://topic.csdn.net/u/20111116/17/01ed7821-cc2e-4775-abc1-17aa72d675ae.html

但这样的防范能防范多少呢?现在来看有没有有效的防范方案(开销不要无止境的那种)

这儿附上我之前做的一个根据IP拒绝访问的解决方案的部分代码(客户端记录访问,并根据黑白名单是否拒绝请求,服务端分析数据,入库等,并做成WINDOWS服务 ROMOTING通信):


C# code

/// <summary>
  /// 名 称:<br>
  /// </summary>
  /// <remarks>
  /// 版 本:1.0<br>
  /// 作 者:****<br>
  /// 创始时间:2011-5-20 17:00:02<br>
  /// 描 述:
  /// ----------修改记录------------<br>
  /// </remarks>
  public class WarningHttpModule : IHttpModule, IRequiresSessionState
  {
  protected static readonly ILog log = LogManager.GetLogger("*******");
  protected static Thread thread = null;
  protected static IVisitAnalysisHandle analysisHander = null;
  protected static VisitManager visitManager = VisitManager.GetInstance();
  private static object LockHelper = new object();

  static WarningHttpModule()
  {
  if (null == thread)
  {
  lock (LockHelper)
  {
  if (null == thread)
  {
  thread = new Thread(new ThreadStart(Process));
  thread.Start();
  }

  }
  }
  if (null == analysisHander)
  {
  lock (LockHelper)
  {
  if (null == analysisHander)
  {
  try
  {
  analysisHander = (IVisitAnalysisHandle)Activator.GetObject(typeof(IVisitAnalysisHandle), "tcp://127.0.0.1:6666/GNT");
  }
  catch (Exception ex)
  {

  throw new Exception("注册预警系统信道失败", ex); ;
  }
  }
  }
  }
  }

  private void Application_BeginRequest(object sender, EventArgs e)
  {

  HttpApplication application = (HttpApplication)sender;
  HttpContext context = application.Context;
  HttpRequest request = application.Request;
  HttpResponse response = application.Response;
  string url = request.RawUrl.ToLower(); //获取当前原始请求的url
  string ip = request.UserHostAddress;
  string extension = System.IO.Path.GetExtension(url).ToLower();
  //是需要检测的页面
  if (extension != ".aspx" && extension != ".asmx" && extension != ".ashx")
  { return; }

  //在白名单范围内
  if (visitManager.IsInWhiteListIP(ip))
  { return; }

  //添加到访问记录里面
  visitManager.AddRequest(DateTime.Now, ip, url);

  //如果是异常ip的请求页
  if (url == "/visitwarning.aspx")
  {
  string userCode = string.Empty;
  string sessionCode = string.Empty;
  if (request["AuthCode"] != null)
  {
  userCode = request["AuthCode"].ToString().ToLower();
  }
  if (HttpContext.Current.Session != null && HttpContext.Current.Session["visitwarningcode"] != null)
  {
  sessionCode = (context.Session["visitwarningcode"] as string).ToLower();
  }
  if (userCode == sessionCode && !string.IsNullOrEmpty(userCode))
  {
  visitManager.RemoveBlackListIP(ip);
  response.Redirect("/Index.aspx");
  }
  }
  else
  {
  //是否是黑名单
  if (visitManager.IsInBlackListIP(ip))
  {
  response.Redirect("/VisitWarning.aspx");
  }
  }
  }

  static void Process()
  {
  while (true)
  {
  try
  {
  //分析上一分钟的数据
  DateTime dt = DateTime.Now.AddMinutes(-1);
  Dictionary<string, Dictionary<string, int>> dic = visitManager.GetRequestRecord(dt);

  //清空数据
  visitManager.RemoveRequestRecord(dt);

  List<BlackIP> blackIP = analysisHander.AnalysisVisit(dic);

  foreach (BlackIP ip in blackIP)
  visitManager.AddBlackListIP(ip);
  }
  catch (ThreadAbortException tae)
  {
  Thread.ResetAbort();
  log.Error("预警系统线程异常!", tae);
  }
  catch (Exception ex)
  {
  log.Error("预警系统异常!", ex);
  }
  finally
  {
  Thread.Sleep(60 * 1000);
  }
  }
  }

  public void Init(HttpApplication application)
  {
  //之前拦截阶段
  //application.BeginRequest += new EventHandler(Application_BeginRequest);
  application.AcquireRequestState += new EventHandler(Application_BeginRequest);  
  }

  public void Dispose()
  { }
  }


黑名单类:
public class BlackListIP
  {
  public BlackListIP()
  {
  InitBlackListIP();
  }
  static object LockHelper = new object();
  List<BlackIP> ipList = new List<BlackIP>();

  /// <summary>
  /// 初始化黑名单ip
  /// </summary>
  /// <param name="ipList"></param>
  void InitBlackListIP()
  {
  //从数据库读取被名单数据并添加
  IBlackIpInfoBll blackIpInfoBll = BllFactory.GetBll<IBlackIpInfoBll>();
  List<BlackIpInfo> list = blackIpInfoBll.GetBlackIpInfoList(BlackIpState.Exception);
  foreach(BlackIpInfo blackIpInfo in list)
  {
  BlackIP blackIp = new BlackIP();
  blackIp.IP = blackIpInfo.BlackIp;
  blackIp.LimitedEndTime = blackIpInfo.LimitedEndTime == null ? DateTime.Now.AddMinutes(10) : DateTime.Parse(blackIpInfo.LimitedEndTime.ToString());

  ipList.Add(blackIp);
  }
   
  }

  /// <summary>
  /// 是否是黑名单ip
  /// </summary>
  /// <param name="ip"></param>
  /// <returns></returns>
  public bool IsInBlackListIP(string ip)
  {
  return ipList.Exists((b) => { return b.IP == ip && b.LimitedEndTime > DateTime.Now; });
  }

  /// <summary>
  /// 移除某个黑名单ip
  /// </summary>
  /// <param name="ip"></param>
  public void RemoveBlackListIP(string ip)
  {
  lock (LockHelper)
  ipList.RemoveAll((b) => { return b.IP == ip; });
  }

  /// <summary>
  /// 添加某个黑名单ip
  /// </summary>
  /// <param name="ip"></param>
  public void AddBlackListIP(BlackIP ip)
  {
  BlackIP blackIP = ipList.Find((b) => { return b.IP == ip.IP; });
  if (blackIP != null)
  {
  if (ip.LimitedEndTime > blackIP.LimitedEndTime)
  blackIP.LimitedEndTime = ip.LimitedEndTime;
  }
  else
  {
  lock (LockHelper)
  {
  ipList.Add(ip);
  }
  }
  }

  /// <summary>
  /// 获取所有黑名单ip
  /// </summary>
  /// <returns></returns>
  public List<BlackIP> GetAllBlackListIP()
  {
  List<BlackIP> list = new List<BlackIP>(ipList);
  return list;
  }
  }