One common category of DDoS attack is a SMS flooding attack. An SMS flooding attack occurs when a high volume of cellular SMS messages are sent to saturate and overload the website’s server.
Business is taking off. You are hiring new people, expanding your customer base and you have just bought a new work van to handle the recent spike in orders.
Purchasing the vehicle is a significant investment for your business, including the extra expenditure to brand the vehicle with your company logo.
But all week you’re beaming with delight at the sight of your company’s new vehicle; which doubles as a portable billboard for your company.
However, four days in you wake up to a nasty surprise. Overnight a local graffiti gang has vandalized and tagged the van in three different colors. The news only gets worst when you spot a crude artistic attempt to depict the male genitalia next to your logo. Having just spent a small fortune (from the company’s point of view) to invest in the new vehicle, this was the last thing you needed!
The cyber world is no different when it comes to malicious operators damaging company assets.
Distributed Denial of Service (DDoS) is one particular attack you want to avoid as a law-abiding netizen. DDoS attacks come in various shapes and sizes, and one common category of DDoS attack is a SMS flooding attack. An SMS flooding attack occurs when a high volume of cellular SMS messages are sent to saturate and overload the website’s server.
This leads to slow website server performance, soaring SMS registration verification charges and leaking of customer contact information.
For many websites, online users must provide their mobile phone number upon registration in order to validate their identity. Normally, users will click a button during the registration process to send a SMS message and a SMS message is sent to verify the user’s mobile phone number. However, if there are no defense policies protecting the SMS interface, attackers can leverage programs to send high frequency requests to the SMS interface.
1) SMS verification requests consume website CPU and memory which can lead to poor performance issues.
2) SMS charges soar!
3) Information of registered users can be leaked, and threaten the business’ reputation and customer base. Explanation: Users that later go to login or signup for an account and whose number has been already registered under a flood attack may be asked to verify their account via email. After adding their email contact details to the account, the hacking party then has access to their email details. The hacker can then sell email contact details to your competitors for precision marketing purposes.
SMS flooding can also be used in special circumstances to assist cybercriminal activities, such as account hacking and transferring money out of a compromised account. Flood attacks that generate thousands of SMS messages can be used to prevent the account owner from detecting a SMS notification of the fraudulent behaviour/transaction.
You can refer to Protect Your Website: How to Avoid SMS Traffic Flooding Attacks to follow the Screenshot and get more.
Alibaba Cloud PolarDB enables enterprises to scale up in minutes during the Double 11 Shopping Festival through the separation of storage and compute resources.
Whenever there's a large event, such as the Double 11 Shopping Festival or during the Spring Festival holiday season, large amounts of computing resources are required to support spikes in user traffic. To ensure smooth and stable operations of all services on Alibaba Cloud, Elastic Compute Service (ECS) servers and ApsaraDB for RDS databases need to cope with these peaks and fluctuations. Achieving this on a traditional cloud architecture is challenging, which is why Alibaba Cloud created PolarDB to provide minute-level elastic scaling for such scenarios.
Perhaps the greatest feature of Alibaba Cloud PolarDB is the separation of storage and compute resources. Specifically, the compute node (DB Engine) and the storage node (DB Store) are on different physical servers. All I/O operations that go to the storage device are network I/O operations. Some may ask about the network latency and performance. When comparing the latency comparison between using PolarFS to write three data block replicas to PolarStore over the network and writing one data block replica to a local SSD, the results are very close.
PolarDB's storage and compute separation architecture reduces storage costs, ensures high data consistency between the master and backup data, and prevents data loss. In addition, it has a huge advantage that it makes "elastic scaling" of the database extremely simple and convenient.
Elastic scaling is a major feature of the cloud that attracts many people to migrate their IT systems to the cloud. However, elastic scaling of the database has always been an industry pain point. Unlike ECS instances that purely provide computing services, database elastic scaling has the following difficulties:
Now, when the bottleneck is gone as a result of storage and compute separation, we can finally make new progress in the field of database elastic scaling by combining the architecture design of multiple nodes sharing the same data.
This tutorials covers how to install Concourse CI on an ECS instance installed with Ubuntu 16.04 and how to secure all traffic with SSL encryption.
Concourse CI is a modern, flexible continuous integration platform that allows developers to merge modified code into a shared repository multiple times. After each merge, automatic builds and tests are performed to detect problems in the code that helps the developers to find and resolve the errors quickly.
In this tutorial, we will learn how to install and encrypt Concourse CI on an Alibaba Cloud Elastic Compute Service (ECS) instance installed with Ubuntu 16.04.
To install and secure Concourse CI on an ECS instance, complete all of the following steps:
First, log on to the Alibaba Cloud ECS Console. Then, create a new ECS instance, choose Ubuntu 16.04 as the operating system and make sure it is with at least 2GB RAM. Next, connect to your ECS instance and log on as the root user.
After you log on to your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.
apt-get update -y
Concourse uses PostgreSQL to store its pipeline data. So you will need to install PostgreSQL server to your system. You can install it by using the following command:
japt-get install postgresql postgresql-contrib -y
This article discusses how to use cert-manager to deploy Istio custom ingress gateway and manage certificates.
Istio Gateway supports multiple custom ingress gateways. It opens a series of ports to host incoming connections at the edge of the grid, and can use different load balancers to isolate different ingress traffic flows. cert-manager can be used to obtain certificates by using any signature key pair stored in the Kubernetes Secret resource. This article provides instructions on the steps for manually creating a custom ingress gateway and how to use cert-manager to automatically configure certificates in the gateway.
CA Issuer does not automatically create and manage signature key pairs. The key pairs are either provided by the user or a new signature key pair for a self-signed CA is generated by a tool, such as OpenSSL. For example, you can generate keys and certificates of type x509 by using the following command:
j# Generate a CA private key
$ docker run -it -v $(pwd):/export frapsoft/openssl genrsa -out /export/ca.key 2048
# Create a self signed Certificate, valid for 10yrs with the 'signing' option set
$ docker run -it -v $(pwd):/export frapsoft/openssl req -x509 -new -nodes -key /export/ca.key -subj "/CN=${COMMON_NAME}" -days 3650 -reqexts v3_req -extensions v3_ca -out /export/ca.crt
These commands will output two files, which are the key and certificate of the ca.key and ca.crt signature key pair. If you already have your own key pair, you should name the private key and the certificate 'ca.key' and 'ca.crt' respectively.
We are going to create an Issuer that will use this key pair to generate signed certificates. To allow the Issuer to reference our key pair, we will store it in a Kubernetes Secret resource.
Issuers are namespace resources, so they can only reference secrets in their own namespaces. Therefore, we put the key pair into the same namespace as the Issuer. Of course, we could also create a ClusterIssuer, a cluster-scoped version of an Issuer.
The following command will create a Secret that contains a signature key pair in the default namespace:
jkubectl create secret tls ca-key-pair \
--cert=ca.crt \
--key=ca.key \
--namespace=default
Increased traffic, often results in a delayed response from web servers or even a halt in service. Load balancing lies in "sharing." When massive traffic is detected, the traffic is distributed to multiple servers to improve the external service capability of the website and avoid the impact of a single point failure. In this online course, we teach the basics of load balancing, principles and scenarios, and master cloud platform load balancing features and usage.
This course aims to help Alibaba Cloud users quickly understand Alibaba Cloud network products, so as to have the ability to select Alibaba Cloud Network services according to scenarios, to enable individual users or enterprise users to quickly understand cloud network technology.
Learn to use Alibaba Cloud's SLB to help your website to handle large bursts of traffic.
OBC SD-WAN (SDWAN) solutions makes a fast and easy way to construct a global private network and accelerates various SaaS applications. Customers are able to enjoy ultra-high speed, high quality data transmission service through the internet , MPLS or VPN.
Why is the actual billed network traffic different from the network traffic reported by the logging feature?
The network traffic reported by the logging feature reflects only the network traffic generated at the application layer. The network traffic that occurs at the network layer is 7% to 15% more than the reported network traffic. The extra network traffic may occur because of the following reasons:
Therefore, as an industry standard practice, an excess of 7% to 15% of the consumed network traffic is added to the total billable items. An average proportion of 10% is used for Alibaba Cloud Content Delivery Network (CDN).
Simple Application Server offers free monthly traffic packages. A traffic package is dedicated to a single instance. In most cases, the quota of a traffic package can meet data transmission requirements. A traffic package is reset on the first day of each month. After the traffic package is reset, the amount of used traffic will start from zero.
Note: Notifications will be sent to customers when the amount of traffic used in a package exceeds 50%, 80%, and 95%.
After a monthly traffic package is used up, the billing method is changed to pay-by-traffic. The charge incurred will be deducted from your account balance.Note: We recommend that you keep a sufficient balance in your account to ensure business continuity after a traffic package is depleted.
Alibaba Cloud Server Load Balancer (SLB) distributes traffic among multiple instances to improve the service capabilities of your applications. You can use SLB to prevent single point of failures (SPOFs) and improve the availability and the fault tolerance capability of your applications.
A scalable and high-performance content delivery service for accelerated distribution of content to users across the globe
2,599 posts | 764 followers
FollowAlibaba Clouder - December 2, 2016
Alibaba Clouder - June 28, 2020
Alibaba Clouder - December 23, 2020
Alibaba Clouder - March 19, 2021
Alibaba Cloud New Products - June 10, 2020
Alibaba Clouder - March 19, 2020
2,599 posts | 764 followers
FollowLearn More
A comprehensive DDoS protection for enterprise to intelligently defend sophisticated DDoS attacks, reduce business loss risks, and mitigate potential security threats.
Learn MoreMore Posts by Alibaba Clouder