{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"按照计划,一个月前的8月19日是国产游戏《半盏复古行》(以下简称“半盏”)的上线日期,该游戏由广州只玩科技有限公司(以下简称“只玩科技”)代理,但让只玩科技始料不及的是,游戏还未开服便遭到了有组织、有预谋的黑客攻击。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根据官方在TapTap社区发布的"},{"type":"link","attrs":{"href":"https:\/\/www.taptap.com\/topic\/19043033","title":"xxx","type":null},"content":[{"type":"text","text":"公告"}]},{"type":"text","text":"描述,从18号晚上开始,半盏就遭遇了黑客攻击。这些黑客用八十万个游客账号同时登录、扫描服务器接口等其他不同的手段,对服务器进行攻击。从19号凌晨开始,全体技术人员上阵,抵抗了一波又一波攻击。直到20日的01:55,在腾讯安全团队的帮助下,只玩科技升级了安全策略,才算是真正防住了攻击。20日晚上,才最终保证游戏稳定运行,顺利开服上线。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"InfoQ从只玩科技方面进一步了解到,在游戏上线之前,只玩科技有对一些常规的攻击做事前准备,包括做IP的黑名单、异常操作的限制、登录限制,同时也加大了服务器的集群,也备好了空的服务器以随时部署。但这次他们低估了黑客的攻击手段和准备的充分程度,因为这些防护也无法完全防备。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据悉,这次黑客针对半盏的攻击手法主要是CC攻击(Challenge Collapsar Attack,CC),这是一种是针对Web服务器或应用程序的攻击,利用获取信息的标准的GET\/POST请求,如请求涉及数据库操作的URI(Universal Resource Identifier)或其他消耗系统资源的URI,造成服务器资源耗尽,无法响应正常请求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而最令人“头痛”的是,黑客准备了大量的“正常用户”,无论是IP还是一些帐号注册情况都是跟正常用户没太大区别,难以区分。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在接到只玩科技方面的求助后,腾讯安全加入了这次防御战。腾讯云游戏行业高级架构师王睿指出,这次攻击的确与很多新游戏上线所遭受的常见的"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/article\/kk53lP176DViJh9VlKJx","title":"xxx","type":null},"content":[{"type":"text","text":"DDoS攻击"}]},{"type":"text","text":"(分布式拒绝服务)有所不同,"},{"type":"text","marks":[{"type":"strong"}],"text":"对方不是用大量的没有意义的流量去“打爆”带宽,而是从应用层面去模拟真实的玩家,然后向服务器发送请求。"},{"type":"text","text":"打个比方,游戏方的服务器当天准备了10万人的资源,但是事实上有几百万甚至上千万玩家同时去向服务器发送请求,而且那些玩家发送的请求其实不全是正常玩家发送的请求,而是会访问一些正常玩家很少访问到的接口,导致服务器资源占用量超过100%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"王睿首先跟只玩科技的相关负责人沟通和判断攻击类型,匹配相应的安全产品("},{"type":"link","attrs":{"href":"https:\/\/cloud.tencent.com\/product\/waf","title":"xxx","type":null},"content":[{"type":"text","text":"WAF产品"}]},{"type":"text","text":"),继而找到产品的相关同事加入,一同协作只玩科技去过滤正常玩家的流量、抓攻击的流量,再通过攻击的流量来分析用什么样的策略应对。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据悉,为了这次的防御战,腾讯方面组建了近20人的临时团队来协作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“但攻击还是一直在持续,因为游戏之前封测的时候,部分服务器IP被暴露了,攻击绕过了防火墙直接打到真实的服务器上。”由于情况比较紧急,王睿建议只玩科技更换真实服务器的IP,这样攻击的流量就打不过来,后面建议在整个架构上做一个收敛——真实的服务器的IP不要对外,要收敛到防火墙后面,这样一来攻击就无法绕过防火墙。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"这场历时30多个小时的拉锯战,对只玩科技来说无疑是一次惊心动魄的战斗,但也是中小型游戏厂商面临的共同安全问题的缩影:长期的游戏研发、有限的资金投入、不完善的安全防御意识和体系,让不少游戏在开服阶段就遭遇黑产攻击勒索。委曲求全还是宁为玉碎坚持抗争,始终是个不易的选择。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"对于中小游戏厂商在安全防护上的建议,王睿表示,如果在运维或者开发的过程,能有意识地去避免,比如做一些防御式编程,以及在运维部署的过程做一些最小权限的管理,做各种控制权限的事情,防止自己不必要的暴露,这些都是可以做到且不用花钱。“我认为作为游戏从业者,把经历放在内容制作上,当然是本职工作也是最重要的工作,但是做游戏内容的同时也要有安全防御的思想,无论是在开发还是部署运维的过程中,这样会给自己的公司省一大笔钱。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"游戏安全始终是一场没有终结的战斗。“不管游戏怎么发展,各行各业怎么发展,只要有利益在的地方一定就会有黑客盯着,因为这里面有获利的点。”腾讯安全产品研发总监董文辉亦建议,游戏厂商不仅要看未来,更要关注当下,因为防御是动态的,攻防也是动态的。需要在研发和运营阶段打下基础的安全能力,并建立起防御体系,配套一些开发安全规范和安全运维规范,就可以解决不少的问题。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"《半盏复古行》在TapTap社区所记录的反黑进度: "},{"type":"link","attrs":{"href":"https:\/\/www.taptap.com\/topic\/19043033","title":"","type":null},"content":[{"type":"text","text":"https:\/\/www.taptap.com\/topic\/19043033"}]}]}]}
完全低估黑客的攻击手段,这家新游还没开服就遭受有预谋的攻击
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"按照计划,一个月前的8月19日是国产游戏《半盏复古行》(以下简称“半盏”)的上线日期,该游戏由广州只玩科技有限公司(以下简称“只玩科技”)代理,但让只玩科技始料不及的是,游戏还未开服便遭到了有组织、有预谋的黑客攻击。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根据官方在TapTap社区发布的"},{"type":"link","attrs":{"href":"https:\/\/www.taptap.com\/topic\/19043033","title":"xxx","type":null},"content":[{"type":"text","text":"公告"}]},{"type":"text","text":"描述,从18号晚上开始,半盏就遭遇了黑客攻击。这些黑客用八十万个游客账号同时登录、扫描服务器接口等其他不同的手段,对服务器进行攻击。从19号凌晨开始,全体技术人员上阵,抵抗了一波又一波攻击。直到20日的01:55,在腾讯安全团队的帮助下,只玩科技升级了安全策略,才算是真正防住了攻击。20日晚上,才最终保证游戏稳定运行,顺利开服上线。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"InfoQ从只玩科技方面进一步了解到,在游戏上线之前,只玩科技有对一些常规的攻击做事前准备,包括做IP的黑名单、异常操作的限制、登录限制,同时也加大了服务器的集群,也备好了空的服务器以随时部署。但这次他们低估了黑客的攻击手段和准备的充分程度,因为这些防护也无法完全防备。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据悉,这次黑客针对半盏的攻击手法主要是CC攻击(Challenge Collapsar Attack,CC),这是一种是针对Web服务器或应用程序的攻击,利用获取信息的标准的GET\/POST请求,如请求涉及数据库操作的URI(Universal Resource Identifier)或其他消耗系统资源的URI,造成服务器资源耗尽,无法响应正常请求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而最令人“头痛”的是,黑客准备了大量的“正常用户”,无论是IP还是一些帐号注册情况都是跟正常用户没太大区别,难以区分。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在接到只玩科技方面的求助后,腾讯安全加入了这次防御战。腾讯云游戏行业高级架构师王睿指出,这次攻击的确与很多新游戏上线所遭受的常见的"},{"type":"link","attrs":{"href":"https:\/\/www.infoq.cn\/article\/kk53lP176DViJh9VlKJx","title":"xxx","type":null},"content":[{"type":"text","text":"DDoS攻击"}]},{"type":"text","text":"(分布式拒绝服务)有所不同,"},{"type":"text","marks":[{"type":"strong"}],"text":"对方不是用大量的没有意义的流量去“打爆”带宽,而是从应用层面去模拟真实的玩家,然后向服务器发送请求。"},{"type":"text","text":"打个比方,游戏方的服务器当天准备了10万人的资源,但是事实上有几百万甚至上千万玩家同时去向服务器发送请求,而且那些玩家发送的请求其实不全是正常玩家发送的请求,而是会访问一些正常玩家很少访问到的接口,导致服务器资源占用量超过100%。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"王睿首先跟只玩科技的相关负责人沟通和判断攻击类型,匹配相应的安全产品("},{"type":"link","attrs":{"href":"https:\/\/cloud.tencent.com\/product\/waf","title":"xxx","type":null},"content":[{"type":"text","text":"WAF产品"}]},{"type":"text","text":"),继而找到产品的相关同事加入,一同协作只玩科技去过滤正常玩家的流量、抓攻击的流量,再通过攻击的流量来分析用什么样的策略应对。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"据悉,为了这次的防御战,腾讯方面组建了近20人的临时团队来协作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“但攻击还是一直在持续,因为游戏之前封测的时候,部分服务器IP被暴露了,攻击绕过了防火墙直接打到真实的服务器上。”由于情况比较紧急,王睿建议只玩科技更换真实服务器的IP,这样攻击的流量就打不过来,后面建议在整个架构上做一个收敛——真实的服务器的IP不要对外,要收敛到防火墙后面,这样一来攻击就无法绕过防火墙。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"这场历时30多个小时的拉锯战,对只玩科技来说无疑是一次惊心动魄的战斗,但也是中小型游戏厂商面临的共同安全问题的缩影:长期的游戏研发、有限的资金投入、不完善的安全防御意识和体系,让不少游戏在开服阶段就遭遇黑产攻击勒索。委曲求全还是宁为玉碎坚持抗争,始终是个不易的选择。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"对于中小游戏厂商在安全防护上的建议,王睿表示,如果在运维或者开发的过程,能有意识地去避免,比如做一些防御式编程,以及在运维部署的过程做一些最小权限的管理,做各种控制权限的事情,防止自己不必要的暴露,这些都是可以做到且不用花钱。“我认为作为游戏从业者,把经历放在内容制作上,当然是本职工作也是最重要的工作,但是做游戏内容的同时也要有安全防御的思想,无论是在开发还是部署运维的过程中,这样会给自己的公司省一大笔钱。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"游戏安全始终是一场没有终结的战斗。“不管游戏怎么发展,各行各业怎么发展,只要有利益在的地方一定就会有黑客盯着,因为这里面有获利的点。”腾讯安全产品研发总监董文辉亦建议,游戏厂商不仅要看未来,更要关注当下,因为防御是动态的,攻防也是动态的。需要在研发和运营阶段打下基础的安全能力,并建立起防御体系,配套一些开发安全规范和安全运维规范,就可以解决不少的问题。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"《半盏复古行》在TapTap社区所记录的反黑进度: "},{"type":"link","attrs":{"href":"https:\/\/www.taptap.com\/topic\/19043033","title":"","type":null},"content":[{"type":"text","text":"https:\/\/www.taptap.com\/topic\/19043033"}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章