Preface: On the dark and windy night of 2021/01/09, I opened the website as usual, and found that the comment mailbox reminded me to ring all of a sudden. It was full of comment reminders, and the text was quite consistent. I saw that the number of comments on the website started from 100, refreshed and became 200, and then became 500… “, realizing that this was a malicious swipe, rushed to leanCloud to disable the class application write permission, and then started scrambling to restore the status. Here still want to condemn the attacker, no matter for what purpose, it is very shameful, considering the domestic Internet environment itself is mixed, the quality of worry, also relieved, I will always have countermeasures. Here’s how you solved it, and a quick reconstruction review. The end result is that all the previous comments are imported back and everything is back to normal.

Malicious data brushing

At that time, the situation was relatively rapid and violent. I did not expect the screenshots, but I only remember that the peak data was brushed to 18.6K pieces, which was really terrible.

Disable Comment write permission in a timely manner

When receiving attacks, disable the Comment write permission in time. Perform the following operations: Structured Data > Comment > Permission > Default ACL permission > Write > Select Owner > Save

Remind everyone to make backups a habit

Fortunately, I had backup comments before receiving the attack. Operation: Import and export > Data Export > select “limited class” and then select “Comment” > click “Export”.

Create a quick review app

Here, because the number of my malicious comments is too large, and I can only select 100 for deletion at most, so I choose to directly discard and rebuild an application.

Create an

Click Create and set the app name.

The deployment of application

Set the deployment environment. Go to Cloud Engine > Deployment > Git Deployment > Enter github.com/DesertsP/Va… > Click Deploy

Configuring Email Reminders

To set the deployment environment, perform the following operations: Cloud Engine > Settings > Custom Environment Variables > Add Custom Environment Variables

  • Add custom environment variables

This section is self-added: reference linksDeserts. IO/valine – admi…

Add an anti-sleep function

Actions: Cloud Engine > Scheduled task > Create the two functions shown in the picture. Note that the parts marked in red are the selected function types and values

Restart the deployment

Finally, the new application is created.

Import backup comment data

Finally, import the comment JSON file you backed up before you can restore.

Note: Before there is a pit, you comment json file from the backup leancloud inside export, export to remember after open have a look at the data format, there is a problem, although the suffix is json file that’s right, but with the editor opens, found only one character object, not the json format, so I need to change.

Supported JSON formats such as: [{” “, “”}, {” “,” “}] Note: The class name is set to “Comment”.

Finally, all comments are successfully recovered

By the way, spam comment detection

Reference links:

Deserts. IO/valine – admi…

Notes. Zhangxiaocai. Cn/posts / 1 e514…

Bloggers here don’t want to do this, because trouble, attacks are inevitable, backup is king.