[{"data":1,"prerenderedAt":931},["ShallowReactive",2],{"\u002F2026\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration":3,"surround-\u002F2026\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration":920},{"id":4,"title":5,"body":6,"categories":892,"date":894,"description":895,"draft":896,"extension":897,"image":898,"meta":899,"navigation":901,"path":902,"permalink":903,"published":903,"readingTime":904,"recommend":909,"references":903,"seo":910,"sitemap":911,"stem":912,"tags":913,"type":918,"updated":894,"__hash__":919},"content\u002Fposts\u002F2026\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration.md","[复盘] 关于我的小博客遭遇了开站以来最大的一次攻击——20万请求、1Gbps峰值瞬发",{"type":7,"value":8,"toc":875},"minimark",[9,26,29,33,45,48,52,59,65,68,73,81,88,91,97,101,104,119,123,142,146,149,156,163,166,252,259,262,266,269,272,518,532,536,539,545,548,551,565,571,590,790,793,797,808,811,817,828,830,834,846,848,852,859,861,868],[10,11,12,13,17,18,21,22,25],"p",{},"本站建站之初坚持使用 ",[14,15,16],"strong",{},"静态 (Static)"," 架构，就是为了防这一手。\n你想啊，一个静态网站，没有数据库，没有后端计算。所有的攻击流量本质上都是打在 ",[14,19,20],{},"CDN 的边缘节点"," 上。\n换句话说，攻击者不是在打我，是在打 ",[14,23,24],{},"整个 CDN 厂商","。\n理论上这不仅难打死，而且没必要——毕竟静态站背后没有利益，纯粹是白打。",[10,27,28],{},"但我万万没想到，2026 年的第 3 天，真的有人花钱给我看了个赛博烟花。",[30,31,32],"h2",{"id":32},"起因",[10,34,35,36,40,41,44],{},"2026 年的第 3 天，原本以为是个平静的元旦假期，我照惯例优化了一下图床，把主站域名 ",[37,38,39],"code",{"code":39},"oowo.cc"," 迁移到 ",[37,42,43],{"code":43},"华为云"," 做根据地域的 Cloudflare 优选。",[10,46,47],{},"就在愉快的Coding时，Outlook弹出的通知打破了宁静。",[30,49,51],{"id":50},"第一章初现端倪","第一章：初现端倪",[10,53,54],{},[55,56],"img",{"alt":57,"src":58},"","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104202654346.png",[10,60,61,64],{},[14,62,63],{},"“Your site is growing!”","\n看到这条邮件时，我还在想：哇奥，博客流量见长啊？是不是哪篇文章火了？\n我一开始真没当回事，一直专心在调整手上的新DNS。",[10,66,67],{},"结果第二条出现了",[10,69,70],{},[55,71],{"alt":57,"src":72},"\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104202720202.png",[74,75,76],"blockquote",{},[10,77,78],{},[14,79,80],{},"Vercel Hobby Plan 的 100GB 流量已耗尽。",[10,82,83,84,87],{},"众所周知，Vercel 还是比较良心的，",[14,85,86],{},"但是到额之后不会立刻停机，通常可以跑到300%倍流量才会 Pause 项目","\n我心想：这得多大的流量才能瞬间秒杀 100G？",[10,89,90],{},"事实证明，我还是太年轻了。",[10,92,93,96],{},[55,94],{"alt":57,"src":95},"\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104202734694.png","\n很快啊，我很快就注意到这条 标题带Emoji的通知了。\n这时我意识到不对劲，于是就前往Vercel控制台看了一眼。",[30,98,100],{"id":99},"第二章被打死了","第二章：被打死了",[10,102,103],{},"好嘛，真是被刷了",[10,105,106,110,111,114,115,118],{},[55,107],{"alt":108,"src":109},"IMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104180545889.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104180545889.png","\n流量曲线不是“增长”，是",[14,112,113],{},"垂直起飞","。\n由于超出3倍允许用量，被 Vercel 直接给 ",[14,116,117],{},"pause","了。",[120,121,122],"h3",{"id":122},"看眼流量详细",[10,124,125,129,130,133,134,137,138,141],{},[55,126],{"alt":127,"src":128},"IMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104174017440.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104174017440.png","\n可以看到Vercel也是燃尽了，没配置过防火强，默认的流量明细内能看到Vercel被请求了",[14,131,132],{},"14.6 万"," 次请求。\n主要的攻击请求都被 Vercel 的防火强识别命中，命中的规则也是 ",[14,135,136],{},"DDoS Mitigation","，命中次数就到到了 ",[14,139,140],{},"15.9M","。\n但还是有不少漏网之鱼是真正打进去了，漏进来的 2% 足以致命。",[30,143,145],{"id":144},"第三章谁在打我","第三章：谁在打我？",[10,147,148],{},"我扒了一下日志，给我气笑了。",[10,150,151,152,155],{},"这些肉鸡没有去刷我的 HTML 首页，而是死盯着我的一张图片素材( ",[37,153,154],{"code":154},"\u002Fassets\u002Fhome\u002Fhome.png",")",[10,157,158,159,162],{},"没错，这张图片就是本站的 favicon，这张 favicon 是用于",[14,160,161],{},"交换友链","专用的站点 Logo 。",[10,164,165],{},"这张图片大小是十分标准的496KB，分辨率 1024x1024 的 png 图片。",[167,168,169,194],"table",{},[170,171,172],"thead",{},[173,174,175,179,182,185,188,191],"tr",{},[176,177,178],"th",{},"IP",[176,180,181],{},"纯净度",[176,183,184],{},"公共代理",[176,186,187],{},"代理类型",[176,189,190],{},"使用场景",[176,192,193],{},"ASN",[195,196,197,218,235],"tbody",{},[173,198,199,203,206,209,212,215],{},[200,201,202],"td",{},"20.80.217.164",[200,204,205],{},"17",[200,207,208],{},"是",[200,210,211],{},"匿名VPN服务",[200,213,214],{},"数据中心 | VPN | 云厂商",[200,216,217],{},"微软",[173,219,220,223,226,228,230,233],{},[200,221,222],{},"52.156.152.157",[200,224,225],{},"1",[200,227,208],{},[200,229,184],{},[200,231,232],{},"数据中心 | 公共代理 | 云厂商",[200,234,217],{},[173,236,237,240,243,245,247,249],{},[200,238,239],{},"48.222.214.47",[200,241,242],{},"32",[200,244,208],{},[200,246,184],{},[200,248,232],{},[200,250,251],{},"BHS",[10,253,254,255,258],{},"没有 Referer，没有浏览器特征，对着我的 Favicon 也就是那张 ",[37,256,257],{"code":257},"home.png"," 狂薅。",[10,260,261],{},"那你都打我了，我只能老实了。",[30,263,265],{"id":264},"第四章老实了你打我我跑就是了","第四章：老实了，你打我我跑就是了",[10,267,268],{},"既然都被打Vercel懵逼了的同时流量还很大，那就不得不迁移平台了，需要一个流量刷光不会被pause的平台，并且对中国大陆的访问不至于很炸裂的平台。",[10,270,271],{},"已经有的可以优先加速的平台就那么几个，既然这回被攻击之后，选平台就不能只看“好不好用”，得看“耐不耐操”。\n对于一个面向大陆访问、偶有 DDoS 风险的静态博客，各大平台的表现如下：",[167,273,274,297],{},[170,275,276],{},[173,277,278,282,285,288,291,294],{},[176,279,281],{"align":280},"left","平台",[176,283,284],{"align":280},"线路质量 (大陆)",[176,286,287],{"align":280},"底层\u002FCDN厂家",[176,289,290],{"align":280},"抗D能力",[176,292,293],{"align":280},"可选？",[176,295,296],{"align":280},"辣评",[195,298,299,327,351,373,397,416,443,470,492],{},[173,300,301,306,309,312,318,321],{},[200,302,303],{"align":280},[14,304,305],{},"Vercel",[200,307,308],{"align":280},"A",[200,310,311],{"align":280},"Amazon\u002FCF",[200,313,314,315],{"align":280},"⚠️ ",[14,316,317],{},"一般",[200,319,320],{"align":280},"❌",[200,322,323,326],{"align":280},[14,324,325],{},"本次受害者","。开发者体验满分，软限制，但是跑超了还得死",[173,328,329,334,337,340,346,348],{},[200,330,331],{"align":280},[14,332,333],{},"Netlify",[200,335,336],{"align":280},"B",[200,338,339],{"align":280},"Amazon\u002FFastly",[200,341,342,343],{"align":280},"💀 ",[14,344,345],{},"差",[200,347,320],{"align":280},[200,349,350],{"align":280},"CI\u002FCD是真好用，但是100G流量是硬限制，到了就死",[173,352,353,358,361,364,368,370],{},[200,354,355],{"align":280},[14,356,357],{},"Render",[200,359,360],{"align":280},"B-",[200,362,363],{"align":280},"Cloudflare",[200,365,314,366],{"align":280},[14,367,317],{},[200,369,320],{"align":280},[200,371,372],{"align":280},"Vercel 的平替，速度平平无奇。用来跑后端还行，静态博客没必要选它。100G限制，超了就停",[173,374,375,380,382,385,388,390],{},[200,376,377],{"align":280},[14,378,379],{},"Zeabur",[200,381,308],{"align":280},[200,383,384],{"align":280},"AWS\u002FGCP\u002F腾讯云\u002F火山云",[200,386,387],{"align":280},"💸按量计费",[200,389,320],{"align":280},[200,391,392,393,396],{"align":280},"国产之光，线路和体验极佳。但它是",[14,394,395],{},"按流量计费","的！遇到 DDoS 就是“一夜一套房”。",[173,398,399,404,406,409,411,413],{},[200,400,401],{"align":280},[14,402,403],{},"ClawCloud",[200,405,336],{"align":280},[200,407,408],{"align":280},"阿里云",[200,410,387],{"align":280},[200,412,320],{"align":280},[200,414,415],{"align":280},"就美国绑定自定义域名可以签发ssl证书，其它地区全炸了。亚太地区好像是被墙了，tcping只有香港和tw是绿的，大陆地区全红",[173,417,418,423,426,429,435,437],{},[200,419,420],{"align":280},[14,421,422],{},"GitHub Pages",[200,424,425],{"align":280},"F",[200,427,428],{"align":280},"Fastly",[200,430,431,432],{"align":280},"🛡️ ",[14,433,434],{},"强",[200,436,320],{"align":280},[200,438,439,442],{"align":280},[14,440,441],{},"众生平等","。虽然免费且抗揍，但在国内的访问速度约等于 404，不仅防住了黑客，也防住了访客。",[173,444,445,450,452,454,457,460],{},[200,446,447],{"align":280},[14,448,449],{},"Cloudflare Pages",[200,451,360],{"align":280},[200,453,363],{"align":280},[200,455,456],{"align":280},"God 神",[200,458,459],{"align":280},"✅",[200,461,462,465,466,469],{"align":280},[14,463,464],{},"最后防线","。来，往这打！",[467,468],"br",{},"优选后线路高度可用。",[173,471,472,477,480,483,487,489],{},[200,473,474],{"align":280},[14,475,476],{},"Tencent EdgeOne",[200,478,479],{"align":280},"S",[200,481,482],{"align":280},"腾讯云",[200,484,431,485],{"align":280},[14,486,479],{},[200,488,459],{"align":280},[200,490,491],{"align":280},"免费版套餐无限流量，缺点就是eopages还是对有些函数支持不太行，备案之后访问是神。",[173,493,494,499,501,503,507,509],{},[200,495,496],{"align":280},[14,497,498],{},"Aliyun ESA",[200,500,308],{"align":280},[200,502,408],{"align":280},[200,504,314,505],{"align":280},[14,506,317],{},[200,508,459],{"align":280},[200,510,511,514,515,517],{"align":280},[14,512,513],{},"腾讯的死对头","。阿里云和 EdgeOne 属于卧龙凤雏。",[467,516],{},"备案之后免费套餐就是国内访问的神，不备案？那就是屎。",[10,519,520,521,523,524,526,527,531],{},"最终综合考量维护复杂度和国内用户的访问体验，选择了 ",[14,522,476],{}," 作为国内的Pages加速，国际段则使用 ",[14,525,449],{},"，使用 华为云 的 DNS 做 ",[528,529,530],"em",{},"GeoDNS","。",[30,533,535],{"id":534},"第五张迁移之后真的安全了吗","第五张：迁移之后...真的安全了吗?",[10,537,538],{},"进行了一个光速的迁移，由于是直接部署编译并且更换了CNAME到 EO 给的地址，所以攻击路径直接被我引到腾讯云上了。",[10,540,541],{},[55,542],{"alt":543,"src":544},"IMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104182956266.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104182956266.png",[10,546,547],{},"正当我以为没事情了，一切交给腾讯云的WAF了，我就去改博客被攻击的文件名了。",[10,549,550],{},"刚切到腾讯云 EdgeOne 不到五分钟，警报拉响。",[10,552,553,554,557,558,561,562,531],{},"请求量瞬间从 ",[14,555,556],{},"400"," 飙升到 ",[14,559,560],{},"几万","，峰值带宽直接干到了 ",[14,563,564],{},"1.0 Gbps",[10,566,567],{},[55,568],{"alt":569,"src":570},"IMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104183536610.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104183536610.png",[10,572,573,574,577,578,581,582,585,586,589],{},"你没有看错，从 ",[14,575,576],{},"2026-1-3 22:00 - 2026-1-3 22:55"," 这个时间段，总共被请求了 ",[14,579,580],{},"224.29万"," 次CDN，也就是攻击者还在疯狂的刷我的 ",[37,583,584],{"code":584},"head.png"," 这张图\n查看攻击者排行，发现集中在香港、",[14,587,588],{},"中国大陆","、美国、新加坡 这几个地区发起的请求。\n甚至有人用中国联通的家宽攻击我，还有Cloudflare也上来了。",[167,591,592,614],{},[170,593,594],{},[173,595,596,599,602,605,608,611],{},[176,597,598],{},"IP信息",[176,600,601],{},"威胁",[176,603,604],{},"VPN?",[176,606,607],{},"代理详细",[176,609,610],{},"分类",[176,612,613],{},"AS",[195,615,616,634,654,671,689,706,723,739,756,772],{},[173,617,618,621,624,626,628,631],{},[200,619,620],{},"188.253.12.1",[200,622,623],{},"48",[200,625,208],{},[200,627,211],{},[200,629,630],{},"数据中心 | VPN",[200,632,633],{},"Akari",[173,635,636,639,642,645,648,651],{},[200,637,638],{},"103.151.172.86",[200,640,641],{},"68",[200,643,644],{},"否",[200,646,647],{},"无",[200,649,650],{},"数据中心",[200,652,653],{},"KIDC Limit",[173,655,656,659,662,664,666,668],{},[200,657,658],{},"154.92.130.36",[200,660,661],{},"88",[200,663,208],{},[200,665,211],{},[200,667,630],{},[200,669,670],{},"Stacks Inc.",[173,672,673,676,679,681,684,686],{},[200,674,675],{},"212.135.214.5",[200,677,678],{},"38",[200,680,208],{},[200,682,683],{},"Skyline VPN",[200,685,630],{},[200,687,688],{},"CYBERVERSE JP",[173,690,691,694,696,698,700,703],{},[200,692,693],{},"203.198.248.246",[200,695,225],{},[200,697,644],{},[200,699,647],{},[200,701,702],{},"家宽",[200,704,705],{},"HKT",[173,707,708,711,714,716,718,720],{},[200,709,710],{},"103.156.242.229",[200,712,713],{},"65",[200,715,644],{},[200,717,647],{},[200,719,650],{},[200,721,722],{},"Raid Networks Co., Ltd.",[173,724,725,728,731,733,735,737],{},[200,726,727],{},"185.220.238.121",[200,729,730],{},"63",[200,732,644],{},[200,734,211],{},[200,736,630],{},[200,738,633],{},[173,740,741,744,747,749,751,753],{},[200,742,743],{},"39.64.20.174",[200,745,746],{},"0",[200,748,644],{},[200,750,647],{},[200,752,702],{},[200,754,755],{},"China Unicom Shandong Province Network",[173,757,758,761,764,766,768,770],{},[200,759,760],{},"46.3.240.103",[200,762,763],{},"80",[200,765,208],{},[200,767,211],{},[200,769,630],{},[200,771,633],{},[173,773,774,777,780,782,785,788],{},[200,775,776],{},"104.28.211.105",[200,778,779],{},"93",[200,781,208],{},[200,783,784],{},"(CPN) Consumer Privacy Network",[200,786,787],{},"数据中心 | CPN",[200,789,363],{},[791,792],"hr",{},[120,794,796],{"id":795},"小打小闹该结束了","小打小闹该结束了。",[10,798,799,800,802,803,807],{},"不想跟他们玩了，直接修改 ",[37,801,584],{"code":584}," 改到别的地方和文件名，push！结果效果嘛……？\n",[55,804],{"alt":805,"src":806},"Pasted_image 20260104184435.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FPasted_image_20260104184435.png","\n修改文件名之后，攻击依旧没有停止，但是状态码返回了200万次 404 是怎么回事呀？好难猜呀！",[10,809,810],{},"它们还在傻傻地请求旧链接。",[10,812,813],{},[55,814],{"alt":815,"src":816},"Pasted_image 20260104184504.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FPasted_image_20260104184504.png",[10,818,819,820,823,824,827],{},"看着后台日志里那 ",[14,821,822],{},"200多万次"," 的 ",[37,825,826],{"code":826},"404 Not Found","，我甚至有点想笑。你们继续刷吧，这点 404 流量，跟挠痒一样。",[791,829],{},[30,831,833],{"id":832},"第五章赛后总结","第五章：赛后总结",[10,835,836,837,841,845],{},"第二天之后很显然流量比昨天少不少了，命中的次数也少很多了。估计是对面发现打了一晚上全是 404，或者那个买来的 DDoS 攻击时间到了。\n",[55,838],{"alt":839,"src":840},"Pasted_image 20260104190504.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FPasted_image_20260104190504.png",[55,842],{"alt":843,"src":844},"Pasted_image 20260104190244.png","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FPasted_image_20260104190244.png","\n虽然流量还在跑，但 404 页面只有几 KB，相比之前的大图，流量消耗直接降低了 99%。\n就是截止目前还是有莫名其妙的东西在扫我改过名字的favicon文件，状态码200已经达到了20.6万次。",[791,847],{},[30,849,851],{"id":850},"番外篇乐子来了","番外篇：乐子来了",[10,853,854,855,858],{},"被打的第二天中午，群友的静态站也被打了\n",[55,856],{"alt":843,"src":857},"\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002F7cf756f8f787326b870195af99f7c0f4.png","\n该群友也是使用的Vercel，也是静态站。表示被打爆了切CF了。",[791,860],{},[10,862,863,864,867],{},"我人还在，站还活着，不仅白嫖了腾讯的带宽，还水了这篇博文。 ",[14,865,866],{},"这波啊，这波是双赢（我赢两次）。"," 😎",[10,869,870,871],{},"其实Edgeone Page 无备案也不那么难用嘛~\n",[55,872],{"alt":873,"src":874},"IMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104194031307.jpeg","\u002Fassets\u002Fimages\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration\u002FIMG-my-static-blog-ddos-vercel-to-cloudflare-migration-20260104194031307.jpeg",{"title":57,"searchDepth":876,"depth":876,"links":877},4,[878,880,881,885,886,887,890,891],{"id":32,"depth":879,"text":32},2,{"id":50,"depth":879,"text":51},{"id":99,"depth":879,"text":100,"children":882},[883],{"id":122,"depth":884,"text":122},3,{"id":144,"depth":879,"text":145},{"id":264,"depth":879,"text":265},{"id":534,"depth":879,"text":535,"children":888},[889],{"id":795,"depth":884,"text":796},{"id":832,"depth":879,"text":833},{"id":850,"depth":879,"text":851},[893],"技术","2026-01-04 00:00:00","本文您将看到：国宾待遇、赛博拆迁、移形换影、嘲讽拉满。……难道这就是黑暗森林？",false,"md",".\u002Fassets\u002Fimages\u002Fcover\u002Fddos.png",{"slots":900},{},true,"\u002F2026\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration",null,{"text":905,"minutes":906,"time":907,"words":908},"11 min read",10.045,602700,2009,5,{"title":5,"description":895},{"loc":902},"posts\u002F2026\u002Fmy-static-blog-ddos-vercel-to-cloudflare-migration",[914,915,916,305,917],"运维","杂谈","DDoS","EdgeOne","tech","AeXGKZ91-5oi_odZcHos_eqZD3WF3B66CgNIQWMYZC4",[921,926],{"title":922,"path":923,"stem":924,"date":925,"type":918,"children":-1},"VPS常用脚本","\u002F2025\u002Fvps-scripts","posts\u002F2025\u002Fvps-scripts","2025-12-07 00:00:00",{"title":927,"path":928,"stem":929,"date":930,"type":918,"children":-1},"赞美招行万事达普卡！甲骨文成功下号+升级，全程丝滑！内含踩的坑点记录","\u002F2026\u002Foracle-cloud-registration-cmb-mastercard","posts\u002F2026\u002Foracle-cloud-registration-cmb-mastercard","2026-03-26 00:00:00",1777395318800]