What Is a CC Attack and How to Defend Against It?

What Is a CC Attack

CC attack (Challenge Collapsar) is a type of DDoS that uses proxy servers or compromised machines to repeatedly request a target host, exhausting its resources until it crashes.

Attackers send a large number of URL requests that require lengthy processing (e.g., database queries), causing the server to perform heavy computation and reach its capacity, resulting in a denial of service.

After sending a request to a proxy, the attacker immediately closes the connection; the proxy continues to contact the target server, so the attacker’s resource consumption is minimal, while the target sees seemingly legitimate requests from the proxies.

CC Attack Example

For instance, an attacker who has compromised a high‑traffic homepage may inject 100 <iframe src="http://aaa.com"></iframe> tags. Each visitor to the compromised page triggers 100 requests to http://aaa.com , overwhelming the target due to the large volume of traffic.

Nowadays, attackers often use large numbers of free proxies instead of hacking specific sites.

Difference Between CC Attack and DDoS

DDoS attacks target IP addresses, whereas CC attacks target web pages. Hardware firewalls can filter traditional DDoS traffic, but CC requests appear normal, making them harder to block with such firewalls.

Common CC Attack Mitigation Methods

1. Cloud WAF

Products like 360 Security Guard or Baidu Cloud Acceleration act as reverse proxies that scan incoming traffic and block malicious requests while forwarding legitimate ones.

Advantages: Quick deployment and strong vendor support.

Disadvantages: Attackers can bypass WAF by discovering the origin IP; also, site traffic data is exposed, which may be unsuitable for confidential information.

2. Distinguish Attackers on the Web Server

Analyzing server logs can reveal attacker IPs. Normal browsers request HTML, CSS, JS, images, etc., while CC attacks typically fetch only a single URL without additional resources. Blocking identified IPs can effectively mitigate the attack.

3. Static Site Content

Serving static content reduces server resource consumption, undermining the attacker’s goal of exhausting resources.

4. Limit IP Connection Rate

Legitimate users rarely make rapid repeated requests to the same page within a second. Configuring the web server to limit request frequency per IP can help.

5. Restrict Proxy Access

Many proxies include the X_FORWARDED_FOR header, but some do not, and some legitimate clients require a proxy. Blocking requests lacking this header may inadvertently affect valid users.

There is no single foolproof solution; employing multiple defenses and staying updated with cloud security products is recommended.