How to Prevent PHPDDOS packet sending attacks in iis + linux

Let's talk about how to prevent PHPDDOS from sending packets. the Code is as follows: if (eregi ("ddos-udp", $ read) {fputs ($ verbinden, "privmsg $ Channel: ddos-udp-started udp flood-$ read2 [4] \ n "); $ fp = fsockopen (" udp: // $ read2 [4] ", 500, $ errno, $ errstr, 30); if (! $ Fp) {$ fp = fsockopen ("udp: // $ read2 [4]", 500, $ errno, $ errstr, 30); since fsockopen () is used () if the function requests the external server, it will not be allowed to request php. set allow_url_fopen = Off in ini. If this happens, the extension = php_sockets.dll package can be changed; extension = php_sockets.dll restart APACHE, IIS, and NGINX to prevent php ddos packets. The penalty policy for such attacks is: Further violations will proceed with these following actions: 1st violation-Warning and shutdown of server. we will allow 24 hours for you to rectify the problem. the first time is warning + shutdown, and 24 hours to solve the problem 2nd violation-Immediate reformat of server. the second is to immediately format the server 3rd violation-Cancellation with no refund. the third request is to cancel the service and not refund the service. In this case, a brief description is provided, showing the following characteristics: When IIS is enabled, the outbound bandwidth of the server is used up-that is, the server keeps sending packets to others, this is different from the ddos attack. Ddos constantly receives a large number of packets.Solution:Stop IIS first, so that no external attack can be performed for the time being, and then disable the above Code: In c: \ windows \ php. set in ini: disable_functions = require, passthru, exec, system, chroot, scandir, chgrp, chown, shell_exec, proc_open, proc_get_status, ini_alter, ini_alter, listener, dl, pfsockopen, openlog, syslog, readlink, symlink, popepassthru, stream_socket_server, fsocket, fsockopen in c: \ windows \ php. set the value in ini to Off allow_url_fopen = Off AND:; extension = before php_sockets.dll; the number must exist, which means to restrict the use of soc. Kets. before dll; # to retain and then start IIS in IP policy, or firewall, disable all udp requests for outgoing sending in linux solution 1. Disable the local computer from sending UDP packets to external users iptables-a output-p udp-j DROP 2. Allow ports requiring UDP services (such as DNS) iptables-I OUTPUT-p udp -- dport 53-d 8.8.8.8-j ACCEPT Green "53", which is the UDP port required by DNS. The yellow "8.8.8.8" section is the DNS IP address, depending on the settings of your server, if you do not know the dns ip address used by your server, you can run the following command in SSH to obtain: cat/etc/resolv. conf | grep nameserver | awk 'nr = 1 {print $2} 'with complete iptables rules. the Code is as follows: # iptables-a input-p tcp-m tcp -- spo Rt 53 -- dport 1024: 65535-m state -- state ESTABLISHED-j ACCEPT # iptables-a input-p udp-m udp -- sport 53 -- dport 1024: 65535-m state -- state ESTABLISHED-j ACCEPT # iptables-a output-p tcp-m tcp -- sport 1024: 65535-d 8.8.4.4 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT # iptables-a output-p udp-m udp -- sport 1024: 65535-d 8.8.8.8 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEP T # iptables-a output-p udp-j REJECT #/etc/rc. d/init. d/iptables save # service iptables restart # chkconfig iptables on open external and internal DNS port 53 prohibit all other Outbound UDP protocols from starting iptables, the above code is because my server uses Google's DNS for parsing and external access on the server side (for accessing the Internet on the server side, you need to, if it is simply a server, you do not need to install yum. Therefore, I open access to 8.8.4.4 and 8.8.8.8. If you are not set to Google's DNS, you need to change it to your DNS here. What is the DNS used? You can use the following method to query how to download phpddos_jb51.rar using the IP Security Policy: first-run-gpedit. msc right-click the IP Security Policy and choose "all tasks"> "Import Policy"> "Assign policy ".