Linux-php website server anti-traffic out-of-the-box attack (Anti-phpddos Trojan)

Currently, many DDoS attackers use php shell to initiate packets and then launch ddos attacks. The cost is very low. Some people say that, if we control thousands of servers to send packets to a ddos system, we can buy them with a few hundred pieces and press on one of my G-port American servers, it's basically seckilling ....... Cry, now this network situation, alas
Chatting .......
The following describes how to change the security settings of linux servers and php to prevent trojans from becoming a ddos attack source.
1. php. ini disables parameters such as exec in the php call system.
Add the following line to php. ini:
Disable_functions = symlink, shell_exec, exec, proc_close, proc_open, popen, system, dl, passthru, escapeshellarg, escapeshellcmd
2. Disable ouput udp packets from the server (except for the domain name resolution server set on the local machine)
#! /Bash
NSIP = 'cat/etc/resolv. conf | grep nameserver | awk 'nr = 1 {print $2 }''
/Sbin/iptables-a output-p udp-j DROP
/Sbin/iptables-I OUTPUT-p udp-dport 53-d $ NSIP-j ACCEPT

From: blog.opvps.com/linux-php-output-attack