The way to prevent Phpddos contract
Copy Code code as follows:
if (eregi ("ddos-udp", $read)) {
Fputs ($verbinden, "privmsg $Channel:d dos-udp–started UDP flood– $read 2[4]\n\n");
$fp = Fsockopen ("udp://$read 2[4]", $errno, $errstr, 30);
if (! $fp)
{
$fp = Fsockopen ("udp://$read 2[4]", $errno, $errstr, 30);
Since the Fsockopen () function is requested externally, then he is not allowed to request
Set in php.ini
Allow_url_fopen = Off
If so, he can still get the contract.
Extension=php_sockets.dll
Change into
; Extension=php_sockets.dll
Restart Apache, IIS, NGINX
This will prevent the PHP DDoS contract
The penalty policy for this attack is,
Further violations would proceed with these following actions:
1st violation-warning and shutdown of server. We'll allow hours for your to rectify the problem. The first time is a warning + shutdown, give 24 hours to solve the problem
2nd violation-immediate reformat of server. The second time is to format the server immediately
3rd violation-cancellation with no refund. The third time is to cancel the service without giving a refund
To address this problem, give a simple description,
Performance features: As soon as you turn on IIS, the bandwidth of the server is run out-----that is, the server continues to contract to others, this situation and by DDoS attack is different, DDoS is constantly receiving a large number of packets.
Solution:
Stop IIS for the time being, and then
Prohibit the above code:
Set in C:\windows\php.ini:
Disable_functions =gzinflate,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_ Status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_ Socket_server,fsocket,fsockopen
Set its value to off in C:\windows\php.ini
Allow_url_fopen = Off
And:
; Extension=php_sockets.dll
The front of the number must have, meaning is to limit the use of Sockets.dll
To keep in front of;
Then start IIS
In IP policy, or firewall, prevent all UDP from being sent out
Linux Solutions
I. Prohibit the sending of UDP packets outside the machine
Iptables-a output-p udp-j DROP
II. ports that require UDP services (for example, DNS)
Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT
Green "53", for DNS required UDP port, the yellow "8.8.8.8" part of the DNS IP, according to your server settings, if you do not know your current server to use the DNS IP, you can execute the following command in SSH to obtain:
cat/etc/resolv.conf |grep nameserver |awk ' nr==1{print $} '
With complete iptables rules
Copy Code code as follows:
#iptables-A input-p tcp-m TCP--sport--dport 1024:65535-m State--state established-j ACCEPT
#iptables-A input-p udp-m UDP--sport--dport 1024:65535-m State--state established-j ACCEPT
#iptables-A output-p tcp-m tcp--sport 1024:65535-d 8.8.4.4--dport 53-m State--state new,established-j ACCEPT
#iptables-A output-p udp-m UDP--sport 1024:65535-d 8.8.8.8--dport 53-m State--state new,established-j ACCEPT
#iptables-A output-p udp-j REJECT
#/etc/rc.d/init.d/iptables Save
# Service Iptables Restart
#chkconfig iptables on
Open external and internal DNS port 53
Prohibit all other outbound UDP protocols
Boot boot iptables
In addition to note that the above code is because my server is Google's DNS to resolve, my server-side external access (in the server side of the Internet, it is necessary, if only a simple server, do not carry out Yum installation can not be used), So I open the access to 8.8.4.4 and 8.8.8.8, if you are not set up for Google DNS, then here's your own to modify to your DNS. What DNS is used can be queried in the following way
Download Phpddos_jb51.rar with IP Security policy
How to use:
Start first-run-gpedit.msc Find IP Security Policy
right mouse button-All Tasks-Select Import Policy
Finally, you can assign a policy