Methods to prevent Phpddos from contracting others (Iis+linux) _linux

Source: Internet
Author: User
Tags iptables
The way to prevent Phpddos contract
Copy Code code as follows:

if (eregi ("ddos-udp", $read)) {
Fputs ($verbinden, "privmsg $Channel:d dos-udp–started UDP flood– $read 2[4]\n\n");
$fp = Fsockopen ("udp://$read 2[4]", $errno, $errstr, 30);
if (! $fp)
{
$fp = Fsockopen ("udp://$read 2[4]", $errno, $errstr, 30);

Since the Fsockopen () function is requested externally, then he is not allowed to request

Set in php.ini
Allow_url_fopen = Off
If so, he can still get the contract.

Extension=php_sockets.dll
Change into
; Extension=php_sockets.dll

Restart Apache, IIS, NGINX

This will prevent the PHP DDoS contract

The penalty policy for this attack is,

Further violations would proceed with these following actions:

1st violation-warning and shutdown of server. We'll allow hours for your to rectify the problem. The first time is a warning + shutdown, give 24 hours to solve the problem

2nd violation-immediate reformat of server. The second time is to format the server immediately

3rd violation-cancellation with no refund. The third time is to cancel the service without giving a refund

To address this problem, give a simple description,

Performance features: As soon as you turn on IIS, the bandwidth of the server is run out-----that is, the server continues to contract to others, this situation and by DDoS attack is different, DDoS is constantly receiving a large number of packets.

Solution:

Stop IIS for the time being, and then

Prohibit the above code:

Set in C:\windows\php.ini:

Disable_functions =gzinflate,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_ Status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_ Socket_server,fsocket,fsockopen

Set its value to off in C:\windows\php.ini

Allow_url_fopen = Off

And:

; Extension=php_sockets.dll

The front of the number must have, meaning is to limit the use of Sockets.dll

To keep in front of;

Then start IIS

In IP policy, or firewall, prevent all UDP from being sent out

Linux Solutions

I. Prohibit the sending of UDP packets outside the machine

Iptables-a output-p udp-j DROP

II. ports that require UDP services (for example, DNS)

Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT

Green "53", for DNS required UDP port, the yellow "8.8.8.8" part of the DNS IP, according to your server settings, if you do not know your current server to use the DNS IP, you can execute the following command in SSH to obtain:

cat/etc/resolv.conf |grep nameserver |awk ' nr==1{print $} '

With complete iptables rules
Copy Code code as follows:

#iptables-A input-p tcp-m TCP--sport--dport 1024:65535-m State--state established-j ACCEPT

#iptables-A input-p udp-m UDP--sport--dport 1024:65535-m State--state established-j ACCEPT

#iptables-A output-p tcp-m tcp--sport 1024:65535-d 8.8.4.4--dport 53-m State--state new,established-j ACCEPT

#iptables-A output-p udp-m UDP--sport 1024:65535-d 8.8.8.8--dport 53-m State--state new,established-j ACCEPT

#iptables-A output-p udp-j REJECT

#/etc/rc.d/init.d/iptables Save

# Service Iptables Restart

#chkconfig iptables on

Open external and internal DNS port 53

Prohibit all other outbound UDP protocols

Boot boot iptables

In addition to note that the above code is because my server is Google's DNS to resolve, my server-side external access (in the server side of the Internet, it is necessary, if only a simple server, do not carry out Yum installation can not be used), So I open the access to 8.8.4.4 and 8.8.8.8, if you are not set up for Google DNS, then here's your own to modify to your DNS. What DNS is used can be queried in the following way

Download Phpddos_jb51.rar with IP Security policy
How to use:
Start first-run-gpedit.msc Find IP Security Policy
right mouse button-All Tasks-Select Import Policy
Finally, you can assign a policy

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.