How to Prevent PHPDDOS from sending packets
Copy codeThe Code is as follows: if (eregi ("ddos-udp", $ read )){
Fputs ($ verbinden, "privmsg $ Channel: ddos-udp-started udp flood-$ read2 [4] \ n ");
$ Fp = fsockopen ("udp: // $ read2 [4]", 500, $ errno, $ errstr, 30 );
If (! $ Fp)
{
$ Fp = fsockopen ("udp: // $ read2 [4]", 500, $ errno, $ errstr, 30 );
Since the fsockopen () function is used to request external data, the request is not allowed.
Set in php. ini
Allow_url_fopen = Off
In this case, he can still send packets.
Extension = php_sockets.dll
Change
; Extension = php_sockets.dll
Restart APACHE, IIS, and NGINX
This prevents php ddos packets.
The penalty policy for such attacks is,
Further violations will proceed with these following actions:
1st violation-Warning and shutdown of server. We will allow 24 hours for you to rectify the problem. the first time is Warning + shutdown, giving 24 hours to solve the problem
2nd violation-Immediate reformat of server. The second request is to format the server immediately.
3rd violation-Cancellation with no refund. The third request is to cancel the service and no refund is given.
To solve this problem, give a simple description,
Characteristics: When IIS is enabled, the outbound bandwidth of the server is used up. That is to say, the server keeps sending packets to others. This is different from the ddos attack. Ddos constantly receives a large number of packets.
Solution:
Stop IIS first, so that no external attack can be performed for the moment, and then
Disable the above Code:
In c: \ windows \ php. ini, set:
Disable_functions = export, passthru, exec, system, chroot, scandir, chgrp, chown, shell_exec, proc_open, proc_get_status, ini_alter, ini_alter, listen, dl, pfsockopen, openlog, syslog, readlink, symlink, popepassthru, stream_socket_server, fsocket, fsockopen
Set the value to Off in c: \ windows \ php. ini.
Allow_url_fopen = Off
And:
; Extension = php_sockets.dll
The preceding; number must be available, which means to restrict the use of sockets. dll
Prefix; number to be retained
Then start IIS
In an IP policy or firewall, all udp packets are prohibited from being sent out.
Solution in linux
1. Prohibit the local machine from sending UDP packets externally
Iptables-a output-p udp-j DROP
2. Allow ports (such as DNS) requiring UDP services)
Iptables-I OUTPUT-p udp -- dport 53-d 8.8.8.8-j ACCEPT
The green "53" is the UDP port required by DNS, and the yellow "8.8.8.8" is the dns ip address, which is determined based on your server settings, if you do not know the dns ip address used by your server, you can run the following command in SSH to obtain it:
Cat/etc/resolv. conf | grep nameserver | awk 'nr = 1 {print $2 }'
Complete iptables rulesCopy codeThe Code is as follows: # iptables-a input-p tcp-m tcp -- sport 53 -- dport 1024: 65535-m state -- state ESTABLISHED-j ACCEPT
# Iptables-a input-p udp-m udp -- sport 53 -- dport 1024: 65535-m state -- state ESTABLISHED-j ACCEPT
# Iptables-a output-p tcp-m tcp -- sport 1024: 65535-d 8.8.4.4 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT
# Iptables-a output-p udp-m udp -- sport 1024: 65535-d 8.8.8.8 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT
# Iptables-a output-p udp-j REJECT
#/Etc/rc. d/init. d/iptables save
# Service iptables restart
# Chkconfig iptables on
Open external and internal DNS port 53
Disable all other Outbound UDP protocols
Start iptables
In addition, the above code is used for Google DNS resolution on my server and external access on my server (you need to access the Internet on the server, if the server is a simple server, and you do not need to install yum, you do not need to). Therefore, I open access to 8.8.4.4 and 8.8.8.8. If you are not set to Google DNS, then you need to change it to your DNS. What is the DNS used? You can use the following method to query
Use the IP Security Policy to download phpddos_jb51.rar
Usage:
Start-run-gpedit. msc to find the IP Security Policy
Right-click all tasks and choose Import Policy
Finally, assign a policy.