Methods To prevent PHPDDOS packet sending attacks (iis + linux)

Source: Internet
Author: User

How to Prevent PHPDDOS from sending packets
Copy codeThe Code is as follows: if (eregi ("ddos-udp", $ read )){
Fputs ($ verbinden, "privmsg $ Channel: ddos-udp-started udp flood-$ read2 [4] \ n ");
$ Fp = fsockopen ("udp: // $ read2 [4]", 500, $ errno, $ errstr, 30 );
If (! $ Fp)
{
$ Fp = fsockopen ("udp: // $ read2 [4]", 500, $ errno, $ errstr, 30 );

Since the fsockopen () function is used to request external data, the request is not allowed.

Set in php. ini
Allow_url_fopen = Off
In this case, he can still send packets.

Extension = php_sockets.dll
Change
; Extension = php_sockets.dll

Restart APACHE, IIS, and NGINX

This prevents php ddos packets.

The penalty policy for such attacks is,

Further violations will proceed with these following actions:

1st violation-Warning and shutdown of server. We will allow 24 hours for you to rectify the problem. the first time is Warning + shutdown, giving 24 hours to solve the problem

2nd violation-Immediate reformat of server. The second request is to format the server immediately.

3rd violation-Cancellation with no refund. The third request is to cancel the service and no refund is given.

To solve this problem, give a simple description,

Characteristics: When IIS is enabled, the outbound bandwidth of the server is used up. That is to say, the server keeps sending packets to others. This is different from the ddos attack. Ddos constantly receives a large number of packets.

Solution:

Stop IIS first, so that no external attack can be performed for the moment, and then

Disable the above Code:

In c: \ windows \ php. ini, set:

Disable_functions = export, passthru, exec, system, chroot, scandir, chgrp, chown, shell_exec, proc_open, proc_get_status, ini_alter, ini_alter, listen, dl, pfsockopen, openlog, syslog, readlink, symlink, popepassthru, stream_socket_server, fsocket, fsockopen

Set the value to Off in c: \ windows \ php. ini.

Allow_url_fopen = Off

And:

; Extension = php_sockets.dll

The preceding; number must be available, which means to restrict the use of sockets. dll

Prefix; number to be retained

Then start IIS

In an IP policy or firewall, all udp packets are prohibited from being sent out.

Solution in linux

1. Prohibit the local machine from sending UDP packets externally

Iptables-a output-p udp-j DROP

2. Allow ports (such as DNS) requiring UDP services)

Iptables-I OUTPUT-p udp -- dport 53-d 8.8.8.8-j ACCEPT

The green "53" is the UDP port required by DNS, and the yellow "8.8.8.8" is the dns ip address, which is determined based on your server settings, if you do not know the dns ip address used by your server, you can run the following command in SSH to obtain it:

Cat/etc/resolv. conf | grep nameserver | awk 'nr = 1 {print $2 }'

Complete iptables rulesCopy codeThe Code is as follows: # iptables-a input-p tcp-m tcp -- sport 53 -- dport 1024: 65535-m state -- state ESTABLISHED-j ACCEPT

# Iptables-a input-p udp-m udp -- sport 53 -- dport 1024: 65535-m state -- state ESTABLISHED-j ACCEPT

# Iptables-a output-p tcp-m tcp -- sport 1024: 65535-d 8.8.4.4 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT

# Iptables-a output-p udp-m udp -- sport 1024: 65535-d 8.8.8.8 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT

# Iptables-a output-p udp-j REJECT

#/Etc/rc. d/init. d/iptables save

# Service iptables restart

# Chkconfig iptables on

Open external and internal DNS port 53

Disable all other Outbound UDP protocols

Start iptables

In addition, the above code is used for Google DNS resolution on my server and external access on my server (you need to access the Internet on the server, if the server is a simple server, and you do not need to install yum, you do not need to). Therefore, I open access to 8.8.4.4 and 8.8.8.8. If you are not set to Google DNS, then you need to change it to your DNS. What is the DNS used? You can use the following method to query

Use the IP Security Policy to download phpddos_jb51.rar
Usage:
Start-run-gpedit. msc to find the IP Security Policy
Right-click all tasks and choose Import Policy
Finally, assign a policy.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.