Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
Recently a lot of webmaster have been attacked by PHP traffic, some attack others, some of their own attacks on their own servers, so many servers instantly paralyzed web site can not open, I was also deeply affected by its harm, so summed up a few simple methods, and finally to deal with the problem of Phpddos attack, I will share with you (here first thank the next A5 forum friends before the help, thank A5 Forum, thank you webmaster)
First to understand what is Phpddos traffic attacks, Phpddos is a hacker through the invasion of the Web server Phpshell to control the Phpshell to other victims or their own servers to send UDP attack packets for DDoS attacks, such attacks have one of the greatest characteristics, is to upload the flow of an instant increase, usually flow up to dozens of or even nearly hundred m, will the entire server, and even the entire Cabinet of the broadband block, so that the site can not run, and such an attack, we can not solve from the remote, one but that Phpshell run, your broadband will be all occupied, remote can not connect.
What can be done after the attack is to contact the room staff, let him into your server to turn off your IIS, no longer find out which site was invaded, as far as possible a site also do not open, so as not to be attacked again, how to see whether this attack, can not say to turn off the ISS good, is this attack, But according to more accurate view, can determine what is the problem, open 360 security guards, and then open the function encyclopedia, to find the flow of the firewall, where you can see each process upload and download the amount of traffic, attention to the hidden system services also point open look, Are generally uploaded oversized is phpddos attack, and generally will be in w3wp.exe and mysql.exe upload traffic will be very large, the smallest also hundreds of m, the largest number of G, good to know is this attack, we will find a way to solve.
Workaround:
1. Use 360 flow firewall, the w3wp.exe and Mysql.exe upload traffic restrictions, according to your server's own broadband situation to limit the general restrictions on 200-300kb are no problem, so not afraid of Phpshell launched a large flow of attacks, However, one drawback of this approach is that when you reboot the server, the W3wp.exe and mysql.exe that you have previously restricted will not work, and you need to make a new one, and the friend in this way must pay attention to this.
2. Change the PHP operating environment to solve, open php.ini find disable_functions= This, and then change the back to Gzinflate,passthru,exec,system,chroot,scandir,chgrp, Chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog, Readlink,symlink,popepassthru,stream_socket_server,fsocket,fsockopen. Allow_url_fopen = off, and then find the Extension=php_sockets.dll, the front plus a semicolon, that is, shielding the item.
3. By looking for the source of the attack, to find out whether there is a Phpshell attack source code in all sites, source code for (because the code is too messy to display to everyone) as shown in the picture:
Through the bulk of the site to find whether there are similar above the map of the source code, find the deletion, the site permissions set to not write, so in the absence of repair this site before the loophole, will not be implanted Trojan.
All three of these methods can normally solve this problem (note: If the above method does not work, then you can only go to A5 Webmaster Network Forum to consult others, I believe there will be solutions, I summed up three ways for everyone to choose, if the hero has a better solution, please be sure to share. Thank you! This article by (what weight loss drug effect best http://www.xhxckj.com) NET original, reprint please indicate the source, thank you!