Reason
Part of the source code of the php script:
Copy code The code is as follows:
$fp = fsockopen("udp:/ /$ip", $rand, $errno, $errstr, 5);
if($fp){
fwrite($fp, $out);
fclose($fp);
The fsockopen function in the php script sends a large number of data packets through UDP to the external address to attack the other party.
Response
You can pass php.ini, disable the fsockopen function, and use the Windows 2003 security policy to block the local UDP port.
Disable functions
Find disable_functions and add the function name to be disabled, as in the following example:
passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status ,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,fsockopen
It will take effect after restarting IIS.
Block UDP port
Copy the following colored text to notepad, save it as banudp.bat or any name, double-click to run.
REM Add security policy, name
netsh ipsec static add policy name=My security policy
REM Add IP filter list
netsh ipsec static add filterlist name=allow list
netsh ipsec static add filterlist name=deny list
REM Add filter to IP filter list (allow Internet access)
netsh ipsec static add filter filterlist=allow list srcaddr=me dstaddr=any description =dns access protocol=udp mirrored=yes dstport=53
REM Add filter to IP filter list (not allowing others to access)
netsh ipsec static add filter filterlist=deny list srcaddr=any dstaddr= me description=Anyone can access me protocol=udp mirrored=yes
REM Add filter action
netsh ipsec static add filteraction name=Yes action=permit
netsh ipsec static add filteraction name=No You can action=block
REM to create a link specifying IPSec policy, filter list and filter action rules (add the rule to my security policy)
netsh ipsec static add rule name=allow rule policy= My security policy filterlist=allow list filteraction=can
netsh ipsec static add rule name=deny rule policy=my security policy filterlist=deny list filteraction=cannot
REM Activate my security policy
netsh ipsec static set policy name=my security policy assign=y
http://www.bkjia.com/PHPjc/324451.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/324451.htmlTechArticle Reason PHP script part source code: Copy the code as follows: $fp = fsockopen("udp://$ip" , $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); fsockope in php script...