Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "how to prevent PHPDDOS from attacking others". The editor shows you the operation process through an actual case. The method of operation is simple and fast, and it is practical. I hope this article "how to prevent PHPDDOS from attacking others" can help you solve the problem.

Talk about the methods to prevent phpddos from sending packets.

The copy code is as follows:

If (eregi ("ddos-udp", $read)) {

Fputs ($verbinden, "privmsg $channel: ddos-udp-started udp flood-$read2 [4]\ n\ n")

$fp = fsockopen ("udp://$read2 [4]", 500, $errno, $errstr, 30)

If (! $fp)

{

$fp = fsockopen ("udp://$read2 [4]", 500, $errno, $errstr, 30)

Since you are using the fsockopen () function to request the outside, don't let him do it.

Set in php.ini

Allow_url_fopen = off

If so, he can still send the contract.

Extension=php_sockets.dll

Change to

; extension=php_sockets.dll

Restart apache, iis, nginx

This can prevent php ddos from sending packets.

The penalty policy for this kind of attack is

Further violations will proceed with these following actions:

1st violation-warning and shutdown of server. We will allow 24 hours for you to rectify the problem. The first time is warning + shutdown, giving 24 hours to solve the problem.

2nd violation-immediate reformat of server. The second time is to format the server immediately

3rd violation-cancellation with no refund. The third time is to cancel the service and give no refund.

To solve this problem, give a simple description

Performance characteristics: as soon as iis is turned on, the outflow bandwidth of the server is used up-that is, the server keeps sending packets to others, which is different from being attacked by ddos. Ddos continues to receive a large number of data packets.

Solution:

Stop iis first, so that you can't attack others for the time being, then

Prohibit the above code:

Set it in c:\ windows\ php.ini:

Disable_functions = gzinflate,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,fsockopen

Set its value to off in c:\ windows\ php.ini

Allow_url_fopen = off

And:

; extension=php_sockets.dll

The sign in front of it must have a sign, which means to restrict the use of sockets.dll

The front sign should be kept.

Then start iis

Prohibit all udp from sending out in the ip policy, or in the firewall

Solution under linux

First, it is forbidden to send udp packets to the outside world on this machine.

Iptables-an output-p udp-j drop

Allow ports that require udp services (such as dns)

Iptables-I output-p udp-- dport 53-d 8.8.8.8-j accept

Green "53" is the udp port required by dns, and the yellow "8.8.8.8" part is dns ip. According to the settings of your server, if you do not know the dns ip currently used by your server, you can execute the following command in ssh:

Cat / etc/resolv.conf | grep nameserver | awk 'nr==1 {print $2}'

Complete iptables rules are attached

The copy code is as follows:

# iptables-an input-p tcp-m tcp-- sport 53-- dport 1024 tcp 65535-m state-- state established-j accept

# iptables-an input-p udp-m udp-- sport 53-- dport 1024 udp 65535-m state-- state established-j accept

# iptables-an output-p tcp-m tcp-- sport 1024 tcp 65535-d 8.8.4.4-dport 53-m state-- state new,established-j accept

# iptables-an output-p udp-m udp-- sport 1024 udp 65535-d 8.8.8.8-- dport 53-m state-- state new,established-j accept

# iptables-an output-p udp-j reject

# / etc/rc.d/init.d/iptables save

# service iptables restart

# chkconfig iptables on

Open external and internal dns port 53

All other outbound udp protocols are prohibited

Boot and start iptables

Another thing to be clear is that the above code is because my server uses Google's dns to parse, and my server-side external access (surfing the Internet on the server side, you need, if it's just a simple server, you don't have to install yum), so I open access to 8.8.4.4 and 8.8.8.8, if you're not set to Google's dns. Then you have to change it to your dns. What dns is used can be queried in the following ways

This is the end of the content on "how to prevent PHPDDOS from attacking others". Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.