Of Stack

Vps cloud host independent host Udp outsourcing process

  • 2020-05-13 03:55:24
  • OfStack

Udp packet 1 is a hacker through php to attack other people's website to perform some operations, such a consequence is that our server bandwidth will be exhausted, cpu run full, so we need to have the space to use dedecms and other procedures under the best Settings 1, to prevent our server into chicken.

Phenomenon: host sends out packets (1 is usually because of the vulnerability of dedecms, the Trojan uploaded by hackers sends out UDP attack packets to attack other people's websites), the bandwidth usage exceeds 50M/s, and the system is automatically restarted or shut down.

There are several ways to protect against phpddos

1. Directly close the php function (some php programs cannot run this way)
2. Directly seal udp. This method may kill some running programs by mistake
3. Use the official ddos shield, but use the php shield
4. Export the attack to another ip address using pseudo-static (LINUX server is required)

win host solution:

1. Main schemes:

Download / / www. ofstack. com softs / 246728 html after decompression to any directory, run directly setup. bat can

This program also automatically prevents UDP from sending packages.

Check the plus or include directories of sites that use DEDECMS, remove trojans left behind by hackers, and upgrade dedecms to the latest version.

2. Alternative: a more radical approach is to disable the fsockopen function of php, although disabling this may disable some functions (remote reading, api calls, etc.) of some websites.

(edit d:\SOFT_php_PACKAGE\PHP\ php. ini, modify disable_functions =fsockopen, then start > Running iisreset takes effect.)

3. Alternative plan: you can also use the function of the website management assistant to "kill viruses" to clean up the trojans.

LINUX setting method:

Execute the following rules directly on the server to prevent UDP from contracting. 



iptables -F

iptables -A OUTPUT -p udp -d 61.139.2.69 --dport 53 -j ACCEPT

iptables -A OUTPUT -p udp -d 8.8.8.8 --dport 53 -j ACCEPT

iptables -A OUTPUT -p udp -j DROP

service iptables save

Related articles: