Solve the DDOS method on the server via PHP code

DDOS via PHP code is nothing new. It is characterized by calling sockets with PHP code and directly attacking other IPs with the server's network. The performance on the server is to open IIS, the outflow bandwidth of the server is used up, whether you are 10M or 100M, all use light, that is, the server constantly sends packets to others, this situation is different from DDOS attack, DDOS is constantly Received a large number of data packets, causing the bandwidth to fill up and unable to provide services, PHP DDOS is constantly sending packets, occupying the bandwidth, and thus unable to provide services. I said that the managed server was attacked like this. Let's share the solution.

Solve the first method of DDOS on the server via PHP code: find the website to which the attack belongs and close it. Find this website Open the IIS error log, the location is C:\\Windows\\System32\\LogFiles\\HTTPERR\\, generally there is a file httperr1.log, which has a record like this: 2011-10-19 11:30:39 61.147 .121.175 3108 96.139.56.156 80 HTTP/1.1 GET /Editor/sc.php?ip=119.112.90.217&port=80&time=6000 - 26200000 Timer_MinBytesPerSecond DefaultAppPool Mainly to see the last three items, the above example is 26200000 Timer_MinBytesPerSecond DefaultAppPool , 26200000 is the ID of the website in IIS that uses PHP to attack DDOS. DefaultAppPool is the application pool where the website is located. Through these two parameters, we can quickly find this website in IIS Manager. Close this website or this application pool Use IIS Manager to stop the application pool found in the above log, or just close the website with the ID above.

Now, the site that uses PHP for DDOS attacks is stopped, which solves this problem. However, it is time-consuming and laborious to solve the comparison by such a method, and if it appears on other websites, it has to be operated like this, and it cannot be done once and for all. The following is a once-and-for-all method, which is to solve the second method of DDOS on the server through PHP code: prohibit UDP access. Method 1: Open “Administrative Tools”——“Local Security Policy ——“IP Security Policy", UDP access is prohibited in IP security policy; Method 2: Open Windows Firewall, in UDP access is prohibited in the firewall.

The above two methods are recommended to use method one, because the dns service needs to use UDP, and the first method can be flexibly set to allow the UDP access of the DNS service to prohibit all other UDP, and the rule can be added to the specified DNS server. Address, more secure.

In order to facilitate the use, Juyou has made a batch file, directly modify the DNS server address into the DNS server address of your server, and then directly execute it. Download address: Click here to download

There is also a way to modify the PHP configuration, but that method will cause a lot of PHP's website program to be abnormal, so I won't say it here.