LockSystem - Anti DoS

[Hidden]

If your wondering what "DoS" is, well it's a type of web server attack.
In the shortest terms possible, when someone launches a DoS (Denial of Service) attack against your website, they are sending a shit load of packets. Thus your apache server will crash making your website unvisitable(until apache is restarted). It also takes up a lot of bandwidth, so those servers who have a rented dedi most likely don't have unlimited bandwidth!
So i developed this system that HELPS protect against it but does NOT block it (i couldn't code the firewall!).
Here's how it works,
each time you load the page, your ip and your request time (the value of time() ) is logged into the database,
then, on your second load a script will check your last request time (for example 119843934) and if it is the same as the current time then your warnings will go up by one. Once the maximum warnings have been reached, you shall be banned from the website and a text message will be dispatched to the owner.
It is recommended to run the following query somewhat often(if you get more than 1k visits an hour).

Code:

delete from locksystem where warnings =0

If needed, just ask and i will code a function to automatically clear the database of non-banned ip's every 10 minutes.
Please ask me before releasing modifications!
Things to do:
send the ip to a firewall to block it from all ports (0%)- if you can help me please message me somehow
--------------------------------------------------------
Installation is simple:
1.make a database called locksystem in enterprise manager
2.run the query (tables.sql) in your query analyzer on the Locksystem database
3.Edit locksystem.php so that it can establish a connection to the locksystem database
NOTE: it is recommended to leave 127.0.0.1 as the only admin ip, because localhost has no wait time.
$admin_ips=array("127.0.0.1","Want another one?","how about another?");
4.Your system is all set and ready to go!
------------------------------------------------------
Comments or suggestions please?
-------------------------------------------------
Lock System v1.2
Updates:
Admin System
:]
default login is
Admin for the username and Admin for the password
you can look at banned people, all logs, clear logs, clear the un banned people, and search for an ip!
-------------------------------
v1.3
New layout

[MentaL]

[MuIsBest]

Approved. :D

[Hidden]

Thanks for approving my thread <3 :]

[[RCZ]ShadowKing]

good but ddos can be for each port not only web.This is a common protection good for web side,the rest of them you cant protect,it depend on your internet speed and attackers internet speed,but you can contact your ISP or administrator to block this attacks.

[Hidden]

thanks for the information :]

[MuForum.Info]

# English:
Unfortunately, such programs from the DOS-attacks are not saved!
This saves only marshutizator/router.


# Russian:
К сожалению, такими программами от DOS-атаки не спастись!
От этого спасает только маршутизатор/роутер.

[556677]

# English:
Unfortunately, such programs from the DOS-attacks are not saved!
This saves only marshutizator/router.


# Russian:
К сожалению, такими программами от DOS-атаки не спастись!
От этого спасает только маршутизатор/роутер.

Thanks for the info.

[G4ga]

Nice realese for beginers

[Kagorec]

This is not an Anti-ddos, because the attack has access to the webserver, and the server processes the request connection. Help from ddos attacks by 5%.
And why even connect mssql to store blocked IP? Such things better stored blacklist in text db.
Against more than help ddos firewall (Outpost or similar) which can filter access to the application web server. =)
--------------------
По-русски:
Это нельзя назвать Anti-ddos, потому что атака серавно имеет доступ к вебсерверу, а сервер обрабатывает запрос соединения. Поможет от ддос атаки на 5% .
А зачем еще подключать mssql для хранения заблокированный IP ?
Такие вещи лучше хранить в текстовых дб.
Против ддос больше поможет фаервол (Outpost и похожие) который может фильтровать доступ к приложению вебсервера.
Дополнение: Ну и ддос атака продолжится в нескольких потоках а mssql что ответит - cat connet to database !!!
И атака вновь в действии - это больше похожа защита от задротов которые жмякают ф5 несколько раз в секнду.

[Hidden]

# English:
Unfortunately, such programs from the DOS-attacks are not saved!
This saves only marshutizator/router.


# Russian:
К сожалению, такими программами от DOS-атаки не спастись!
От этого спасает только маршутизатор/роутер.

Nope, this has nothing to do with a router..

Nice realese for beginers

thanks

This is not an Anti-ddos, because the attack has access to the webserver, and the server processes the request connection. Help from ddos attacks by 5%.
And why even connect mssql to store blocked IP? Such things better stored blacklist in text db.
Against more than help ddos firewall (Outpost or similar) which can filter access to the application web server. =)
--------------------
По-русски:
Это нельзя назвать Anti-ddos, потому что атака серавно имеет доступ к вебсерверу, а сервер обрабатывает запрос соединения. Поможет от ддос атаки на 5% .
А зачем еще подключать mssql для хранения заблокированный IP ?
Такие вещи лучше хранить в текстовых дб.
Против ддос больше поможет фаервол (Outpost и похожие) который может фильтровать доступ к приложению вебсервера.
Дополнение: Ну и ддос атака продолжится в нескольких потоках а mssql что ответит - cat connet to database !!!
И атака вновь в действии - это больше похожа защита от задротов которые жмякают ф5 несколько раз в секнду.

No it does NOT block a DoS attack, and yes the DoS still can take down your webserver. But this logs it so that you can MANUALLY block it through your firewall.
It's better than guessing by looking at logs, so this way. at least you know who did it :]
It used to be stored in a txt database, but opening and closing a txt file takes a bit of time & space :)

[Hidden]

good but ddos can be for each port not only web.This is a common protection good for web side,the rest of them you cant protect,it depend on your internet speed and attackers internet speed,but you can contact your ISP or administrator to block this attacks.

This works on any port running a webserver, so if your running it on port 34908 and you have this script enabled, then it will start logging.
Im not sure if your ISP can help you block DoS attacks. You can try though

[MuForum.Info]

Nope, this has nothing to do with a router..

# English:
Read for the start of the meaning of Dos/DDos-Attack,and then said ...

# Russian:
Прочитай для начала значения понятий Dos/DDos-Атака, а затем уже говори...

[[RCZ]ShadowKing]

This works on any port running a webserver, so if your running it on port 34908 and you have this script enabled, then it will start logging.
Im not sure if your ISP can help you block DoS attacks. You can try though

i dont said it dont work on any webserver port,i only said the ddos can be sent on any of opened port to TCP or UDP.

[Hidden]

i dont said it dont work on any webserver port,i only said the ddos can be sent on any of opened port to TCP or UDP.

Oh, well. php can't protect against that =/

[Hidden]

updated!
i added an admin system , check the last part of my first post

[c4cadvisor]

Nope, this has nothing to do with a router..

thanks


No it does NOT block a DoS attack, and yes the DoS still can take down your webserver. But this logs it so that you can MANUALLY block it through your firewall.
It's better than guessing by looking at logs, so this way. at least you know who did it :]
It used to be stored in a txt database, but opening and closing a txt file takes a bit of time & space :)

you do know ppl that dos use zombie machines? also ppl that know how to dos generally porxy their ip so this doesnt do anything. First, rebuild a tcp/ip packet structure to understand how that works. Then, dos a dummy machine, you will gain insite on how to and how to prevent. Next update you can release a program that maybe can send a attack back to the target address, even if its proxy. Only true way to stop dos, unknown, ive tried and failed many times and my only solution is to hit them back 10x harder than their attack.

[[RCZ]ShadowKing]

you do know ppl that dos use zombie machines? also ppl that know how to dos generally porxy their ip so this doesnt do anything. First, rebuild a tcp/ip packet structure to understand how that works. Then, dos a dummy machine, you will gain insite on how to and how to prevent. Next update you can release a program that maybe can send a attack back to the target address, even if its proxy. Only true way to stop dos, unknown, ive tried and failed many times and my only solution is to hit them back 10x harder than their attack.

the real protection for dos/ddos is internet speed,if you have 2x attacker speed you can pawn him with a simple program,but if attacker give you dos/ddos from more than 1 machine(in most of case dc with 100mbps) you will can be helped only by network administrator by blocking the attacker.Now in my country dos/ddos is illegal and tomorrow start internet monitoring for all so the attackers who attack a romanian server will be pawned by our ISPs and they will be infracted.

[Hidden]

you do know ppl that dos use zombie machines? also ppl that know how to dos generally porxy their ip so this doesnt do anything. First, rebuild a tcp/ip packet structure to understand how that works. Then, dos a dummy machine, you will gain insite on how to and how to prevent. Next update you can release a program that maybe can send a attack back to the target address, even if its proxy. Only true way to stop dos, unknown, ive tried and failed many times and my only solution is to hit them back 10x harder than their attack.

Sure the professionals do use "zombie" machines & proxies. But most DoSsers are complete idiots. All they would do is just find a DoS tool like net tools, put in the target's ip and port 80 then launch a DoS attack.
Im sure that it would be worse to hit back the target and waist your bandwidth on that, best if you just block it.

the real protection for dos/ddos is internet speed,if you have 2x attacker speed you can pawn him with a simple program,but if attacker give you dos/ddos from more than 1 machine(in most of case dc with 100mbps) you will can be helped only by network administrator by blocking the attacker.Now in my country dos/ddos is illegal and tomorrow start internet monitoring for all so the attackers who attack a romanian server will be pawned by our ISPs and they will be infracted.

That's good for where you live, but at our place. The same rules do not apply.

[Faronnia]

Or better is a script which you put in root of website - its acts over a range of 500 ports and partly blocks (derives) DDoS and other flooding,can save website against some good number of connections.
Therefore website will not crash straight away and will have time to find IP or IPs and block them with the firewall itself.

But..eheh...will fail against a major attack from slave machines
Still,its a good release,I am sure many will find it very useful.

[MeTi]

Or better is a script which you put in root of website - its acts over a range of 500 ports and partly blocks (derives) DDoS and other flooding,can save website against some good number of connections.
Therefore website will not crash straight away and will have time to find IP or IPs and block them with the firewall itself.

But..eheh...will fail against a major attack from slave machines
Still,its a good release,I am sure many will find it very useful.

If it is a script on the web site, that means it will only be accessable through the web server - no point writing a script to do this, as your server will still be vulnerable through other ports.

Compile mod_evasive within your Apache web server and modify the configurations - then harden your TCP/IP protocols by modifying your registry. Better choice.

There is no easy way to (D)DoS mitigation.

[c4cadvisor]

the real protection for dos/ddos is internet speed,if you have 2x attacker speed you can pawn him with a simple program,but if attacker give you dos/ddos from more than 1 machine(in most of case dc with 100mbps) you will can be helped only by network administrator by blocking the attacker.Now in my country dos/ddos is illegal and tomorrow start internet monitoring for all so the attackers who attack a romanian server will be pawned by our ISPs and they will be infracted.

my net speed suckszor on my personal pc as its only 16 mbit, and most dedicated pc i buy have 10mbit unmetered bandwidth XD. it doesnt help cuz the attacker will still try. i sorta like the speed idea, but like i said they will still try even if your unmetered bandwidth :P. oh BTw, on some dedi's umetered 10 mbit and umetered 100 mbit are the same speed XD.

[Hidden]

If it is a script on the web site, that means it will only be accessable through the web server - no point writing a script to do this, as your server will still be vulnerable through other ports.

Compile mod_evasive within your Apache web server and modify the configurations - then harden your TCP/IP protocols by modifying your registry. Better choice.

There is no easy way to (D)DoS mitigation.

Exactly, so building a script to block other ports in PHP would not work, but in C++ it probably would.

my net speed suckszor on my personal pc as its only 16 mbit, and most dedicated pc i buy have 10mbit unmetered bandwidth XD. it doesnt help cuz the attacker will still try. i sorta like the speed idea, but like i said they will still try even if your unmetered bandwidth :P. oh BTw, on some dedi's umetered 10 mbit and umetered 100 mbit are the same speed XD.

Even though you have a high internet speed on your dedicated server, it would be stupid wasting your time attack them back because you don't know what ports are open. And it would slow down your website A LOT if you made it attempt to find out per a visit.
So it's best if you just ignore a DoS'er and block them using a firewall.

[Mulegend]

This scripts dont work securing your system
only block IP to see your web under windows systems u cant configure server to stop ddos.. any firewall have this option, only a Router/Firewall anyways, dont existe any anti ddos system, all companys have bigs bandwirdht and more 1 router to filter these attaks, but is impossible stop ddos

Whit this script u can stop a DOS attack, but whit a 1 ddos attack your apache make crash

[Hidden]

This scripts dont work securing your system
only block IP to see your web under windows systems u cant configure server to stop ddos.. any firewall have this option, only a Router/Firewall anyways, dont existe any anti ddos system, all companys have bigs bandwirdht and more 1 router to filter these attaks, but is impossible stop ddos

Whit this script u can stop a DOS attack, but whit a 1 ddos attack your apache make crash

DDoS is a DoS attack from many computers, why wouldn't this script work? Each one of the DoSser's have a different ip. So it will log all of them.

[MuIsBest]

This locksystem is just loggin the ips of the ddosers so you can easily ban them, but ofc.. its not hard for them to ddos it again I suppose. Think about it, a real hacker?