[Release] Protection against DDOS attacks for your website
Protection against DDOS attacks for your website
(c) by Senya
Just warning you, the system is written in php and is intended to reduce the attack http flood, from another type of ddos attack, for example: icmp and udp at the usual web site owner can not defend themselves.
Briefly about the system: the system includes a detection module DDOS attacks, which produces a constant monitoring of the site congestion by tracking the number of incoming requests per second, if the number of requests per second exceeds 10 (this is the default, you can set more), then the module is connected repayment attack who begins to calculate IP addresses attacking zombie machines and add them to the blacklist, while monitoring is disabled by default in 1:00.
The principle of operation I think is clear, that's the code:
For example, create a directory anti_ddos and throw all the scripts in it:
index.php (detection module DDOS) attacks:
Also for the script will need 4 files check.txt, white_ip.txt, black_ip.txt, all_ip.txt and create them in the same directory, and all the rights set 666 (read and write).Code:<? Php $ Ad_ddos_query = 10 / / number of requests per second for the detection of DDOS attacks $ Ad_check_file = 'check.txt'; / / file to record the current state of the monitoring $ Ad_temp_file = 'all_ip.txt'; / / temporary file $ Ad_black_file = 'black_ip.txt'; / / ip will be logged zombie machines $ Ad_white_file = 'white_ip.txt'; / / ip logged users $ Ad_dir = 'anti_ddos'; / / directory with scripts $ Ad_num_query = 0, / / current number of requests per second from the file $ check_file $ Ad_sec_query = 0, / / second from the file $ check_file $ Ad_end_defense = 0, / / end time protection of the file $ check_file $ Ad_sec = date ("s"); / / current second $ Ad_date = date ("mdHis"); / / current time $ Ad_defense_time = 10000 / / detection ddos attack time in seconds at which stops monitoring if (! file_exists ("{$ ad_dir} / {$ ad_check_file}") or! file_exists ("{$ ad_dir} / {$ ad_temp_file}") or! file_exists ("{$ ad_dir} / {$ ad_black_file}") or ! file_exists ("{$ ad_dir} / {$ ad_white_file}") or! file_exists ("{$ ad_dir} / anti_ddos.php")) { die ("Missing Files."); } require ("{$ ad_dir} / {$ ad_check_file}"); if ($ ad_end_defense and $ ad_end_defense> $ ad_date) { require ("{$ ad_dir} / anti_ddos.php"); } Else { if ($ ad_sec == $ ad_sec_query) { $ Ad_num_query + +; } Else { $ Ad_num_query = '1 '; } if ($ ad_num_query> = $ ad_ddos_query) { $ Ad_file = fopen ("{$ ad_dir} / {$ ad_check_file}", "w"); $ Ad_end_defense = $ ad_date + $ ad_defense_time; $ Ad_string = '<? Php $ ad_end_defense ='. $ Ad_end_defense. ';?>'; fputs ($ ad_file, $ ad_string); fclose ($ ad_fp); } Else { $ Ad_file = fopen ("{$ ad_dir} / {$ ad_check_file}", "w"); $ Ad_string = '<? Php $ ad_num_query ='. $ Ad_num_query. '; $ Ad_sec_query ='. $ Ad_sec. ';?>'; fputs ($ ad_file, $ ad_string); fclose ($ ad_fp); } } ?> anti_ddos.php (module maturity DDOS) attacks: PHP code: <? Php function getIP () { if (getenv ("HTTP_CLIENT_IP") and preg_match ("/ ^ [0-9 \.] *? [0-9 \.] + $ / is", getenv ("HTTP_CLIENT_IP")) and getenv ("HTTP_CLIENT_IP") , = '127 .0.0.1 ') { $ Ip = getenv ("HTTP_CLIENT_IP"); } Elseif (getenv ("HTTP_X_FORWARDED_FOR") and preg_match ("/ ^ [0-9 \.] *? [0-9 \.] + $ / Is", getenv ("HTTP_X_FORWARDED_FOR")) and getenv ("HTTP_X_FORWARDED_FOR" )! = '127 .0.0.1 ') { $ Ip = getenv ("HTTP_X_FORWARDED_FOR"); } Else { $ Ip = getenv ("REMOTE_ADDR"); } return $ ip; } $ Ad_ip = getIP (); $ Ad_source = file ("{$ ad_dir} / {$ ad_black_file}"); $ Ad_source = explode ('', $ ad_source [0]); if (in_array ($ ad_ip, $ ad_source)) {die ();} $ Ad_source = file ("{$ ad_dir} / {$ ad_white_file}"); $ Ad_source = explode ('', $ ad_source [0]); if (! in_array ($ ad_ip, $ ad_source)) { $ Ad_source = file ("{$ ad_dir} / {$ ad_temp_file}"); $ Ad_source = explode ('', $ ad_source [0]); if (! in_array ($ ad_ip, $ ad_source)) { $ Ad_file = fopen ("{$ ad_dir} / {$ ad_temp_file}", "a +"); $ Ad_string = $ ad_ip. ' '; fputs ($ ad_file, "$ ad_string"); fclose ($ ad_fp); ?> Website is currently under DDOS attack, if you are not a machine, a zombie attacking site, click on the button, otherwise your IP (<? = $ Ad_ip?>) Will be blocked! <form method="post"> <input type="submit" name="ad_white_ip" value="Knopka"> </ Form> <? Php die (); } elseif ($ _POST ['ad_white_ip']) { $ Ad_file = fopen ("{$ ad_dir} / {$ ad_white_file}", "a +"); $ Ad_string = $ ad_ip. ' '; fputs ($ ad_file, "$ ad_string"); fclose ($ ad_fp); } else { $ Ad_file = fopen ("{$ ad_dir} / {$ ad_black_file}", "a +"); $ Ad_string = $ ad_ip. ' '; fputs ($ ad_file, "$ ad_string"); fclose ($ ad_fp); die (); } } ?>
It is also desirable in the attack lists of IP addresses in the attacking machine, the file transfer black_ip.txt gradually. Htaccess file and block them from there, then the load is greatly reduced.
Example. Htaccess file
Code:
Deny from 11.11.11.11 22.22.22.22 etc. separated by a space
Yes, I almost forgot to connect the script at the beginning of each file, which can be subjected to attack, add the line:
Script and text by (c) Senya - I just repost this here ^^Code:require ("anti_ddos / index.php");
Reply With Quote![[Release] Protection against DDOS attacks for your website](http://ragezone.com/hyper728.png)
