[PHP]Lock System- Anti Dos

[Hidden]

If your wondering what "DoS" is, well it's a type of web server attack.
In the shortest terms possible, when someone launches a DoS (Denial of Service) attack against your website, they are sending a shit load of packets. Thus your apache server will crash making your website unvisitable(until apache is restarted). It also takes up a lot of bandwidth, so those servers who have a rented dedi most likely don't have unlimited bandwidth!
So i developed this system that HELPS protect against it but does NOT block it (i couldn't code the firewall!).
Here's how it works,
each time you load the page, your ip and your request time (the value of time() ) is logged into the database,
then, on your second load a script will check your last request time (for example 119843934) and if it is the same as the current time then your warnings will go up by one. Once the maximum warnings have been reached, you shall be banned from the website and a text message will be dispatched to the owner.
It is recommended to run the following query somewhat often(if you get more than 1k visits an hour).

Code:

delete from locksystem where warnings =0

If needed, just ask and i will code a function to automatically clear the database of non-banned ip's every 10 minutes.
Please ask me before releasing modifications!
Things to do:
send the ip to a firewall to block it from all ports (0%)- if you can help me please message me somehow
--------------------------------------------------------
Installation is simple:
1.make a database called locksystem in enterprise manager
2.run the query (tables.sql) in your query analyzer on the Locksystem database
3.Edit locksystem.php so that it can establish a connection to the locksystem database
NOTE: it is recommended to leave 127.0.0.1 as the only admin ip, because localhost has no wait time.
$admin_ips=array("127.0.0.1","Want another one?","how about another?");
4.Your system is all set and ready to go!
------------------------------------------------------
Comments or suggestions please?
-------------------------------------------------
Lock System v1.2
Updates:
Admin System
:]
default login is
Admin for the username and Admin for the password
you can look at banned people, all logs, clear logs, clear the un banned people, and search for an ip!
-------------------------------
v1.3
New layout

[MentaL]

[onemorejosh]

fyi, you can control Windows Firewall using COM and the INetFwMgr interface

You can add a list of IP's to a block list on a certain port. Really, only port 80 is needed. 443 if SSL is enabled

Your db solution is good. Another potential way of handling cleanup is 'delete from locksystem where warning_time<getdate()-0.05' or whatever interval, then you always just keep the last hour's worth of warnings etc

[Pieman]

Sorry to tell you mate, but this doesn't work. For starters, even though an ip is banned, the packets are still being send to the server thus it's still being dossed. Adding to that, the huge amount of database traffic your script generates (i.e sending a query for every request) will probably cause the server to overload even faster.

The only real protection against (d)dos attacks is a physical firewall, which cost around 1000$

[onemorejosh]

Heh

No, his system works fine.

If the DOS is just random packets, then sure, nothing's going to stop that and blocking it wouldn't make any difference because the packets still make it to the system in the first place.

A physical firewall wouldn't do anything either, other than stop the packets from getting to the computer itself - you'd still pay for bandwidth with most providers.

...His system is designed to stop DOS attacks against the web server itself, not random packets. And his system's just fine for that. Assuming his table index is properly created and the table is maintained, several thousand, or at least several hundred of those queries could be executed per second. Optimization methods would be easy - store it in memory instead of a DB, but may not be practical for him, who knows :) As long as the query's don't occur after an ip is "blocked", it won't explode the server.

Sure, it's not some fancy-pants corporate hardcore solution, and yeah it could be optimized, but hey its good for what it's intended to do

[penihop]

my router gotz DOS protection in its 'double' firewall, costs $200
also there is apache module for DOS protection :)

[KidFlow]

Limestone networks does DDOs protection. Im not sure what this is.

[onemorejosh]

Many large networks nowadays that provide colocation services and so forth have DDOS protection in the form of upstream blocking so that a fair chunk of it is filtered out before arriving in your network

[Hidden]

It's not really meant to STOP Dos, more like log.
Before i used this, when i got DoS'ed i would always have to guess who did it, now i know forsure who did it and i can just use any firewall like sygate and block their ip.

[onemorejosh]

I wish smurfing still worked :)

[MjClarke1]

What if you're not being attacked on your webserver port? lul.

[jcgo16]

What if you're not being attacked on your webserver port? lul.

thats what im going to ask too
for example in my o2 server, i have a server, 15010, can they ddos that port?

[madcows7]

It's not really meant to STOP Dos, more like log.
Before i used this, when i got DoS'ed i would always have to guess who did it, now i know forsure who did it and i can just use any firewall like sygate and block their ip.

now if you where getting ddosed you may have 2 thousand + ips

thats what im going to ask too
for example in my o2 server, i have a server, 15010, can they ddos that port?

any port can be dossed but different kinds of dos

[MjClarke1]

thats what im going to ask too
for example in my o2 server, i have a server, 15010, can they ddos that port?

You can DDoS Any port

[yakovv]

i cant use the "admin area" if i am using sql 2000 right ?
if you can edit it for sql2000 ..thanks