Anti DDOS script Talking ! - Printable Version

Anti DDOS script Talking ! - Printable Version

+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Website Scripting & Security (https://lckb.dev/forum/forumdisplay.php?fid=197)
+---- Forum: Webmasters Help & Talk (https://lckb.dev/forum/forumdisplay.php?fid=142)
+---- Thread: Anti DDOS script Talking ! (/showthread.php?tid=2979)

- FCV2005 - 06-25-2015

first of all i ahve to tell everyone this is a old script , i dont know if still working or not , but someone must test it if have time , dont forget you must have folder called anti_ddos , it must contain :

anti_ddos.php
index.php
white_ip.txt
check.txt
black_ip.txt
all_ip.txt

.httaccess
<Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)">
Order allow,deny
Deny from all
</Files>

require("anti_ddos/index.php");

anti_ddos.php

<?php
function getIP() {
if(getenv("HTTP_CLIENT_IP") and preg_match("/^[0-9\.]*?[0-9\.]+$/is",getenv("HTTP_CLIENT_IP")) and getenv("HTTP_CLIENT_IP")!='127.0.0.1') {
$ip = getenv("HTTP_CLIENT_IP");
} elseif(getenv("HTTP_X_FORWARDED_FOR") and preg_match("/^[0-9\.]*?[0-9\.]+$/is",getenv("HTTP_X_FORWARDED_FOR")) and getenv("HTTP_X_FORWARDED_FOR")!='127.0.0.1') {
$ip = getenv("HTTP_X_FORWARDED_FOR");
} else {
$ip = getenv("REMOTE_ADDR");
}
return $ip;
}
$ad_ip=getIP();

$ad_source=file("{$ad_dir}/{$ad_black_file}");
$ad_source=explode(' ',$ad_source[0]);
if (in_array($ad_ip,$ad_source)){die();}

$ad_source=file("{$ad_dir}/{$ad_white_file}");
$ad_source=explode(' ',$ad_source[0]);
if (!in_array($ad_ip,$ad_source)){

$ad_source=file("{$ad_dir}/{$ad_temp_file}");
$ad_source=explode(' ',$ad_source[0]);
if (!in_array($ad_ip,$ad_source)){
$ad_file=fopen("{$ad_dir}/{$ad_temp_file}","a+");
$ad_string=$ad_ip.' ';
fputs($ad_file,"$ad_string");
fclose($ad_fp);
?>

The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt Wink

It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt Wink

It will be blocked !!!
<form method="post">
<input type="submit" name="ad_white_ip" value="I'm not a zombie !!!!!">
</form>

<?php
die();
}
elseif ($_POST['ad_white_ip']){
$ad_file=fopen("{$ad_dir}/{$ad_white_file}","a+");
$ad_string=$ad_ip.' ';
fputs($ad_file,"$ad_string");
fclose($ad_fp);
}
else {
$ad_file=fopen("{$ad_dir}/{$ad_black_file}","a+");
$ad_string=$ad_ip.' ';
fputs($ad_file,"$ad_string");
fclose($ad_fp);
die();
}
}
?>

index.php

<?php

$ad_ddos_query=12; // the number of requests per second to detect DDOS attacks
$ad_check_file='check.txt'; // file to record the current status of the monitoring
$ad_temp_file='all_ip.txt'; // temp file
$ad_black_file='black_ip.txt'; // ip will be logged zombie machines
$ad_white_file='white_ip.txt'; // visitors
$ad_dir='anti_ddos'; // name of folder
$ad_num_query=0; // the current number of requests per second file $check_file
$ad_sec_query=0; // sec $check_file
$ad_end_defense=0; // protect file $check_file
$ad_sec=date("s"); // second
$ad_date=date("mdHis"); // time
$ad_defense_time=360; // ddos attack detection time in seconds on the monitor is terminated

if(!file_exists("{$ad_dir}/{$ad_check_file}") or !file_exists("{$ad_dir}/{$ad_temp_file}") or !file_exists("{$ad_dir}/{$ad_black_file}") or !file_exists("{$ad_dir}/{$ad_white_file}") or !file_exists("{$ad_dir}/anti_ddos.php")){
die("notexist");
}

require("{$ad_dir}/{$ad_check_file}");

if ($ad_end_defense and $ad_end_defense>$ad_date){
require("{$ad_dir}/anti_ddos.php");
} else {
if($ad_sec==$ad_sec_query){
$ad_num_query++;
} else {
$ad_num_query='1';
}

if ($ad_num_query>=$ad_ddos_query){
$ad_file=fopen("{$ad_dir}/{$ad_check_file}","w");
$ad_end_defense=$ad_date+$ad_defense_time;
$ad_string='<?php $ad_end_defense='.$ad_end_defense.'; ?>';
fputs($ad_file,$ad_string);
fclose($ad_fp);
} else {
$ad_file=fopen("{$ad_dir}/{$ad_check_file}","w");
$ad_string='<?php $ad_num_query='.$ad_num_query.'; $ad_sec_query='.$ad_sec.'; ?>';
fputs($ad_file,$ad_string);
fclose($ad_fp);
}
}
?>

- Wizatek - 06-26-2015

It won't work.

The moment the attack hits the machine its too late, you can't sort that with software.

- FCV2005 - 06-26-2015

so , this topic can be closed , Thank you Wizatek !

- Kekers - 07-04-2015

It won't work.

The moment the attack hits the machine its too late, you can't sort that with software.

It depends really on the attack type. If it's just a TCP attack to exhaust apache resources then it will work somewhat. Although personally it's way better to just set a rule in the firewall to limit only a few connections from one IP address. When it comes to UDP then you need hardware in between you and the attacker with there being no way around it (other than mitigation tricks like null routing etc).

- IhÂ¢sÃ£s123 - 07-04-2015

Best way is a hardware firewall or from hoster directly.

- DamonA - 07-04-2015

Best way is a hardware firewall or from hoster directly.

recommended a layer 7 protection

- Sutz - 07-05-2015

CLOSED On request :-)