Anti DDOS script Talking !

[FCV2005]

first of all i ahve to tell everyone this is a old script , i dont know if still working or not , but someone must test it if have time , dont forget you must have folder called anti_ddos , it must contain :

anti_ddos.php
index.php
white_ip.txt
check.txt
black_ip.txt
all_ip.txt

.httaccess
<Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)">
Order allow,deny
Deny from all
</Files>

require("anti_ddos/index.php");

 

 

 

 

anti_ddos.php

 

<?php
function getIP() {
if(getenv("HTTP_CLIENT_IP") and preg_match("/^[0-9\.]*?[0-9\.]+$/is",getenv("HTTP_CLIENT_IP")) and getenv("HTTP_CLIENT_IP")!='127.0.0.1') {
$ip = getenv("HTTP_CLIENT_IP");
} elseif(getenv("HTTP_X_FORWARDED_FOR") and preg_match("/^[0-9\.]*?[0-9\.]+$/is",getenv("HTTP_X_FORWARDED_FOR")) and getenv("HTTP_X_FORWARDED_FOR")!='127.0.0.1') {
$ip = getenv("HTTP_X_FORWARDED_FOR");
} else {
$ip = getenv("REMOTE_ADDR");
}
return $ip;
}
$ad_ip=getIP();

$ad_source=file("{$ad_dir}/{$ad_black_file}");
$ad_source=explode(' ',$ad_source[0]);
if (in_array($ad_ip,$ad_source)){die();}

$ad_source=file("{$ad_dir}/{$ad_white_file}");
$ad_source=explode(' ',$ad_source[0]);
if (!in_array($ad_ip,$ad_source)){

$ad_source=file("{$ad_dir}/{$ad_temp_file}");
$ad_source=explode(' ',$ad_source[0]);
if (!in_array($ad_ip,$ad_source)){
$ad_file=fopen("{$ad_dir}/{$ad_temp_file}","a+");
$ad_string=$ad_ip.' ';
fputs($ad_file,"$ad_string");
fclose($ad_fp);
?>

The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
The site is currently under DDOS attack, if you are not a machine - zombies attacking a site , click on the button , otherwise your IP (<?=$ad_ip?&gt It will be blocked !!!
<form method="post">
<input type="submit" name="ad_white_ip" value="I'm not a zombie !!!!!">
</form>

<?php
die();
}
elseif ($_POST['ad_white_ip']){
$ad_file=fopen("{$ad_dir}/{$ad_white_file}","a+");
$ad_string=$ad_ip.' ';
fputs($ad_file,"$ad_string");
fclose($ad_fp);
}
else {
$ad_file=fopen("{$ad_dir}/{$ad_black_file}","a+");
$ad_string=$ad_ip.' ';
fputs($ad_file,"$ad_string");
fclose($ad_fp);
die();
}
}
?>

index.php

<?php

$ad_ddos_query=12; // the number of requests per second to detect DDOS attacks
$ad_check_file='check.txt'; // file to record the current status of the monitoring
$ad_temp_file='all_ip.txt'; // temp file
$ad_black_file='black_ip.txt'; // ip will be logged zombie machines
$ad_white_file='white_ip.txt'; // visitors
$ad_dir='anti_ddos'; // name of folder
$ad_num_query=0; // the current number of requests per second file $check_file
$ad_sec_query=0; // sec $check_file
$ad_end_defense=0; // protect file $check_file
$ad_sec=date("s"); // second
$ad_date=date("mdHis"); // time
$ad_defense_time=360; // ddos attack detection time in seconds on the monitor is terminated

if(!file_exists("{$ad_dir}/{$ad_check_file}") or !file_exists("{$ad_dir}/{$ad_temp_file}") or !file_exists("{$ad_dir}/{$ad_black_file}") or !file_exists("{$ad_dir}/{$ad_white_file}") or !file_exists("{$ad_dir}/anti_ddos.php")){
die("notexist");
}

require("{$ad_dir}/{$ad_check_file}");

if ($ad_end_defense and $ad_end_defense>$ad_date){
require("{$ad_dir}/anti_ddos.php");
} else {
if($ad_sec==$ad_sec_query){
$ad_num_query++;
} else {
$ad_num_query='1';
}

if ($ad_num_query>=$ad_ddos_query){
$ad_file=fopen("{$ad_dir}/{$ad_check_file}","w");
$ad_end_defense=$ad_date+$ad_defense_time;
$ad_string='<?php $ad_end_defense='.$ad_end_defense.'; ?>';
fputs($ad_file,$ad_string);
fclose($ad_fp);
} else {
$ad_file=fopen("{$ad_dir}/{$ad_check_file}","w");
$ad_string='<?php $ad_num_query='.$ad_num_query.'; $ad_sec_query='.$ad_sec.'; ?>';
fputs($ad_file,$ad_string);
fclose($ad_fp);
}
}
?>

[Wizatek]

It won't work.

The moment the attack hits the machine its too late, you can't sort that with software.

[FCV2005]

so , this topic can be closed , Thank you Wizatek !

[Kekers]

It won't work.

The moment the attack hits the machine its too late, you can't sort that with software.

It depends really on the attack type. If it's just a TCP attack to exhaust apache resources then it will work somewhat. Although personally it's way better to just set a rule in the firewall to limit only a few connections from one IP address. When it comes to UDP then you need hardware in between you and the attacker with there being no way around it (other than mitigation tricks like null routing etc).

[Ih¢sãs123]

Best way is a hardware firewall or from hoster directly.

[DamonA]

Best way is a hardware firewall or from hoster directly.

 

recommended a layer 7 protection 

[Sutz]

CLOSED On request :-)