1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Anti-DDOS Script

Discussion in 'Security' started by addeen, May 22, 2011.

  1. #1
    //???? ??? ??? ?????-?????? ????? ??????? ?????? ??? ?????????? - ?????????.
    /*
    ////////////////////////////////////////////////////////////
    Antiddos php module, powered by XakNet.Ru - S(r1pt
    Work on IPTABLES!!!
    Paste into the beginning of a script via include
    For the anti-ddos to operate, you need to have access to the 'system' function and an iptables command. If it's not available, all blocked ips go into 'banned_ips'.
    It's the best to put anti-ddos on VPS or dedicated server.
    Going to work against an average DDOS. (If it works through iptables)
    Comments translated by --?--
    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    */
    $debug = false; // debug mode, disabled ban, simply shows a message if the IP was banned or not.
    if ($debug) error_reporting(E_ALL);
    else error_reporting(0);


    /* Possible values - $ddos 1-5:
    | 1. Check using cookies(recommended)
    | 2. Double check using $_GET antiddos and meta refresh
    | 3. Authorization request WWW-Authenticate
    | 4. Disables the site completely, bots aren't being blocked!!!
    | 5. Turn the site off if the load is too high, bots aren't being blocked!!!
    */

    $ddos = 1;
    $log = false;
    $dir = dirname(__file__) . '/cyki_bots/'; //DDOS log directory, create it and chmod 777
    $ddos_redirect_host = 'http://google.com/'; // Host to which redirect DDOS
    $icq = '123456'; //Admins ICQ
    $off_message = 'We are experiencing technical difficulties.'; //Message if website is down.
    $anticyka = md5(sha1('botik' . strrev(getenv('HTTP_USER_AGENT'))));
    $ban_message = 'You have been blocked. If you believe this is a mistake, contact an administrator, icq of admin:' .
    $icq . '©XakNet antiddos module'; // Ban message
    $exec_ban = "iptables -A INPUT -s " . $_SERVER["REMOTE_ADDR"] . " -j DROP"; // ??? iptables(Debian/ubuntu/etc)
    $load = sys_getloadavg(); // Function for retrieving load average \=\
    $ddosuser = 'lol_ddos';
    $ddospass = substr(ip2long($_SERVER['REMOTE_ADDR']), 0, rand(2, 4));
    //not tested //checks if those are crawlers:

    $google = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "googlebot.com") !== false;
    $yandex = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "yandex.ru") !== false;
    $rambler = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "ramtel.ru") !== false;
    $rambler2 = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "rambler.ru") !== false;
    $aport = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "aport.ru") !== false;
    $sape = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "sape.ru") !== false;
    $msn = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "msn.com") !== false;
    $yahoo = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "yahoo.net") !== false;
    //
    if(!file_exists($dir . 'banned_ips')) file_put_contents($dir . 'banned_ips', '');
    if (strstr(file_get_contents($dir . 'banned_ips'), $_SERVER['REMOTE_ADDR']))
    die($ban_message); //GTFO )


    if (! $google || ! $yandex || ! $rambler || ! $rambler2 || ! $aport || ! $sape ||
    ! $msn || ! $yahoo) {

    $f = fopen($dir . $_SERVER["REMOTE_ADDR"], "a");
    fwrite($f, "zapros cyka\n");
    fclose($f);
    function ban()
    {
    if (! system($exec_ban)) {
    $f = fopen($dir . 'banned_ips', "a");
    fwrite($f, $_SERVER['REMOTE_ADDR'] . '|');
    fclose($f);
    }
    echo $ban_message;
    header('Location: ' . $ddos_redirect_host . '');
    die();
    }
    switch ($ddos) {
    ///////////////////////////
    case 1:
    if (empty($_COOKIE['ddos']) or ! $_COOKIE['ddos']) {
    $counter = @file($dir . $_SERVER["REMOTE_ADDR"]);
    setcookie('ddos', $anticyka, time() + 3600 * 24 * 7 * 356); // ?? ??? ???.
    if (count($counter) > 10) {
    if (! $debug) ban();

    else die("Blocked");

    }
    if (! $_COOKIE['ddos_log'] == 'bil') {
    if (! $_GET['antiddos'] == 1) {
    setcookie('ddos_log', 'bil', time() + 3600 * 24 * 7 * 356); //???? ?????? ??? ??? ???? ?? ???????????? ????????? ????????.
    header("Location: ./?antiddos=1");
    }
    }
    } elseif ($_COOKIE['ddos'] !== $anticyka) {
    if (! $debug) ban();

    else die("Blocked.");
    SEMrush
    }
    break;
    /////////////////////////
    case 2:
    if (empty($_COOKIE['ddos'])) {
    if (empty($_GET['antiddos'])) {
    if (! $_COOKIE['ddos_log'] == 'bil')
    //Checking cookies for request
    die('');

    } elseif ($_GET['antiddos'] == $anticyka) {
    setcookie('ddos', $anticyka, time() + 3600 * 24 * 7 * 356);
    setcookie('ddos_log', 'bil', time() + 3600 * 24 * 7 * 356); //???? ?????? ??? ??? ???? ?? ???????????? ????????? ????????.
    }
    else {

    if (! $debug) {
    ban();
    die("May be shall not transform address line?");
    }
    else {
    echo "May be shall not transform address line?";
    die("Blocked.");
    }
    }
    }
    break;
    case 3:
    if (! isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] !== $ddosuser ||
    $_SERVER['PHP_AUTH_PW'] !== $ddospass) {
    header('WWW-Authenticate: Basic realm="Vvedite parol\': ' . $ddospass .
    ' | Login: ' . $ddosuser . '"');
    header('HTTP/1.0 401 Unauthorized');
    if (! $debug) ban();

    else die("Blocked");

    die("
    401 Unauthorized
    ");
    }
    break;
    case 4:
    die($off_message); //site disabled
    break;
    case 5:
    if ($load[0] > 80) {
    header('HTTP/1.1 503 Too busy, try again later');
    die('
    503 Server too busy.
    Server too busy. Please try again later. Apache server on ' .
    $_SERVER['HTTP_HOST'] .
    ' at port 80 with ddos protect');
    }
    break;
    default:
    break;
    //////////////////////////
    }
    if ($_COOKIE['ddos'] == $anticyka) @unlink($dir . $_SERVER["REMOTE_ADDR"]);
    }
    //////////////////////////////
    //powered by xaknet.ru


    ?>
     
    addeen, May 22, 2011 IP
    SEMrush
  2. AllHostOne.co.uk

    AllHostOne.co.uk Member

    Messages:
    384
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    45
    #2
    Right okay.

    Could be quite nice to have a list of features as well as having the code in code tags. Where do we put this script etc?
     
    AllHostOne.co.uk, May 25, 2011 IP
  3. RonBrown

    RonBrown Well-Known Member

    Messages:
    934
    Likes Received:
    55
    Best Answers:
    4
    Trophy Points:
    105
    #3
    While this might help if your suffering from a small-scale DOS attack from a few users, it isn't going to be much good if it's a genuine DDOS attack because you have to accept - and process - the connection using this script first. With a DDOS attack you're attempting to stop the connections getting to your server in the first place, and to do that you'll probably need the help of your upstream provider.
     
    RonBrown, May 26, 2011 IP
  4. Freeiz

    Freeiz Peon

    Messages:
    29
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Or just manually monitor the activity via your CPU.
     
    Freeiz, May 26, 2011 IP
  5. ryan1918

    ryan1918 Active Member

    Messages:
    668
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    60
    #5
    This would not actually stop any true ddos, ddos attacks require expensive hardware and lots of bandwidth, maybe a basic small flood, I've actually made up some nice firewall scripts if anyone wants it I'll make a post about it, It helps pretty good.
     
    ryan1918, May 30, 2011 IP
  6. stardust.x7

    stardust.x7 Active Member

    Messages:
    369
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    90
    #6
    Hardware level DDoS protection is good. However I appreciate if you make this script available for install with proper instructions over online like : deflate.medialayer.com
     
    stardust.x7, Jun 3, 2011 IP
  7. eyesdrinker

    eyesdrinker Greenhorn

    Messages:
    99
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    20
    #7
    yes, a proper documentation and details for dummies be highly appreciated.
     
    eyesdrinker, Jun 7, 2011 IP
  8. rockeerz

    rockeerz Active Member

    Messages:
    145
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #8
    How is this possible
     
    rockeerz, Jun 8, 2011 IP
  9. penguinH

    penguinH Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Can you explain more, where i put this script , how it works ??
     
    penguinH, Jun 8, 2011 IP
  10. stardust.x7

    stardust.x7 Active Member

    Messages:
    369
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    90
    #10
    stardust.x7, Jun 8, 2011 IP