Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sign in to follow this  
milw0rm

TUTORIAL Security : AntiDDos for website

Recommended Posts

First of all: Of course you are not completely freed by this script of DDoS attacks, but you can always contain them.

The way the script works is actually very simple:
At the beginning, the blacklist table is queried as to whether the visitor IP occurs there. If this is the case, the visitor or the attacker is redirected to Google.

If the IP address does not occur, it is checked whether it occurs in the temporary table: If not, an entry of the IP incl. Time and a factor of 1 is stored there. If so, the distance between this and last visit is checked: If it is too low, the factor is increased by 1 and the current time is saved.

Once the factor arrives at 20 (which almost never happens to "normal" visitors), the IP will be blacklisted and redirected the next time the website is accessed.

Set up

The installation of the script is very simple and it only takes three small steps:

1. The PHP script requires a MySQL database with two tables. These are generated by the following SQL commands:
 

CREATE TABLE `ddos_blacklist` (`ip` VARCHAR (15) NOT NULL);
CREATE TABLE `ddos_temp` (`ip` VARCHAR (15) NOT NULL, `zeit` INT NOT NULL, `faktor` INT NOT NULL);

 

2. Set up script ->  Now you have to customize the entire script to your liking and save it anywhere on your webserver:

 

<?php
/****
	 * Anti-DDoS Script
	 * Version 1.0
	 * (c) 2017-2018: milw0rm - admin@putinstresser.eu
	 *
****/

//setup//
//DB-Connect//
$mysqlhost = "localhost";
$mysqluser = "DB-User";
$mysqlpwd = "DB-Passwort";
$mysqldb = "DB-Name";

//First Step..
//mysql_query("CREATE TABLE `ddos_blacklist` (`ip` varchar (15) NOT NULL)");
//mysql_query("CREATE TABLE `ddos_temp` (`ip` varchar (15) NOT NULL, `zeit` int NOT NULL, `faktor` int NOT NULL)");

$MaxDiff = 2; //Max connect
$MaxFaktor = 20; //Max. Faktor Connect.
///End of Setup///

$UserIP = $_SERVER['REMOTE_ADDR']; //UserIP Variable save
$PHPtime = time(); //Time in variable save

//connect to mysql server
$connection=mysql_connect($mysqlhost, $mysqluser, $mysqlpwd);
mysql_select_db($mysqldb, $connection);

//IP in BlackList-DB find..
$blRequest = "SELECT COUNT(ip) FROM `ddos_blacklist` WHERE `ip` = '$UserIP'";
$blRequestResult = mysql_query($blRequest);
$blResult = mysql_fetch_row($blRequestResult);
$blacklisted = $blResult[0];

//If there exists: diversion
if ($blacklisted != 0) {
	header('Location: https://fbi.gov/');
	exit;
}

//IP in Temp-DB search
$tdbRequest = "SELECT COUNT(ip) FROM `ddos_temp` WHERE `ip` = '$UserIP'";
$tdbRequestResult = mysql_query($tdbRequest);
$tdbResult = mysql_fetch_row($tdbRequestResult);
$templisted = $tdbResult[0];

//IP is in TempDB?
if ($templisted == 0) {
	mysql_query("INSERT INTO `ddos_temp` (`ip`, `time`, `faktor`) VALUES ('$UserIP', '$PHPtime', 1)"); //Not yet available, so create an entry
}

//IP is in TempDB?
if ($AbfrageTDB == 0) {
	mysql_query("INSERT INTO `ddos_temp` (`ip`, `time`, `faktor`) VALUES ('$UserIP', '$PHPtime', 1)"); //Not yet available, so create an entry
} else {
	//Time insert in DB
	$dbTimeRequest = "SELECT `time` FROM `ddos_temp` WHERE `ip` = '$UserIP'";
	$dbTimeRequestResult = mysql_query($dbTimeRequest);
	$dbTimeResult = mysql_fetch_row($dbTimeRequestResult);
	$DBTime = $dbTimeResult[0];
Save current PHP time
	$PHPtime = time(); // save current PHP time

	$Differenz = $PHPtime-$DBZeit; //Determine the difference between DBTime and PHPtime

	//If difference is greater than $MaxDiff (s.o.)
	if($Differenz < $MaxDiff) {
		//Faktor from DB reading
		$dbFaktorRequest = "SELECT `faktor` FROM `ddos_temp` WHERE `ip` = '$UserIP'";
		$dbFaktorRequestResult = mysql_query($dbFaktorRequest);
		$dbFaktorResult = mysql_fetch_row($dbFaktorRequestResult);
		$dbFaktor = $dbFaktorResult[0];

		//Increase factor locally by 1
		$NewFaktor = $dbFaktor + 1;

		//Write local factor in DB
		mysql_query("UPDATE `ddos_temp` SET `faktor` = '$NewFaktor' WHERE `ip` = '$UserIP'");
	}

	$PHPtime = time(); // save current PHP time
	mysql_query("UPDATE `ddos_temp` SET `time` = '$PHPtime' WHERE `ip` = '$UserIP'"); //Save current time in DB

	// $MaxFaktor
	if ($NeuerFaktor == $MaxFaktor) {
		mysql_query("INSERT INTO `ddos_blacklist` (`ip`) VALUES ('$UserIP')"); // put IP on BlackList
		mysql_query("DELETE FROM `ddos_temp` WHERE `ip`= '$UserIP'"); //Delete this entry from TempDB
	}
}
?>

 

3.  Include script
In your website, you must now embed the script by copying the following code at the beginning of each file or a global header file:

 

include('anti_ddos.php');

 

Share this post


Link to post
Share on other sites
Gerade eben schrieb milw0rm:

First of all: Of course you are not completely freed by this script of DDoS attacks, but you can always contain them.

The way the script works is actually very simple:
At the beginning, the blacklist table is queried as to whether the visitor IP occurs there. If this is the case, the visitor or the attacker is redirected to Google.

If the IP address does not occur, it is checked whether it occurs in the temporary table: If not, an entry of the IP incl. Time and a factor of 1 is stored there. If so, the distance between this and last visit is checked: If it is too low, the factor is increased by 1 and the current time is saved.

Once the factor arrives at 20 (which almost never happens to "normal" visitors), the IP will be blacklisted and redirected the next time the website is accessed.

Set up

The installation of the script is very simple and it only takes three small steps:

1. The PHP script requires a MySQL database with two tables. These are generated by the following SQL commands:
 


CREATE TABLE `ddos_blacklist` (`ip` VARCHAR (15) NOT NULL);
CREATE TABLE `ddos_temp` (`ip` VARCHAR (15) NOT NULL, `zeit` INT NOT NULL, `faktor` INT NOT NULL);

 

2. Set up script ->  Now you have to customize the entire script to your liking and save it anywhere on your webserver:

 


<?php
/****
	 * Anti-DDoS Script
	 * Version 1.0
	 * (c) 2017-2018: milw0rm - admin@putinstresser.eu
	 *
****/

//setup//
//DB-Connect//
$mysqlhost = "localhost";
$mysqluser = "DB-User";
$mysqlpwd = "DB-Passwort";
$mysqldb = "DB-Name";

//First Step..
//mysql_query("CREATE TABLE `ddos_blacklist` (`ip` varchar (15) NOT NULL)");
//mysql_query("CREATE TABLE `ddos_temp` (`ip` varchar (15) NOT NULL, `zeit` int NOT NULL, `faktor` int NOT NULL)");

$MaxDiff = 2; //Max connect
$MaxFaktor = 20; //Max. Faktor Connect.
///End of Setup///

$UserIP = $_SERVER['REMOTE_ADDR']; //UserIP Variable save
$PHPtime = time(); //Time in variable save

//connect to mysql server
$connection=mysql_connect($mysqlhost, $mysqluser, $mysqlpwd);
mysql_select_db($mysqldb, $connection);

//IP in BlackList-DB find..
$blRequest = "SELECT COUNT(ip) FROM `ddos_blacklist` WHERE `ip` = '$UserIP'";
$blRequestResult = mysql_query($blRequest);
$blResult = mysql_fetch_row($blRequestResult);
$blacklisted = $blResult[0];

//If there exists: diversion
if ($blacklisted != 0) {
	header('Location: https://fbi.gov/');
	exit;
}

//IP in Temp-DB search
$tdbRequest = "SELECT COUNT(ip) FROM `ddos_temp` WHERE `ip` = '$UserIP'";
$tdbRequestResult = mysql_query($tdbRequest);
$tdbResult = mysql_fetch_row($tdbRequestResult);
$templisted = $tdbResult[0];

//IP is in TempDB?
if ($templisted == 0) {
	mysql_query("INSERT INTO `ddos_temp` (`ip`, `time`, `faktor`) VALUES ('$UserIP', '$PHPtime', 1)"); //Not yet available, so create an entry
}

//IP is in TempDB?
if ($AbfrageTDB == 0) {
	mysql_query("INSERT INTO `ddos_temp` (`ip`, `time`, `faktor`) VALUES ('$UserIP', '$PHPtime', 1)"); //Not yet available, so create an entry
} else {
	//Time insert in DB
	$dbTimeRequest = "SELECT `time` FROM `ddos_temp` WHERE `ip` = '$UserIP'";
	$dbTimeRequestResult = mysql_query($dbTimeRequest);
	$dbTimeResult = mysql_fetch_row($dbTimeRequestResult);
	$DBTime = $dbTimeResult[0];
Save current PHP time
	$PHPtime = time(); // save current PHP time

	$Differenz = $PHPtime-$DBZeit; //Determine the difference between DBTime and PHPtime

	//If difference is greater than $MaxDiff (s.o.)
	if($Differenz < $MaxDiff) {
		//Faktor from DB reading
		$dbFaktorRequest = "SELECT `faktor` FROM `ddos_temp` WHERE `ip` = '$UserIP'";
		$dbFaktorRequestResult = mysql_query($dbFaktorRequest);
		$dbFaktorResult = mysql_fetch_row($dbFaktorRequestResult);
		$dbFaktor = $dbFaktorResult[0];

		//Increase factor locally by 1
		$NewFaktor = $dbFaktor + 1;

		//Write local factor in DB
		mysql_query("UPDATE `ddos_temp` SET `faktor` = '$NewFaktor' WHERE `ip` = '$UserIP'");
	}

	$PHPtime = time(); // save current PHP time
	mysql_query("UPDATE `ddos_temp` SET `time` = '$PHPtime' WHERE `ip` = '$UserIP'"); //Save current time in DB

	// $MaxFaktor
	if ($NeuerFaktor == $MaxFaktor) {
		mysql_query("INSERT INTO `ddos_blacklist` (`ip`) VALUES ('$UserIP')"); // put IP on BlackList
		mysql_query("DELETE FROM `ddos_temp` WHERE `ip`= '$UserIP'"); //Delete this entry from TempDB
	}
}
?>

 

3.  Include script
In your website, you must now embed the script by copying the following code at the beginning of each file or a global header file:

 


include('anti_ddos.php');

 



edit the first step !
CREATE TABLE `ddos_blacklist` (`ip` VARCHAR (15) NOT NULL); CREATE TABLE `ddos_temp` (`ip` VARCHAR (15) NOT NULL, `time` INT NOT NULL, `faktor` INT NOT NULL);

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

Information

  • Recently Browsing   0 members

    No registered users viewing this page.



×

Important Information

By using this site, you agree to our Terms of Use and Guidelines.