Anti Ddos Em Php

+5
Brandow
DJGhost
matheus41
elizeu
viniciusmentez
9 participantes

viniciusmentez viniciusmentez  • 28.11.11 14:32

Anti Ddos Em Php Empty Anti Ddos Em Php 28.11.11 14:32

Primeiro : Abra O Bloco De Notas e Cole esse Codigo :

Código:
#!/usr/bin/php -q
<?php
   /*
    * ----------------------------------------------------------------
    * AUTHOR:      ViniciusMentez
    * DATE:        15th June 2005
    * FILE:        AntiDoS
    * PURPOSE:   
    *            offending IP
    * CONTACT:    [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
    * COPYRIGHT:  Copyright to Prism Hosting 2005
    * DONATE:      If you liked this script and thought it helped you,
    *            please feel free to make a small donation via
    *            paypal to: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
    *
    *              You might wonder what the point in donating would
    *            be, well the main purpose of donating would be
    *            either as a small thank-you or as an encouragement
    *            for me to develop this further so that it might be
    *            improved to help you, the user.
    *
    * COMMENTS:   Please send suggestions and comments to
    *               david@thewishingtree.me.uk
    *
    * VERSION:      1.0
    * ----------------------------------------------------------------------
    */

   // CONFIGURATION VARIABLES:

   // The following variable is the one that will need tweaking per server.
   // If legitament IP's are being banned raise this number. Or if it isn't
   // having the desired effect, lower this number.
   $maxConnsPerIP = 80;

   // Probably best not editing any of the following. Unless you wish to
   // Add more ports.  An example of adding more ports:
   //      $ports = array(25, 80, 443);
   // If more ports are added, it is advisable to increase $maxConnsPerIP.
   $ports = array(80);

   // These do not normally need changed, however please check them!

   // The root directory where the logs will reside.
   $logRoot = "/var/log/";

   // The name of the log containing all ban information.
   // Set to 0 to disable.
   $logNameBan = "antidos.ban";

   // The name of the log containing run information.
   // Set to 0 to disable.
   $logNameRun = "antidos.run";

   // Location of netstat
   $netstatCmd = "/bin/netstat -neepa";

   // Location of information from netstat, this must be set!
   $netstatOutput = "./netstat.out";

   // The APF deny command.
   $apfDeny = "/usr/local/sbin/apf -d ";

   // The APF deny_hosts.rules file
   $apfDenyHostRules = "/etc/apf/deny_hosts.rules";

   // Format of date, using PHP's date() function (www.php.net)
   $dateFormat = "m.d.y g:i a";




   // DO NOT EDIT BELOW THIS LINE
   // ----------------------------------------------------------------------

   // Define an object to store all the info.
   class NetStatInfo
   {
      var $proto;
      var $recvq;
      var $sendq;
      var $localaddr = array();
      var $foreignaddr = array();
      var $state;
      var $user;
      var $inode;
      var $pid;
      var $program;

      function NetStatInfo()
      {
         // Empty Contructor
      }
   }

   // Storage container for all the NetStatInfo's
   $connections = array();
   $num = 0;
   
   // Run the netstat command: "/bin/netstat -neepa > netstat.out"
   exec($netstatCmd . " > " . $netstatOutput);

   // Read the file into an array of lines
   $lines = file($netstatOutput);
   
   // Parse each line
   foreach ($lines as $line_num => $line)
   {
      // Only parse line if the first 3 chars are TCP (or UDP?)
      if (eregi("(tcp)|(udp)", $line))
      {
         // A very important line, DO NOT TOUCH!
         $regexp = "(tcp|udp|raw)([[:space:]]+)([0-9]+)([[:space:]]+)([0-9]+)([[:space:]]+)([0-9\.:\*]+)([[:space:]]+)([0-9\.:\*]+)([[:space:]]+)([A-Za-z0-9_]+)([[:space:]]+)([0-9]+)([[:space:]]+)([0-9]+)([[:space:]]+)(.+)";

         $args = array();
         if (eregi($regexp, $line, $args))
         {
            $connections[$num] = new NetStatInfo();

            $localaddr = explode(":", $args[7]);
            $foreignaddr = explode(":", $args[9]);

            $connections[$num]->proto = $args[1];
            $connections[$num]->recvq = $args[3];
            $connections[$num]->sendq = $args[5];
            $connections[$num]->localaddr[0] = $localaddr[0];
            $connections[$num]->localaddr[1] = $localaddr[1];
            $connections[$num]->foreignaddr[0] = $foreignaddr[0];
            $connections[$num]->foreignaddr[1] = $foreignaddr[1];
            $connections[$num]->state = $args[11];
            $connections[$num]->user = $args[13];
            $connections[$num]->inode = $args[15];
            // TODO: Parse program info, into program name and pid (seperator = /)
            $connections[$num]->pid = $args[17];
            $connections[$num]->program = $args[17];
            
            $num++;
         }
      }
   }

   // Counter array - for every new ip found - it will be added to the array, and its counter incremented
   // i.e. $counter[0][0] = 192.168.1.100
   //      $counter[0][1] = 13
   $counter = array();
   $num_conns = $num;
   $num = 0;

   // Flag to determine if the IP was found in the counter.
   $found = false;

   // Check for multiple connections on the following local ports.
   // *** Now a configuration setting at top

   // Determine if there are multiple records!
   for ($i = 0; $i < $num_conns; $i++)
   {
      $found = false;
      for ($j = 0; $j < count($counter); $j++)
      {
         if ($counter[$j][0] == $connections[$i]->foreignaddr[0]
            && in_array($connections[$i]->localaddr[1], $ports)
            && ($connections[$i]->status != "TIME_WAIT"))
         {
            // IP already exists in counter array, (incr. count)
            $counter[$j][1]++;
            $found = true;
         }
      }

      if (!$found)
      {
         if (in_array($connections[$i]->localaddr[1], $ports))
         {
            // IP wasn't found in counter array, so add it.
            $counter[$num] = array();
            $counter[$num][0] = $connections[$i]->foreignaddr[0];
            $counter[$num][1] = 1;
         
            $num++;
         }
      }
   }

   // Flag to denote an IP was banned
   $banned = false;

   $bancount = 0;

   // Use the counter array to ban any users over X connections
   for ($i = 0; $i < count($counter); $i++)
   {
      if ($counter[$i][1] > $maxConnsPerIP)
      {
         // BAN IP IN APF
         exec($apfDeny . $counter[$i][0]);

         // Add comment to APF deny_hosts.rules
         $apfComment = "echo \"# {AntiDoS - ".$counter[$i][0]."\t- ".$counter[$i][1]." open connections\t- ".date($dateFormat)."}\"";
         exec($apfComment . " >> " . $apfDenyHostRules);

         $banned = true;

         $logComment = "echo \"** Banned " . $counter[$i][0] . " - " . $counter[$i][1] . " open connections. (" . date($dateFormat) . ")\" >> " . $logRoot . $logNameBan;
         exec($logComment);
         
         $bancount++;
      }
   }

   if ($banned)
   {
      exec("echo \"\tBanned a total of $bancount IPs.\" >> " . $logRoot . $logNameRun);
      exec("echo \"\tRestarting APF\" >> " . $logRoot . $logNameRun);
      exec("service apf restart");
   }

   exec("echo -e \"Test complete: ".date($dateFormat)."\n----------------\" >> " . $logRoot . $logNameRun);

?>

<?php
define ('BLACKLIST','black.list');

$list=file(BLACKLIST);

foreach ($list as $addr)  {
        $addr=trim($addr);
        $host_addr=$_SERVER['REMOTE_ADDR'];

        // Semplice indirizzo IP
        if ($host_addr==$addr)
                die ("Your IP is {$addr} and you're not allowed to view this page\n");

        // Subnet di classe C
        else if (preg_match('/(\d+\.\d+\.\d+)\.0\/24/',$addr,$sub))  {
                $subnet=trim($sub[1]);

                if (preg_match("/^{$subnet}/",$host_addr))
                        die ("Your IP is {$host_addr} and you're not allowed to view this page\n");
        }

        // Subnet di classe B
        else if (preg_match('/(\d+\.\d+)\.0\.0\/16/',$addr,$sub))  {
                $subnet=trim($sub[1]);

                if (preg_match("/^{$subnet}/",$host_addr))
                        die ("Your IP is {$host_addr} and you're not allowed to view this page\n");
        }

        // Subnet di classe A
        else if (preg_match('/(\d+)\.0\.0\.0\/8/',$addr,$sub))  {
                $subnet=trim($sub[1]);

                if (preg_match("/^{$subnet}/",$host_addr))
                        die ("Your IP is {$host_addr} and you're not allowed to view this page\n");
        }
}
?>
<?php
 
/*
CHMOD /iplog/ to 777
Create and CHMOD /iplog/iplogfile.dat to 666
add the following line in any important .php file in the same directory as your anti_dos.php file so it can check IPs when that file is loaded, best example is index.php if you have it.
include("anti_dos.php"); //anti-DoS, prevents rapid accessing

 if you have a known cookie on your site,
you can use this, otherwise just ignore this, it will set a different limit
for people with this cookie
 
I use yourothercookie as the cookie ID for the forum, my forum uses ID
greater than 0 for all members and -1 for guests and members who have logged out,
so making it match greater than zero means members will get better access and
guests with or without cookies won't

Also I use these cookies in the "flood alert" emails to make sure an important user didn't get banned. Someone could fake a cookie, so always be suspicious. Tez
 */
$cookie = $_COOKIE['yourcookie'];
$othercookie = $_COOKIE['yourothercookie'];


if($cookie && $othercookie > 0) $iptime = 20;  // Minimum number of seconds between visits for users with certain cookie
else $iptime = 10; // Minimum number of seconds between visits for everyone else


$ippenalty = 60; // Seconds before visitor is allowed back


if($cookie && $othercookie > 0)$ipmaxvisit = 30; // Maximum visits, per $iptime segment
else $ipmaxvisit = 20; // Maximum visits per $iptime segment


$iplogdir = "./iplog/";
$iplogfile = "iplog.dat";

$ipfile = substr(md5($_SERVER["REMOTE_ADDR"]), -2);
$oldtime = 0;
if (file_exists($iplogdir.$ipfile)) $oldtime = filemtime($iplogdir.$ipfile);

$time = time();
if ($oldtime < $time) $oldtime = $time;
$newtime = $oldtime + $iptime;

if ($newtime >= $time + $iptime*$ipmaxvisit)
{
touch($iplogdir.$ipfile, $time + $iptime*($ipmaxvisit-1) + $ippenalty);
$oldref = $_SERVER['HTTP_REFERER'];
header("HTTP/1.0 503 Service Temporarily Unavailable");
header("Connection: close");
header("Content-Type: text/html");
echo "<html><body bgcolor=#999999 text=#ffffff link=#ffff00>
<font face='Verdana, Arial'><p><b>
<h1>Temporary Access Denial</h1>Too many quick page views by your IP address (more than ".$ipmaxvisit." visits within ".$iptime." seconds).</b>
";
echo "
Please wait ".$ippenalty." seconds and reload.</p></font></body></html>";
touch($iplogdir.$iplogfile); //create if not existing
$fp = fopen($iplogdir.$iplogfile, "a");
$yourdomain = $_SERVER['HTTP_HOST'];
   if ($fp)
   {
   $useragent = "<unknown user agent>";
   if (isset($_SERVER["HTTP_USER_AGENT"])) $useragent = $_SERVER["HTTP_USER_AGENT"];
   fputs($fp, $_SERVER["REMOTE_ADDR"]." ".date("d/m/Y H:i:s")." ".$useragent."\n");
   fclose($fp);
   $yourdomain = $_SERVER['HTTP_HOST'];
   
   //the @ symbol before @mail means 'supress errors' so you wont see errors on the page if email fails.
if($_SESSION['reportedflood'] < 1 && ($newtime < $time + $iptime + $iptime*$ipmaxvisit))
   @mail('flood_alert@'.$yourdomain, 'site flooded by '.$cookie.' '
   .$_SERVER['REMOTE_ADDR'],'http://'.$yourdomain.' rapid website access flood occured and ban for IP '.$_SERVER['REMOTE_ADDR'].' at http://'.$yourdomain.$_SERVER['REQUEST_URI'].' from '.$oldref.' agent '.$_SERVER['HTTP_USER_AGENT'].' '
   .$cookie.' '.$othercookie, "From: ".$yourdomain."\n");
   $_SESSION['reportedflood'] = 1;
   }
   exit();
}
else $_SESSION['reportedflood'] = 0;

//echo("loaded ".$cookie.$iplogdir.$iplogfile.$ipfile.$newtime);
touch($iplogdir.$ipfile, $newtime); //this just updates the IP file access date or creates a new file if it doesn't exist in /iplog
?>

Segundo : Salve como anti_ddos.php

Terceiro : Coloque Esse Codigo Abaixo No arquivo Index.php :

Código:
<?php include("anti_ddos.php"); ?>

Dabaixo Da Tag :

Código:
<head>

~~ Print ~~


[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Creditos :

Pixel team e kekomundo

Obs: Meu Primeiro Post No Forum !!!


Última edição por viniciusmentez em 01.12.11 22:49, editado 2 vez(es)

elizeu elizeu  • 28.11.11 16:51

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 28.11.11 16:51

é pra Colocar Na Cms Certo ??

viniciusmentez viniciusmentez  • 28.11.11 16:56

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 28.11.11 16:56

O Arquivo anti_ddos.php na pasta da cms e o codigo
<?php include("anti_ddos.php"); ?>
ou
require ("anti_ddos.php");
Na Index.php e client/index.php da cms


Última edição por viniciusmentez em 28.11.11 18:45, editado 1 vez(es)

matheus41 matheus41  • 28.11.11 17:25

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 28.11.11 17:25

se funcionar te do 1 + lek ^^

DJGhost DJGhost  • 28.11.11 18:11

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 28.11.11 18:11

Me parece ser bom vo usa

Brandow Brandow  • 28.11.11 18:45

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 28.11.11 18:45

Uma dúvida isso é Anti ddos certo? então fará que a cms não fique off? pois acho que quando uma cms fica off a culpa não é da CMS é do servidor.

viniciusmentez viniciusmentez  • 28.11.11 20:31

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 28.11.11 20:31

Brandow escreveu:Uma dúvida isso é Anti ddos certo? então fará que a cms não fique off? pois acho que quando uma cms fica off a culpa não é da CMS é do servidor.
Isso é Um Anti Ddos , e ele fala com que a cms nao Caia Por causa de ddos , o ip que repete uma determinada quantidade de vezes ele Broqueia a Conexao wue Faz ele Cair . Testei No : Brazi.us , 6te.net , vertrigo

mahalk mahalk  • 29.11.11 12:52

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 29.11.11 12:52

Isso funciona mesmo ? Vou tentar :D

Duxo Duxo  • 06.12.11 12:56

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 06.12.11 12:56

Num tendi nada que é pra fazer .-.

luadomal.br luadomal.br  • 23.06.12 13:46

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 23.06.12 13:46

[b
][color=blue]xasasasasa[/colorsasasasa][Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[J]υиιoя [J]υиιoя  • 23.06.12 14:07

Anti Ddos Em Php Empty Re: Anti Ddos Em Php 23.06.12 14:07

ALERTA - NOVATO
Usuário: luadomal.br
Motivo: Necropost e Desvio de assunto
Obs:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

@Bloqueado
Permissões neste sub-fórum
Não podes responder a tópicos

BH Servers

Recomendamos a BH Servers com proteção DDOS gratuita em Cloud Server de alta performance. Entrega imediata.