Advertisement
Guest User

Anti-ddos

a guest
Dec 26th, 2012
165
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.00 KB | None | 0 0
  1. <?php
  2.  
  3. /*
  4. CHMOD /iplog/ to 777
  5. Create and CHMOD /iplog/iplogfile.dat to 666
  6. add the following line in any important .php file in the same directory as your anti_dos.php file so it can check IPs when that file is loaded, best example is index.php if you have it.
  7. include("anti_dos.php"); //anti-DoS, prevents rapid accessing
  8.  
  9. if you have a known cookie on your site,
  10. you can use this, otherwise just ignore this, it will set a different limit
  11. for people with this cookie
  12.  
  13. I use yourothercookie as the cookie ID for the forum, my forum uses ID
  14. greater than 0 for all members and -1 for guests and members who have logged out,
  15. so making it match greater than zero means members will get better access and
  16. guests with or without cookies won't
  17.  
  18. Also I use these cookies in the "flood alert" emails to make sure an important user didn't get banned. Someone could fake a cookie, so always be suspicious. Tez
  19. */
  20. $cookie = $_COOKIE['cookie1'];
  21. $othercookie = $_COOKIE['cookie2'];
  22.  
  23.  
  24. if($cookie && $othercookie > 0) $iptime = 10;  // Minimum number of seconds between visits for users with certain cookie
  25. else $iptime = 10; // Minimum number of seconds between visits for everyone else
  26.  
  27.  
  28. $ippenalty = 60; // Seconds before visitor is allowed back
  29.  
  30.  
  31. if($cookie && $othercookie > 0)$ipmaxvisit = 30; // Maximum visits, per $iptime segment
  32. else $ipmaxvisit = 15; // Maximum visits per $iptime segment
  33.  
  34.  
  35. $iplogdir = "./iplog";
  36. $iplogfile = "iplog.dat";
  37.  
  38. $ipfile = substr(md5($_SERVER["REMOTE_ADDR"]), -2);
  39. $oldtime = 0;
  40. if (file_exists($iplogdir.$ipfile)) $oldtime = filemtime($iplogdir.$ipfile);
  41.  
  42. $time = time();
  43. if ($oldtime < $time) $oldtime = $time;
  44. $newtime = $oldtime + $iptime;
  45.  
  46. if ($newtime >= $time + $iptime*$ipmaxvisit)
  47. {
  48. touch($iplogdir.$ipfile, $time + $iptime*($ipmaxvisit-1) + $ippenalty);
  49. $oldref = $_SERVER['HTTP_REFERER'];
  50. header("HTTP/1.0 503 Service Temporarily Unavailable");
  51. header("Connection: close");
  52. header("Content-Type: text/html");
  53. echo "<html><title>DDoS détecté !</title>
  54. <body bgcolor=#999999 text=#ffffff link=#ffff00>
  55. <font face='Verdana, Arial'><p><b>
  56. <h1>Accès suspendu temporairement.</h1>Trop de pages ont été ouvertes simultanément avec votre adresse IP (plus de ".$ipmaxvisit." visites en ".$iptime." secondes).</b>
  57. ";
  58. echo "<br />Attendez ".$ippenalty." secondes et réssayez.</p></font></body></html>";
  59. touch($iplogdir.$iplogfile); //create if not existing
  60. $fp = fopen($iplogdir.$iplogfile, "a");
  61. $yourdomain = $_SERVER['HTTP_HOST'];
  62.    if ($fp)
  63.    {
  64.    $useragent = "<unknown user agent>";
  65.    if (isset($_SERVER["HTTP_USER_AGENT"])) $useragent = $_SERVER["HTTP_USER_AGENT"];
  66.    fputs($fp, $_SERVER["REMOTE_ADDR"]." ".date("d/m/Y H:i:s")." ".$useragent."n");
  67.    fclose($fp);
  68.    $yourdomain = $_SERVER['HTTP_HOST'];
  69.    
  70.    //the @ symbol before @mail means 'supress errors' so you wont see errors on the page if email fails.
  71. if($_SESSION['reportedflood'] < 1 && ($newtime < $time + $iptime + $iptime*$ipmaxvisit))
  72.    @mail('flood_alert@'.$yourdomain, 'site ddos par '.$cookie.' '
  73.    .$_SERVER['REMOTE_ADDR'],'http://'.$yourdomain.' site ddos, ip bannie :'.$_SERVER['REMOTE_ADDR'].' a http://'.$yourdomain.$_SERVER['REQUEST_URI'].' de '.$oldref.' agent '.$_SERVER['HTTP_USER_AGENT'].' '
  74.    .$cookie.' '.$othercookie, "De: ".$yourdomain."n");
  75.    $_SESSION['reportedflood'] = 1;
  76.    }
  77.    exit();
  78. }
  79. else $_SESSION['reportedflood'] = 0;
  80.  
  81. //echo("loaded ".$cookie.$iplogdir.$iplogfile.$ipfile.$newtime);
  82. touch($iplogdir.$ipfile, $newtime); //this just updates the IP file access date or creates a new file if it doesn't exist in /iplog
  83. ?>
  84. [/PHP]
  85.  
  86. Les étapes à suivre :
  87.  
  88. Créez un dossier au même niveau que votre fichier anti_dos.php nommé iplog.
  89.  
  90. Dans ce dossier, créez le fichier iplog.dat, vide.
  91.  
  92. Mettez le chmod a 777 sur ce dossier.
  93.  
  94. Vous pouvez modifier les variables avant d'afficher la page de DoS...
  95.  
  96. Sur toutes les pages ou vous voulez que l'anti-DoS soit actif, faites un include en php de anti_dos.php comme ceci :
  97.  
  98. [PHP]<?php
  99. include("anti_dos.php");
  100. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement