IP flood detection, DDoS detector for PHP V1.1

IP flood detection, DDoS detector for PHP V1.1

Posted by: tez
Posted on: 2006-10-10 21:55:00

I cleaned up the script a little and made it easy to integrate into your website. The first attempt at a topic destroyed all the plus symbols and it got too messy and confusing. So this should be useful to anyone with a website and PHP. You will only need to upload it, set a directory permission and paste a line of text.

I am putting this online as a file so that It can be updated if I find mistakes (which is possible). Or If anyone adds good features and optimisations. Better than writing the code here and losing the ability to edit it after 24 hours!! GRRR!


Download anti_dos_php.zip


Instructions are in the anti_dos_php. file inside the zip file, unzip it at upload the file and folder to your site. You will CHMOD a folder (set write permissions, done using FTP usually eg. FileZilla or webftp on dreamhost) and paste an include() command into one of your .php files - that is all you need to do to have it working. Test it out by hitting F5(reload page) a lot on your site really fast.

Note: It is hosted by my friends on AlternityRPG.Net - a website devoted to the greatest Pen-N-Paper Role Playing Game of all time. Better than ADnD2nd Ed, better than d20, better than Palladium - I played all those and many other crap systems for 10 years before finding the awesome simplicity and flexibility that is the Alternity RPG system. </end fanboy mode>

Re: IP flood detection, DDoS detector for PHP V1.1

Posted by: pangea33
Posted on: 2006-10-11 00:48:00

Nice work, Tez. I think colloboration is a great thing, and you had a great initial design. I'm sure it worked for your configuration, which is why a second set of eyes can be useful. Here are some slight modifications I made:

Since I don't have any cookies in use by default, I decided to use a variable reference to the cookie name. When they don't exist by default, I create them. Since you can't reference cookies until next page load, I placed it in a conditional block with your code as the else. I chose to set them for my entire domain, and time out at 1 hour. YMMV.

In reply to:

$cookieName = 'yourcookie';
$othercookieName = 'yourothercookie';
if(!array_key_exists($cookieName, $_COOKIE) && !array_key_exists($othercookieName, $_COOKIE)){
if(!array_key_exists($cookieName, $_COOKIE)){
setcookie($cookieName, '1', time()+3600, '/');
}
if(!array_key_exists($othercookieName, $_COOKIE)){
setcookie($othercookieName, '1', time()+3600, '/');
}
} else {
$cookie = $_COOKIE[$cookieName];
$othercookie = $_COOKIE[$othercookieName];

...Original code with few alterations...

}

I thought this was a great idea, so figured it might be cool to make it accessible in any directory, not just the one the file exists in. For some uses different copies of this might be more appropriate though.

In reply to:

From this: $iplogdir = "./iplog/";
To this: $iplogdir = getenv('DOCUMENT_ROOT')."/iplog/";

Sometimes there won't be a referer. I realized this because I went directly to my test page. In that case I just set the referer to the current page.

In reply to:


if( array_key_exists('HTTP_REFERER', $_SERVER) ) {
$oldref = $_SERVER['HTTP_REFERER'];
}
else {
$oldref = getenv('REQUEST_URI');
}

I had to check that this session variable was defined before referencing it.

In reply to:


if (!isset($_SESSION['reportedflood'])) {
$_SESSION['reportedflood'] = 0;
}
else {

...Original code with few alterations...

}

Here's something else I did a little while back, and think it's kinda useful. I have a site where I let different people host DJ mixes, and they each have their own folder. I built a page that dynamically displays and links to the files, but just for their directory. Since I keep enhancing it, distributing the file is a hassle.

Now I just use a simple index file that iterates up through the directory structure until the spot where I keep my constantly changing index file. Unknown directory depths caused me problems, so I wrote this. This also let me keep your file in the top directory rather than copying it everywhere. YMMV of course.

In reply to:


<?php
$pathDepth = getenv('REQUEST_URI');
$aPath = explode('/', $pathDepth);
$nDirUps = count($aPath) - 2;
$incPath = '';
for($i=1; $i<=$nDirUps; $i++) {
$incPath = $incPath.'../';
}
include($incPath.'anti_dos.php');
?>

You can grab the zip file here:
http://teamshocker.com/fileDir/anti_dos_php20061011.zip

http://benconley.net
http://teamshocker.com

Re: IP flood detection, DDoS detector for PHP V1.1

Posted by: tez
Posted on: 2006-10-11 06:21:00

Mine works with or without editing the cookies, I only left that stuff in there if people want to give special users more freedom. I'm not sure if you will gain anything by creating a cookie, maybe you are showing that you are trusting them more if they allow you to set cookies - so bots and cookie blockers get the harsh reality that they deserve :)

Making it directory independent is a good idea, I had trouble when I wanted to apply it to forum folders and had to duplicate the iplog dir in each folder.

the sessionreportedflood variable was meant to work that way, was meant to prevent code execution when possible. but I don't really know if it helps.


Tags: filezillawebftpdreamhostphp filesphp fileddosgrrrchmodunzipsimplicitycrap