paymentstv Posted May 7, 2011 Share Posted May 7, 2011 Hello All, I am in desperate help here since my site was DDoS attacked by some one in turkey (Ips originate mostly from turkey, Germany, and some other Europe countries). I have installed the ddos deflation and most of the IPs are now blocked. I have a php file in my server that I use to input data into my database and my streaming servers. This file is called connect.php and the hacker is basically created an automated script that repeatedly call the connect.php file from a botnet resulting in both apache and mysql dead. I use connect.php in the following way http.open('get', "ajax/createchannel_1.php?channel=" + channelname + "&sitename=" + sitename + "&privateurl=" + privateurl + "&privateurlcheck=" + privateurlcheck); How can i change the connect.php so that it only accept execution from my server/ Please your help is greatly appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/235754-protect-a-php-file-from-being-called-from-outside-ddos-attack-in-progress/ Share on other sites More sharing options...
dragon_sa Posted May 7, 2011 Share Posted May 7, 2011 google htaccess ddos and you will find some effective ways of doing this Quote Link to comment https://forums.phpfreaks.com/topic/235754-protect-a-php-file-from-being-called-from-outside-ddos-attack-in-progress/#findComment-1211847 Share on other sites More sharing options...
paymentstv Posted May 7, 2011 Author Share Posted May 7, 2011 Thanks for the reply. I have created a .htaccess file and placed the following init <Files .htaccess> order allow,deny deny from all </Files> order allow deny deny from all allow from MY_Server_IP However, I am not able to create any channels after this so it is also denying requests by my server (dedicated IP) Any idea why would above code disable the following? http.open('get', "ajax/createchannel_1.php?channel=" + channelname + "&sitename=" + sitename + "&privateurl=" + privateurl + "&privateurlcheck=" + privateurlcheck); Thanks Quote Link to comment https://forums.phpfreaks.com/topic/235754-protect-a-php-file-from-being-called-from-outside-ddos-attack-in-progress/#findComment-1211852 Share on other sites More sharing options...
dragon_sa Posted May 7, 2011 Share Posted May 7, 2011 I am no htaccess expert but i would try <Files "connect.php"> order deny,allow deny from all allow from external IP address allow from 127.0.0.1 </Files> Quote Link to comment https://forums.phpfreaks.com/topic/235754-protect-a-php-file-from-being-called-from-outside-ddos-attack-in-progress/#findComment-1211854 Share on other sites More sharing options...
paymentstv Posted May 7, 2011 Author Share Posted May 7, 2011 I am no htaccess expert but i would try <Files "connect.php"> order deny,allow deny from all allow from external IP address allow from 127.0.0.1 </Files> I have tried this but still no luck. They all seems to block my http.open('get', Quote Link to comment https://forums.phpfreaks.com/topic/235754-protect-a-php-file-from-being-called-from-outside-ddos-attack-in-progress/#findComment-1211856 Share on other sites More sharing options...
dragon_sa Posted May 7, 2011 Share Posted May 7, 2011 ask in this forum on the phpfreaks site these guys know a lot more on htaccess than me http://www.phpfreaks.com/forums/index.php?board=50.0 also remove order allow deny deny from all allow from MY_Server_IP from the htaccess if it is still there, but apart from researching it myself I cant be much more help with that on htaccess Quote Link to comment https://forums.phpfreaks.com/topic/235754-protect-a-php-file-from-being-called-from-outside-ddos-attack-in-progress/#findComment-1211858 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.