Jump to content

Protect a PHP file from being called from outside - DDos Attack in progress

paymentstv

By paymentstv
in PHP Coding Help

 Share

Recommended Posts

paymentstv Member

paymentstv

Posted
Posted

Hello All,

 

I am in desperate help here since my site was DDoS attacked by some one in turkey (Ips originate mostly from turkey, Germany, and some other Europe countries). I have installed the ddos deflation and most of the IPs are now blocked.

 

 

I have a php file in my server that I use to input data into my database and my streaming servers. This file is called connect.php and the hacker is basically created an automated script that repeatedly call the connect.php file from a botnet resulting in both apache and mysql dead. I use connect.php in the following way

 

http.open('get', "ajax/createchannel_1.php?channel=" + channelname + "&sitename=" + sitename + "&privateurl=" + privateurl + "&privateurlcheck=" + privateurlcheck);

 

How can i change the connect.php so that it only accept execution from my server/

Please your help is greatly appreciated.

 

 

 

Link to comment
Share on other sites
paymentstv Member

paymentstv

Posted
  • Author
Posted

Thanks for the reply.

I have created a .htaccess file and placed the following init

 

<Files .htaccess>
order allow,deny
deny from all
</Files>

order allow deny
deny from all
allow from MY_Server_IP

 

However, I am not able to create any channels after this so it is also denying requests by my server (dedicated IP)

Any idea why would above code disable the following?

 

http.open('get', "ajax/createchannel_1.php?channel=" + channelname + "&sitename=" + sitename + "&privateurl=" + privateurl + "&privateurlcheck=" + privateurlcheck);

 

Thanks

 

Link to comment
Share on other sites
paymentstv Member

paymentstv

Posted
  • Author
Posted

I am no htaccess expert but i would try

 

<Files "connect.php">
    order deny,allow
    deny from all
    allow from external IP address
    allow from 127.0.0.1
</Files>

 

 

I have tried this but still no luck. They all seems to block my http.open('get',

 

Link to comment
Share on other sites
dragon_sa Member

dragon_sa

Posted
Posted

ask in this forum on the phpfreaks site these guys know a lot more on htaccess than me

 

http://www.phpfreaks.com/forums/index.php?board=50.0

 

also remove

 

order allow deny
deny from all
allow from MY_Server_IP

 

from the htaccess if it is still there, but apart from researching it myself I cant be much more help with that on htaccess

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.