Jump to content

{Help} Php Script Anti Flood Ddos

UnknOwn3r

By UnknOwn3r
in PHP Coding Help

 Share

Recommended Posts

UnknOwn3r Newbie

UnknOwn3r

Posted
Posted 

<?php


if (!isset($_SESSION)) {
   session_start();
}
// anti flood protection
if($_SESSION['last_session_request'] > time() - 2){
   // users will be redirected to this page if it makes requests faster than 2 seconds
   header("location: http://www.example.com/403.html");
   exit;
}
$_SESSION['last_session_request'] = time();
?>

 

Well i need to limit request Per Ip

 

How can I fix this script ?

 

 

Thanks in advanced

Link to comment
https://forums.phpfreaks.com/topic/268692-help-php-script-anti-flood-ddos/
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

If you want this to protect you against actual (D)DoS attacks then doing it in PHP code is too late in the process. It should be dealt with as early as possible, like a network hub or your firewall. The webserver itself at the latest. Doing it in code will not be very effective because of all the resources it will take just to fire up your script.

 

If, on the other hand, you just have some simple thing granting access to some simple resource (like an uploaded file) then I have a question: limit requests per IP how? One request from anybody per two seconds? Hope you have a really good reason for that. One request per IP per two seconds? Using session like you are is pretty close to that already, and arguably a better choice than actually limiting by the IP address. Something else?

darkfreaks Advanced Member

darkfreaks

Posted
Posted

Better Alternatives:

 

I won’t go into too much details, but if you are serious about protecting your site from the likes of an actual DDOS or multi-service attack it would be best to look into other tools such as iptables (linux), pf (packet filter for BSD) on the software side, or a hardware firewall if your host provides one. The limit request module above will only work for floods against your site over the HTTP protocol, it will not protect you from ping floods or various other exploits.

darkfreaks Advanced Member

darkfreaks

Posted
Posted (edited)

first off reading in other forums other people have pointed out that

if(!isset($_SESSION)) { session_start();}

 

is abit pointless because session_start has to always be called. otherwise the $_SESSION super global array will not exist. personally i think you should invest in some freesource anti DDOSsoftware instead of a buggy php solution.

 

 

http://lmgtfy.com/?q...ource anti ddos

Edited by darkfreaks
darkfreaks Advanced Member

darkfreaks

Posted
Posted (edited)

here is an updated version i found in php custom function format.

 

 

function flood($name,$time)
{
$name = 'tmptmptmp'.$name;
if(!isset($_SESSION[$name]))
{
$_SESSION[$name] = time();
return true;
}
else
{
if(time()-$time > $_SESSION[$name])
{
$_SESSION[$name] = time();
return true;
}
else
{
return false;
}
}
}

 

and to use it like so.....

 

if(flood('last_session_request', 60)) { // do something
]else { // you are posting too fast
]

Edited by darkfreaks
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.