SkullBox Forum / Anti-DDos Class v1.2[PHP]

AnDrEwBoY · 05 Jul 08 13:08

Este o clasa care va reduce sansele de a lua ddos pe paginile unde va fi instalat!Este foarte usor de utilizat nu necesita prea multe cunostinte! O recomand in special persoanelor care detin situri cu banda limitata!

File : anti-ddos.php

Cod:

 <?php

########################################
/* Name : Anti-DDos class
*  Details : Protect your pages from ddos attack
*  Creator : AnDrEwBoY 
*  Contact : andrew_boy200664@yahoo.com
*/
########################################
class Anti_Ddos {

    #################################################################
            //Connection details
            var $server        = "";            //database server
            var $user        = "";            //database login name
            var $pass        = "";            //database login password
            var $tb_hist    = "";            //table history name
            var $tb_ban     = "";            //table list banned users
            var $db         = "anti_ddos";   //database name
            
            //Internal info
            var $ip         = "";            //client ip
            var $Time       = 0;             //curent time
            var $status     = 0;             //status client (-1 = was banned;0 = clean; 1 = banned;)
            var $limit      = 5;             //how many requests accept in 2 seconds
            var $reason     = "";            //if banned show the reason
    #################################################################
            
    ##################
    #-# constructor() #-#
    function __construct($server = "",$user = "",$pass = "",$tb_hist = "",$tb_ban = "")
    {
        $this->Time = time(); //current time
        
        $this->tb_hist = ($tb_hist != "") ? $tb_hist : "ddos_hist";
        $this->tb_ban = ($tb_ban != "") ? $tb_ban : "ddos_ban";
        
        $this->server = ($server != "") ? $server : "localhost";
        $this->user = ($user != "") ? $user : "root";        
        $this->pass = $pass;
        $this->Init_Con(); 
                    
        $this->ip = $_SERVER['REMOTE_ADDR'];
                
        $this->Ban_Check(); //ban current user or not
        $this->Check_IS_Banned(); //check if is banned
        $this->Save_Trace(); //save current request
        $this->Clead_DB(); //clean db from rows older than 2h
            
    }#-# constructor() #-#
    
    
    ################## Initializize new connection(mysql) ################## 
    #-# Init_Con() #-#
    function Init_Con()
    {
        $con = @mysql_connect($this->server,$this->user,$this->pass) or die("Connection problem!"); //connect to server
        mysql_select_db($this->db, $con) or die("Database connection problem!"); //conect to database
        
    }#-# Init_Con() #-#
    
    
    ################## Check if this ip is banned or was banned! ################## 
    #-# Check_IS_Banned() #-#
    function Check_IS_Banned() 
    {
            $sql = "SELECT * FROM `".$this->tb_ban."` WHERE client_ip = '".$this->ip."' ORDER BY `client_time_start` DESC LIMIT 0,1";
            $query = mysql_query($sql);
            if(mysql_num_rows($query) > 0)
            {                
                $row = mysql_fetch_array($query);
                if($this->Time - $row["client_time_start"] < 86400)
                {//is banned
                   $this->status = 1; 
                   $this->reason = $row['client_reason'];
                   die("<b>You have been banned!<br>Reason : <font color='#FF0000'>".$this->reason."</font></b>");
                }
                else
                {//was banned 
                   $this->status = -1; 
                }
            }        
    }#-# Check_IS_Banned() #-#
    
    ################## Save into database this request! ################## 
    #-# Save_Trace() #-#
    function Save_Trace()
    {
       $sql = "INSERT INTO `".$this->tb_hist."` (`client_ip`,`client_time`,`client_page`) VALUES ('".$this->ip."','".$this->Time."','".mysql_escape_string($_SERVER['PHP_SELF'])."')";
       mysql_query($sql);
    }#-# Save_Trace() #-#    
    
    ################## Check if current client have do more than limit request,if yes then ban it else do nothing! ################## 
    #-#  Ban_Check() #-#
    function Ban_Check()
    {
        $counter = 0; $reason = "Too many requests in a short time!Banned for 24 h!";
        
        $sql = "SELECT * FROM `".$this->tb_hist."` WHERE client_ip = '".$this->ip."' ORDER BY `client_time` DESC LIMIT 0 ,".$this->limit;
        $query = mysql_query($sql);
        
        while($row = mysql_fetch_array($query))
        {
            if($this->Time - $row['client_time'] < 3) $counter++;
        }
        if($counter == $this->limit)
        {
           $sql = "INSERT INTO `".$this->tb_ban."` (`client_ip`,`client_time_start`,`client_reason`) VALUES ('".$this->ip."','".$this->Time."','".$reason."')";
           mysql_query($sql);
        }        
    }#-#  Ban_Check() #-#    
    
      ################## Clear DB from rows older than 2h! ################## 
    #-#  Clead_DB() #-#
    function Clead_DB()
    {
        $sql = "DELETE FROM ".$this->tb_hist." WHERE client_time <= ".($this->Time - 7200);
        echo $sql."-".$this->Time;
        mysql_query($sql);
    }#-#  Clead_DB() #-#
}//end class

?>

File:index.php

Cod:

<?php
include("anti-ddos.php");

$anti_ddos = new Anti_Ddos(); 
echo "Normal!";
?>

File : Test.php

Cod:

<?php

function curl($url, $cookie = "") {
   $rand = rand(100000,400000);
   $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/".$rand." Netscape/7.1 (ax)";
   $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_USERAGENT, $agent);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt($ch, CURLOPT_COOKIE, $cookie);
   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
   $result = curl_exec ($ch);
   return $result;
   curl_close ($ch);
}

$x = 0;
while($x < 10)
{
$x++;
$string = curl('http://localhost/OOP%20Programming/advance%20class/$Anti-DDos/');
}

?>

Sql Code

Cod:

-- phpMyAdmin SQL Dump
-- version 2.9.1.1
-- http://www.phpmyadmin.net
-- 
-- Host: localhost
-- Generation Time: Jun 25, 2008 at 04:08 PM
-- Server version: 5.0.27
-- PHP Version: 5.2.0
-- 
-- Database: `anti_ddos`
-- 

-- --------------------------------------------------------

-- 
-- Table structure for table `ddos_ban`
-- 

CREATE TABLE `ddos_ban` (
  `client_id` int(11) NOT NULL auto_increment,
  `client_ip` char(100) NOT NULL,
  `client_time_start` int(11) NOT NULL,
  `client_reason` text NOT NULL,
  PRIMARY KEY  (`client_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=28 ;

-- 
-- Dumping data for table `ddos_ban`
-- 


-- --------------------------------------------------------

-- 
-- Table structure for table `ddos_hist`
-- 

CREATE TABLE `ddos_hist` (
  `client_id` int(11) NOT NULL auto_increment,
  `client_ip` char(100) NOT NULL,
  `client_time` char(50) NOT NULL,
  `client_page` text NOT NULL,
  PRIMARY KEY  (`client_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

-- 
-- Dumping data for table `ddos_hist`
--

Utilizare:
index.php reprezinta pagina pe care o vom proteja!
Test.php reprezinta flooderul!

Rulati pentru prima data index.php si va returna "Normal!",apoi rulati test.php(simulam un atac) si din nou index.php!
Ma voi gandi pentru viitor interzicerea accesului prin .htaccess....dar asta alta data!!Nu e cn stie ce dar sper sa va ajute!

Have fun!AnDrEwBoY wink

Editat ultima oară de AnDrEwBoY (06 Jul 08 17:48)

» Think fast, try hard, die young...

<- tare

danieLs · 05 Jul 08 13:11

nu mai scrie cu galben, nu se intelege nimic

AnDrEwBoY · 05 Jul 08 13:15

cu galben mi`am lasat semnatura.. wink asta te intereseaza pe tn sau scriptul in principiu? smile

tercot · 05 Jul 08 15:43

^ nu va certati .. daniels a vazut o culoare galbena in loc de portocaliu fiindca nu erau inchise niste tag-uri. Si se pare ca cineva ti le-a inchis .
Ontopic: Felicitari pentru tutorial !

Editat ultima oară de tercot (05 Jul 08 15:43)

danieLs · 05 Jul 08 20:08

AnDrEwBoY a scris:
cu galben mi`am lasat semnatura.. asta te intereseaza pe tn sau scriptul in principiu?

lol ce acidulat esti lol
ti-am facut o simpla observatie, nu era cazul sa te lezezi asa de usor

AnDrEwBoY · 06 Jul 08 13:01

de ce credeti ca am zis`o cu ura sau altceva? smile a fost pur si simplu ! oricum preferam sa fie o discutie legata de script ,nu una offtopic.. neutral

danieLs · 06 Jul 08 16:11

oky, peace
doar ca nu intelegeam sa citesc atata tot, bafta

AnDrEwBoY · 06 Jul 08 17:46

edit script: am rezolvat un posibil sql injection(thanks to vladii) si multumita lenii mele de a`l rezolva la timpul crearii scriptului! lol

Editat ultima oară de AnDrEwBoY (06 Jul 08 17:46)

» Failure is not an option, it's built-in

38.103.63.61 <- te-am prins

05 Jul 08 13:08

Anti-DDos Class v1.2[PHP]

Cod:

Cod:

Cod:

Cod:

» Think fast, try hard, die young...

Scuze de offtopic

05 Jul 08 13:11

Re: Anti-DDos Class v1.2[PHP]

05 Jul 08 13:15

Re: Anti-DDos Class v1.2[PHP]

05 Jul 08 15:43

Re: Anti-DDos Class v1.2[PHP]

05 Jul 08 20:08

Re: Anti-DDos Class v1.2[PHP]

AnDrEwBoY a scris:

06 Jul 08 13:01

Re: Anti-DDos Class v1.2[PHP]

06 Jul 08 16:11

Re: Anti-DDos Class v1.2[PHP]

06 Jul 08 17:46

Re: Anti-DDos Class v1.2[PHP]

» Failure is not an option, it's built-in

Scuze de offtopic

Antet forum