Thread: DDoS attacks / Defending with PHP

  1. #1
    Registered User
    Join Date
    Sep 2001
    Posts
    4,912

    DDoS attacks / Defending with PHP

    I'm finishing up a PHP app that could be a target for DoS/DDoS attacks and spam. Having never dealt too much with that kind of thing on a practical level, I just wanted to throw an idea out there. At the very beginning of my
    script I do a check of the user's IP (using $_SERVER['REMOTE_ADDR'] - I'm aware that this could be a proxy's IP) and compare it with a database of IP-tally pairings. If an IP logs in, the tally gets set to -1 and stays there.
    Otherwise, every hit of the page from that IP increases their tally. When they reach a threshold (say, 10), the script just die()'s and doesn't go any further. I plan to do an automatic reset of that table maybe twice a day..

    Do you think this will do any good against a DDoS attack? I did some searching around on how to protect a site against them, and it seems that most of the tips are related to network infrastructure - the highest level tip
    was for server config settings. I didn't see anything about having low-bandwidth pages or cut-off mechanisms like this..

  2. #2
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    I think the only real defense against a large DDoS is to unplug the network cable... It's a good measure to automatically ban IPs which behave badly, but on a large botnet there could be hundreds of thousands of IPs and these will be hammering you continuously with ICMP ping, TCP SYN, or other sorts of packets. The sheer bandwidth of these requests is going to take you down whether you block the actual connections or not.

    You need a way of quickly determining if a DDoS is occurring, and if so, automatically contact the admin. Your options are to escalate up the ISP chain until somebody can help you, just take the site down for a while, or switch over to a hot standby on a different network, preferably on a different continent.

    If somebody is seriously targetting you with a botnet you are completely screwed.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  3. #3
    Registered User
    Join Date
    Sep 2001
    Posts
    4,912
    Ah - that makes sense. Reminds me of Prelude's (I think) old quote - it's like putting a Band-Aid on a gunshot wound. Well then - I guess it's only real value is limiting how many times a bot can use the same proxy.

  4. #4
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    PHP is far too late to defend against DDoS attacks. If you're the target of that, the initialization of the interpreter for each request is already far too costly.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  5. #5
    Guest Sebastiani's Avatar
    Join Date
    Aug 2001
    Location
    Waterloo, Texas
    Posts
    5,708
    >> If you're the target of that, the initialization of the interpreter for each request is already far too costly.

    Some implementations preload the interpreter as a DLL, but I'm not sure exactly how much of a performance improvement that makes. At any rate, detection and response to a DOS attack is best handled at a much lower level (eg: the TCP/IP stacks).
    Code:
    #include <cmath>
    #include <complex>
    bool euler_flip(bool value)
    {
        return std::pow
        (
            std::complex<float>(std::exp(1.0)), 
            std::complex<float>(0, 1) 
            * std::complex<float>(std::atan(1.0)
            *(1 << (value + 2)))
        ).real() < 0;
    }

  6. #6
    Registered User
    Join Date
    Jan 2009
    Posts
    103
    giga bytes of DDOS ping attacks are still gonna beat the crap out of your network even if you kill the program (unless you kill the internet connection).

  7. #7
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Quote Originally Posted by Sebastiani View Post
    >> If you're the target of that, the initialization of the interpreter for each request is already far too costly.

    Some implementations preload the interpreter as a DLL, but I'm not sure exactly how much of a performance improvement that makes. At any rate, detection and response to a DOS attack is best handled at a much lower level (eg: the TCP/IP stacks).
    You are an idiot. DDOS attacks cannot be stopped in software, period. The only solution's are to physically disconnect the connection, electronically disconnect the uplink at the ISP level, or to otherwise prevent the traffic from ever making it to your hardware in the first place. Once the traffic hits your stack its too late. DDOS attacks arent designed to attack your servers, they are attacking your bandwidth. There is no defence other than to simply shut down the connection, which is why they work so well. The only defence has the same effect as not defending, i.e. your service is no longer accessible to 3rd parties. There are methods to restore service if you can identify the attacking systems, but I won't go into those here.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. combining c php and mysql
    By Thoth in forum C Programming
    Replies: 2
    Last Post: 01-30-2009, 10:55 AM
  2. PHP installation
    By ssharish2005 in forum Tech Board
    Replies: 8
    Last Post: 11-23-2007, 09:42 PM
  3. PHP on my Computer!
    By xxxrugby in forum Tech Board
    Replies: 4
    Last Post: 03-15-2005, 09:34 AM
  4. php script question (is this possible?)
    By Leeman_s in forum A Brief History of Cprogramming.com
    Replies: 1
    Last Post: 12-30-2003, 09:20 PM
  5. PHP 4.3.0 released
    By codingmaster in forum A Brief History of Cprogramming.com
    Replies: 5
    Last Post: 12-30-2002, 07:40 AM