[PHP] AntiDoS

SUBMITTED BY: eddysix

DATE: March 13, 2017, 8:07 a.m.

FORMAT: PHP

SIZE: 4.4 kB

Raw Download

HITS: 488

Report
  1. <?php
  2. */
  3. $debug = false; // debug mode, disabled ban
  4. if ($debug) error_reporting(E_ALL);
  5. else error_reporting(0);
  8. /* Possible values - $ddos 1-5:
  9. | 1. Check with cookies
  10. | 2. Double check $_GET antiddos-a i meta refresh-a
  11. | 3. Request for WWW-Authenticate
  12. | 4. Disable all, but BOT's can not disable..
  13. | 5. Turn off site if it is big BUG.
  14. */
  16. $ddos = 1;
  17. $log = false;
  18. $dir = dirname(__file__) . '/cyki_bots/'; //DDOS l
  19. $ddos_redirect_host = 'http://google.com/'; // Forwarding DDOS-a
  20. $icq = '123456'; //Admins ICQ
  21. $off_message = 'BUG.';
  22. $anticyka = md5(sha1('botik' . strrev(getenv('HTTP_USER_AGENT'))));
  23. $ban_message = 'You have been banned, try to contact administrator admin@hackcomunity.com' .
  24. $icq . '<hr>(c)XakNet antiddos module'; // Ban msg
  25. $exec_ban = "iptables -A INPUT -s " . $_SERVER["REMOTE_ADDR"] . " -j DROP"; // ban/block IP with iptables (Debian/ubuntu/etc)
  26. $load = sys_getloadavg();
  27. $ddosuser = 'lol_ddos';
  28. $ddospass = substr(ip2long($_SERVER['REMOTE_ADDR']), 0, rand(2, 4));
  30. //Check:
  31. $google = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "googlebot.com") !== false;
  32. $yandex = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "yandex.ru") !== false;
  33. $rambler = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "ramtel.ru") !== false;
  34. $rambler2 = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "rambler.ru") !== false;
  35. $aport = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "aport.ru") !== false;
  36. $sape = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "sape.ru") !== false;
  37. $msn = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "msn.com") !== false;
  38. $yahoo = strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), "yahoo.net") !== false;
  39. //
  40. if(!file_exists($dir . 'banned_ips')) file_put_contents($dir . 'banned_ips', '');
  41. if (strstr(file_get_contents($dir . 'banned_ips'), $_SERVER['REMOTE_ADDR']))
  42. die($ban_message); //GTFO )
  45. if (! $google || ! $yandex || ! $rambler || ! $rambler2 || ! $aport || ! $sape ||
  46. ! $msn || ! $yahoo) {
  48. $f = fopen($dir . $_SERVER["REMOTE_ADDR"], "a");
  49. fwrite($f, "zapros cyka\n");
  50. fclose($f);
  51. function ban()
  52. {
  53. if (! system($exec_ban)) {
  54. $f = fopen($dir . 'banned_ips', "a");
  55. fwrite($f, $_SERVER['REMOTE_ADDR'] . '|');
  56. fclose($f);
  57. }
  58. echo $ban_message;
  59. header('Location: ' . $ddos_redirect_host . '');
  60. die();
  61. }
  62. switch ($ddos) {
  63. ///////////////////////////
  64. case 1:
  65. if (empty($_COOKIE['ddos']) or ! $_COOKIE['ddos']) {
  66. $counter = @file($dir . $_SERVER["REMOTE_ADDR"]);
  67. setcookie('ddos', $anticyka, time() + 3600 * 24 * 7 * 356);
  68. if (count($counter) > 10) {
  69. if (! $debug) ban();
  71. else die("Blocked");
  73. }
  74. if (! $_COOKIE['ddos_log'] == 'bil') {
  75. if (! $_GET['antiddos'] == 1) {
  76. setcookie('ddos_log', 'bil', time() + 3600 * 24 * 7 * 356);
  77. header("Location: ./?antiddos=1");
  78. }
  79. }
  80. } elseif ($_COOKIE['ddos'] !== $anticyka) {
  81. if (! $debug) ban();
  83. else die("Blocked.");
  85. }
  86. break;
  87. /////////////////////////
  88. case 2:
  89. if (empty($_COOKIE['ddos'])) {
  90. if (empty($_GET['antiddos'])) {
  91. if (! $_COOKIE['ddos_log'] == 'bil')
  92. //Checking cookies for request
  93. die('<meta http-equiv="refresh" content="0;URL=?antiddos=' . $anticyka . '" />');
  95. } elseif ($_GET['antiddos'] == $anticyka) {
  96. setcookie('ddos', $anticyka, time() + 3600 * 24 * 7 * 356);
  97. setcookie('ddos_log', 'bil', time() + 3600 * 24 * 7 * 356);
  98. }
  99. else {
  101. if (! $debug) {
  102. ban();
  103. die("Forward line of address");
  104. }
  105. else {
  106. echo "Forward line of address";
  107. die("Blocked.");
  108. }
  109. }
  110. }
  111. break;
  112. case 3:
  113. if (! isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] !== $ddosuser ||
  114. $_SERVER['PHP_AUTH_PW'] !== $ddospass) {
  115. header('WWW-Authenticate: Basic realm="Vvedite parol\': ' . $ddospass .
  116. ' | Login: ' . $ddosuser . '"');
  117. header('HTTP/1.0 401 Unauthorized');
  118. if (! $debug) ban();
  120. else die("Blocked");
  122. die("<h1>401 Unauthorized</h1>");
  123. }
  124. break;
  125. case 4:
  126. die($off_message); //Site turned off
  127. break;
  128. case 5:
  129. if ($load[0] > 80) {
  130. header('HTTP/1.1 503 Too busy, try again later');
  131. die('<center><h1>503 Server too busy.</h1></center><hr><small><i>Server too busy. Please try again later. Apache server on ' .
  132. $_SERVER['HTTP_HOST'] .
  133. ' at port 80 with <a href="http://serbiancyberteam.com/">ddos protect</a></i></small>');
  134. }
  135. break;
  136. default:
  137. break;
  138. //////////////////////////
  139. }
  140. if ($_COOKIE['ddos'] == $anticyka) @unlink($dir . $_SERVER["REMOTE_ADDR"]);
  141. }
  143. ?>
comments powered by Disqus