CMS

PHP DDoS Attacks And Protection

Published on: June 16, 2020

PHP DDoS Attacks And Protection

As of now, DDoS (distributed denial-of-service) attacks are the primary security concern for all PHP based websites and CMS. The PHP based DDoS attacks are evolving itself as a global threat to cybersecurity.

web application attacks
source: NeuStar infographic

PHP DDoS attacks have been rapidly increasing over the past five years. Globally, the attack grew 25% in 2015 and is expected to increase 2.6 fold to 17 million by 2020. Eventually, hackers are using DDoS attacks as the most prominent lethal weapon of modern time.

DDoS attacks are mostly carried through botnets. Botnets are a set of networks of compromised computers that are used to flood the server with false requests. Most of the time, the botnets are hosted from china (over 4.5 million hosts in 2018), 2.7 million hosts from china, and 1.5 million hosts from Russia.

Therefore, conceding the above concerns, in this article, we shall cover some deep insights into PHP DDoS attacks along with the security measures to prevent them in the near future.

Also read: PHP SQL injection [ Fixed ]

What are the PHP DDoS attacks?

PHP DDoS attacks 2019
source: NeuStar infographic

You must be familiar with the DoS (denial of service) attack. In this attack, a single computer system is used to send thousands of web requests at a time, which slows down the function of the web servers. Similarly, the DDoS attack uses several botnets that floods the server with illegitimate web requests. The main objective of such attacks is to block legitimate users from accessing the website.In adjacent to that those attack which alters the PHP script and manipulates the source code of a vulnerable directory on a website is called PHP based DDoS attack.

A common mistake is to write code that appears in URLs, as mentioned below:

  • www.example.com/blog.php?doc=aboutus.php
  • www.example.com/blog.php?doc=products.php
  • www.example.com/blog.php?doc=legal.php

The code for “blog.php” will read in the $_GET[‘doc’] variable. Later the user input traverses through include() the required file into the script. It’s a basic methodology followed for every web requests, but consider what if an intruder modified the URL to this:

www.example.com/blog.php?doc=blog.php

So when a user visits the above link, blog.php will load then include()article.php, then again blog.php, and so on. The iteration won’t stop until your server reaches the maximum execution attempts for a script. By this time, your web server will be dealing with a large number of unwanted requests that would consume a lot more CPU usage. Eventually, it will result in crashing down your server.

PHP DDoS attack protection

PHP DDoS protection: Web Application Firewall

astra security suite
source: Astra

The use of WAF( web application firewall) would definitely provide you an extra edge to your security. A good firewall comprises of security appliance setup that is regularly maintained by qualified security experts. Also, it is beneficial to manage the allocated bandwidth provided for each open web service.

It becomes more lenient to block the web requests using a firewall, rather than using .htaccess. In this way, the web requests never get directly to apache. Further, the requests are dropped from the server on the basis of the IP address rule.

The following command mentioned below, when running as root, will use iptables rules to filter out illegitimate packets from a particular IP address.

/sbin/iptables -I INPUT -s 1.2.3.4 -j DROP

PHP DDoS protection: .htaccess

PHP DDoS protection
source: WPbeginner

It is a directory level configuration file that is used to lower the load caused by DDoS attacks. htaccess blocks the unwanted active connection, forbidding it to call your PHP scripts.

Let’s take an example of a request made on a login script. Whenever you make a request on an apache server, it will call out for the PHP script, which further matches out the authentic users in its database.

Request <---> Apache <---> PHP <---> MySQL (maybe)

If you block and IP (say 192.168.1.1) your htaccess will have an extra line like this:

Deny from 192.168.1.1

The request goes the same as described below:

Request <---> Apache <-x-> [Blocked]

The following info adds up a bonus of preventing brute-force attacks on the login form. All you need to do is to blacklist a particular IP address, exceeding the maximum login (maybe 20 times in a minute) attempts.

PHP DDoS protection: cPanel & WHM

DDoS protection Cpanel and WHM
source: blog.cpanel.com

You can quickly ban a single host IP address with the help of CPanel’s IP deny manager. But it won’t protect us from SYN-flood and botnets based DDoS attacks. So to counter the problem, we use the Mod-evasive Apache module. It communicates with the IP tables to restrict the unauthentic traffic.

You can simply install “Mod_evasive” from the Apache Modules section of WHM’s (Web Host Manager) EasyApache 4 interface. Therefore, To access the module, login to WHM and go to Home >> Software >> EasyApache 4.

PHP DDoS protection: Manual blocking

manual blocking
Source: tools.cisco.com

Are you seeking for an instant solution for an undergoing DDoS attack? If yes, you may opt for a manual blocking method that immediately helps you to mitigate the attack. Our security engineers at ASTRA helps you to determine the number of active connections with the help of the following command.

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

This command helps you to figure out the IP addresses that connect through TCP-IP or ”UDP” method.

Conclusion

DDoS attacks become more lethal if ignored. Fortunately, there are efficient methods available to mitigate DDoS attacks. Today, we’ve learned some of the primary preventive measures that would help you to counter the attack in the near future.

Was this post helpful?

Naman Rastogi

Naman Rastogi is a Growth hacker and digital marketer at Astra security. Working actively in cybersecurity for more than a year, Naman shares the passion for spreading awareness about cybersecurity amongst netizens. He is a regular reader of anything cybersecurity which he channelizes through the Astra blog.Naman is also a jack of all trade. He is certified in market analytics, content strategy, financial markets and more while working parallelly towards his passion i.e cybersecurity.When not hustling to find newer ways to spread awareness about cybersecurity, he can be found enjoying a game of ping pong or CSGO.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany