Wednesday, May 29, 2013

script anti DDOS

Posted on 5:15 AM by myname

$debug = false; // debug mode, disabled ban, simply shows a message if the IP was banned or not.
if ($debug) error_reporting(E_ALL);
else  error_reporting(0);

$ddos = 1;
$log = false;
$dir = dirname(__file__) . /cyki_bots/; //DDOS log directory, create it and chmod 777
$ddos_redirect_host = http://google.com/; // Host to which redirect DDOS

$icq = 123456; //Admins ICQ
$off_message = We are experiencing technical difficulties.; //Message if website is down.
$anticyka = md5(sha1(botik . strrev(getenv(HTTP_USER_AGENT))));
$ban_message = You have been blocked. If you believe this is a mistake, contact an administrator, icq of admin: .
    $icq .
(c)XakNet antiddos module; // Ban message
$exec_ban = "iptables -A INPUT -s " . $_SERVER["REMOTE_ADDR"] . " -j DROP"; // Ð´Ð»Ñ iptables(Debian/ubuntu/etc)
$load = sys_getloadavg(); // Function for retrieving load average =
$ddosuser = lol_ddos;
$ddospass = substr(ip2long($_SERVER[REMOTE_ADDR]), 0, rand(2, 4));
//not tested //checks if those are crawlers:

$google = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "googlebot.com") !== false;
$yandex = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "yandex.ru") !== false;
$rambler = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "ramtel.ru") !== false;
$rambler2 = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "rambler.ru") !== false;
$aport = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "aport.ru") !== false;
$sape = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "sape.ru") !== false;
$msn = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "msn.com") !== false;
$yahoo = strpos(gethostbyaddr($_SERVER[REMOTE_ADDR]), "yahoo.net") !== false;
//
if(!file_exists($dir . banned_ips)) file_put_contents($dir . banned_ips, );
if (strstr(file_get_contents($dir . banned_ips), $_SERVER[REMOTE_ADDR]))
        die($ban_message); //GTFO )


if (! $google || ! $yandex || ! $rambler || ! $rambler2 || ! $aport || ! $sape ||
    ! $msn || ! $yahoo) {

    $f = fopen($dir . $_SERVER["REMOTE_ADDR"], "a");
    fwrite($f, "zapros cyka
");
    fclose($f);
    function ban()
    {
        if (! system($exec_ban)) {
            $f = fopen($dir . banned_ips, "a");
            fwrite($f, $_SERVER[REMOTE_ADDR] . |);
            fclose($f);
        }
        echo $ban_message;
        header(Location: . $ddos_redirect_host . );
        die();
    }
    switch ($ddos) {
            ///////////////////////////
        case 1:
            if (empty($_COOKIE[ddos]) or ! $_COOKIE[ddos]) {
                $counter = @file($dir . $_SERVER["REMOTE_ADDR"]);

                setcookie(ddos, $anticyka, time() + 3600 * 24 * 7 * 356); // на год нах.
                if (count($counter) > 10) {
                    if (! $debug) ban();

                    else  die("Blocked");

                }
                if (! $_COOKIE[ddos_log] == bil) {
                    if (! $_GET[antiddos] == 1) {
                        setcookie(ddos_log, bil, time() + 3600 * 24 * 7 * 356); //типо Ð·Ð°Ð¿Ñ€Ð¾Ñ ÑƒÐ¶Ðµ был чтоб не перекидывало поÑтоÑнно рефрешем.
                        header("Location: ./?antiddos=1");
                    }
                }
            } elseif ($_COOKIE[ddos] !== $anticyka) {
                if (! $debug) ban();

                else  die("Blocked.");

            }
            break;
            /////////////////////////
        case 2:
            if (empty($_COOKIE[ddos])) {
                if (empty($_GET[antiddos])) {
                    if (! $_COOKIE[ddos_log] == bil)
                        //Checking cookies for request
                            die();

                } elseif ($_GET[antiddos] == $anticyka) {
                    setcookie(ddos, $anticyka, time() + 3600 * 24 * 7 * 356);
                    setcookie(ddos_log, bil, time() + 3600 * 24 * 7 * 356); //типо Ð·Ð°Ð¿Ñ€Ð¾Ñ ÑƒÐ¶Ðµ был чтоб не перекидывало поÑтоÑнно рефрешем.
                }
                else {

                    if (! $debug) {
                        ban();
                        die("May be shall not transform address line?");
                    }
                    else {
                        echo "May be shall not transform address line?";
                        die("Blocked.");
                    }
                }
            }
            break;
        case 3:
            if (! isset($_SERVER[PHP_AUTH_USER]) || $_SERVER[PHP_AUTH_USER] !== $ddosuser ||
                $_SERVER[PHP_AUTH_PW] !== $ddospass) {
                header(WWW-Authenticate: Basic realm="Vvedite parol:  . $ddospass .
                    | Login: . $ddosuser . ");
                header(HTTP/1.0 401 Unauthorized);
                if (! $debug) ban();

                else  die("Blocked");

                die("

401 Unauthorized

");
            }
            break;
        case 4:
            die($off_message); //site disabled
            break;
        case 5:
            if ($load[0] > 80) {
                header(HTTP/1.1 503 Too busy, try again later);
                die(

503 Server too busy.

Server is sibuks. Please coba again nante. Apache server on .
                    $_SERVER[HTTP_HOST] .
                    at port 80 with http://forum.xaknet.ru/">ddos protect);
            }
            break;
        default:
            break;
            //////////////////////////
    }
    if ($_COOKIE[ddos] == $anticyka) @unlink($dir . $_SERVER["REMOTE_ADDR"]);
}
//////////////////////////////
//powered by xaknet.ru


?>

This entry was posted in , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)