I have also talked about the solution to sending a large number of data packets externally from php before. That is because the server is infected with phpddos. The following principles are similar, we can keep watching.
1. [php external outsourcing issues]
The customer said that his vps was seriously outsourced. My driver room staff checked the monitoring and the screenshot is as follows:
If this continues, the customer's machine will definitely cause the ping value to be unstable, or even the server to crash.
2. [Analyzing Problems]
After analysis, it was found that these PHP programs that sent out packages all used the fsockopen() function. It is strongly recommended that you modify the php.ini file and turn off this function. More than 95% of programs do not need this function. Only individual programs such as Taobao, Ucenter, and some API programs need to use this function. If this function is turned off, the package sending program will be completely disabled, which greatly enhances the security level of the server.
1. Close the process of this function, edit the php.ini file and search for "disable_functions=" in this file. If there is a ; symbol in front of this line, delete this symbol, and then change this line to:
-------------------------------------------------- ----------------------------------
disable_functions = popen,exec,passthru,system,fsockopen,pfsockopen
-------------------------------------------------- ----------------------------------
After the modification is completed, save and exit, and restart the IIS or apache service to take effect.
2. If you have the DedeCMS program on your server, please pay special attention to check:
-------------------------------------------------- ----------------------------------
/plus/config_s.php
/plus/index.php
/data/cache/t.php
/data/cache/x.php
-------------------------------------------------- ----------------------------------
These are generally Trojan programs and should be deleted promptly!
3. Please download udpdeny.rar and use IP policy to prevent the server from sending packets;
4. In the latest version of the security package of Xingwai, version 4.0 of the IP policy [download safe package] is included. After you import it, you can directly restrict outgoing UDP packages. Download this package and then import the security policy. However, this policy does not close the DNS port, and some attacks are still effective. In order to solve this problem, you can also adjust the IP policy to restrict udp to only access specific DNS server IPs, such as 8.8.8.8. Unless hackers attack this IP, attacks will It is also invalid. You can set a DNS IP that you only know in the network card DNS, and do not make it public, and then call the udp open part of the IP policy to solve the problem. (Open the properties of the IP policy, double-click open, and change the open in the Delete any one of the two udp records. Double-click on the retained one and change the address from the source address to any address to the destination address "Specific IP. This IP is set to your own DNS IP, such as 8.8.8.8" and then save it. )
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
