Webmaster Security

Anti-flood DDoS in PHP

Submitted by BURST, , Thread ID: 106919

Thread Closed
BURST
User Icon
$ cat /etc/passwd
Challenge
Expert in Security
Level:
1
Reputation:
70
Posts:
1.35K
Likes:
150
Credits:
169
22-11-2018, 10:43 PM
#1
Code:
<?php
if (!isset($_SESSION)) {
    session_start();
}
// anti flood protection
if($_SESSION['last_session_request'] > time() - 2){
    // users will be redirected to this page if it makes requests faster than 2 seconds
    header("location: http://www.example.com/403.html");
    exit;
}
$_SESSION['last_session_request'] = time();
?>

I've already tested this script as you higher the second It Will keep redirecting to

Code:
http://www.example.com/403.html

without any reason.
Can anyone tell me why?
[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]

RE: Anti-flood DDoS in PHP

Quietz
YOUR FRIENDLY MEMBER
Prime
Level:
0
Reputation:
24
Posts:
221
Likes:
19
Credits:
0
22-11-2018, 10:51 PM
#2
I dont know why anyone would use this. If you need help by setting up a ddos protection let me know please

RE: Anti-flood DDoS in PHP

luksonaa
Closed Account
Level:
0
Reputation:
0
Posts:
12
Likes:
0
Credits:
9
22-11-2018, 11:04 PM
#3
vouch on couch nice guide mate thanks for dis
50 more characters here

RE: Anti-flood DDoS in PHP

r1n9zer0
Newbie
Level:
0
Reputation:
0
Posts:
12
Likes:
0
Credits:
15
29-11-2018, 08:39 AM
#4
If I were you I would start by understanding where in your code this is happening. It is obvious that the below if block is being taken and $_SESSION['last_session_request'] > time() - 2 is evaluating to true. If I were you, I would echo $_SESSION['last_session_request'] and time() to see if these are values you expect. Taking a look here should give you all the answers you need -> https://stackoverflow.com/questions/3972...per-second.

Users browsing this thread: 1 Guest(s)