PHP and Website Security ProjectX

Demystifying the Common Methods of DDoS / DoS Attacks

rooted linux kernel

“Tango Down!!!”

DDoS (distributed denial-of-service) or DoS (denial-of-service) attack, the act of putting a computer resource, server or network down or unavailable. In fact the CIA Website was once took down by a massive DDoS Attack. These kind of attacks are considered lame but it actually gives your website a nightmare of  ub3rdowness  and a guaranteed server downtime.

In this article let’s try to demystify the common methods of flooding a network that the world has ever known or shall I say to most people in underground forums or in IRC.

DoS Tools or Programs

These DoS Tools or Programs are skiddie tools or programs that can be downloaded in some cracking forums or file sharing networks. These kind of tools usually sacrifices one’s packets to attack a certain IP / host. Thus, there is a possibility that it can down your own connection. It’s not really that effective but for some weak hosts or websites, it is.

DoS Tool or program

Ettercap has a DoS plugin that attacks a certain IP in your LAN and Net tools 5 has also an HTTP Flooder.

PHP UDP / TCPIP Flooder

PHP UDP / TCIP Flooders are one of the most common but effective attacks especially if it is hosted on a VPS (Virtual Private Server) server or a hosting company or if simultaneous hosts attack a certain website. You can find a lot of websites that have backdoored PHP UDP / TCIP Flooders nowadays because of the leaks and links posted in pastebin. With the links that I found, most of these PHP flooders are hosted on WebDAV Vulnerable websites and even on some WordPress blogs. If you search for these kind of PHP files, it’s usually named as X32.php, shell.php, greenshell.php, dos.php, ddos.php, udp.php, etc.

UDP Shell

These kind of PHP scripts contain the following lines:

With these kind of method, the attacker doesn’t infect clients or your computer at home but pawn a website or server before he can upload the PHP script.

IRC Bots or Botnets

IRC Bots or Botnets are ninja DDos or DoS attackers. They may originate from an infected client (zombie computers…owww brainsss) or a web server pawned then uploaded with a perl or python (especially if it runs on *nix or BSD) IRC bot. So if you have an easy to crack SSH server or a WHMCS Vulnerable hosting website then consider yourself a target especially for attackers to run their scripts. These kind of bots may have functions like; SYN flood, HTTP flood, port scanning, exploiters, SQL flood and many more but because we are talking about the common methods of DDoS / DoS Attacks then I will not explain more of their function because it’s too broad and may become off-topic.

IRC Botnets

Shell Booters or Host Booters

The function of a shell booter or host booter is just the same with a PHP UDP / TCIP Flooder but it is distributed because they use a series of backdoored shells which sends a lot of heavy packets especially if you have a lot of shells. Thus, if a PHP UDP / TCIP Flooder is somehow effective, then this is more effective. In fact most underground forums setup shell booters and allow members to access the host booter if they are premium members. Now they are going for business. lolz

Before, host booters are just used for cheating online games but now it has added functions like SYN Flood or HTTP Flood. That’s what you call evolution. hehe

Shell Booter

Host BooterConclusion

There are still other methods and sophisticated attacks not mentioned in this article but at least we were able to tackle some of the common methods used by pawners or people from the #antisec or anonymous. In fact it’s also possible to flood or DoS a website using an XSS but I haven’t researched more on that yet. To prevent these kind of attacks, the admin should set up a firewall for his web server especially if it is a hosting company and install an IDS. Upgrading to IPv6 should also prevent these kind of attacks unless the botnet’s IP is also IPv6. But, having a firewall doesn’t also give you a 100% guarantee to stop this attack especially if there are a lot of botnets or IRC bots attacking the target simultaneously (especially if thousands of zombie computers and VPS servers are attacking the host), regarding this case I really dunno how to retaliate or defend a very heavy attack since I’m still learning security.

Talk about Cyber Wars!!!

Leave a Reply