This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Safe offense and defense No need to upgrade php version to fix PHPmultipart/form-data remote DOS leak...
View: 13854|Reply: 1

[Security Vulnerability] There is no need to upgrade the php version to fix the PHPmultipart/form-data remote DOS vulnerability

[Copy link]
Posted on 6/16/2015 4:55:04 PM | | |

Enter: netstat -an

See if there are many connections

See if there are a large number of connections in the TIME_WAIT state of the system, if there are a large number, it can be solved by adjusting the kernel parameters,

Operation method solved by adjusting kernel parameters Input:
#vi /etc/sysctl.conf

Edit the file to include the following:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30

Then execute #/sbin/sysctl -p for the arguments to take effect.

======================== digression: ===========================
Just add these 4 lines of code to solve the PHP DOS vulnerability.

This is the method provided by Tencent Cloud technicians

Tencent technology is not bad Alibaba I asked and said there is no solution

net.ipv4.icmp_echo_ignore_all = 1

This sentence is the server ban ping, if there is no default, please add this sentence.



======================== Lumanager system note: ===========================

Lumanager doesn't need to upgrade this patch, because the cave owner has long had the foresight to minimize the harm of this hole. Don't pay attention to this hole




Previous:C# gets the date of the previous month
Next:Break the Android QQ gesture password in seconds!

Related Posts
 Landlord| Posted on 6/16/2015 5:00:28 PM |
net.ipv4.tcp_syncookies = 1Indicates that SYN Cookies are enabled. When SYN waits for the queue to overflow, enable cookies to deal with it, which can prevent a small number of SYN attacks, and the default is 0, which means it is closed.
net.ipv4.tcp_tw_reuse = 1   Indicates that reuse is enabled. Allows reusing TIME-WAIT sockets for new TCP connections, defaulting to 0, indicating closure;
net.ipv4.tcp_tw_recycle = 1  Indicates that fast recycling of TIME-WAIT sockets in TCP connections is enabled, and the default is 0, which means it is closed.
net.ipv4.tcp_fin_timeout=30Modify the default TIMEOUT time of the system.
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com