News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Strange characters when trying to include a file.

Started by Klajdi, August 06, 2017, 11:51:51 AM

Previous topic - Next topic

Klajdi

Hello,
I am having this weird text: https://i.imgur.com/dc0HgZr.png whenever I include a file at the top of index.php file.
I am using this to include
include_once($_SERVER['DOCUMENT_ROOT'] . "/dir/ddos.php");

The script/code is: https://pastebin.com/4Y6M0Yfp

Accessing the script directly works fine, including it on other projects (outside smf) works also fine.


I have been trying to figure out the issue for the last couple of hours and I'm left clueless. Id really appreciate some help.

Arantor

By putting it inside index.php, you interfere with certain operations in SMF, namely the avatar loader - and that's the result of an avatar trying to be loaded and mangled through that script.

What, exactly, are you trying to achieve? DDOS protection? Are you legitimately having issues with bots hitting your site that quickly?

Klajdi

Quote from: Arantor on August 06, 2017, 02:08:28 PM
By putting it inside index.php, you interfere with certain operations in SMF, namely the avatar loader - and that's the result of an avatar trying to be loaded and mangled through that script.

What, exactly, are you trying to achieve? DDOS protection? Are you legitimately having issues with bots hitting your site that quickly?

In general, trying to run a script before anything loads.
In particular, trying to block flooders. Im getting like 100 requests per minute from same ip.

Either way, im more concerned about the general function/purpose.

vbgamer45

I would try blocking at the server level with a firewall or .htaccess that way it doesn't hit your php code at all.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Klajdi

Quote from: vbgamer45 on August 06, 2017, 02:49:33 PM
I would try blocking at the server level with a firewall or .htaccess that way it doesn't hit your php code at all.
Well, not really, the way im trying it wont reach php code as it will be blocked by htaccess. But either way, im more interested on how I can include it.

Klajdi

Quote from: Arantor on August 06, 2017, 02:08:28 PM
By putting it inside index.php, you interfere with certain operations in SMF, namely the avatar loader - and that's the result of an avatar trying to be loaded and mangled through that script.

What, exactly, are you trying to achieve? DDOS protection? Are you legitimately having issues with bots hitting your site that quickly?
http://i.imgur.com/uSQd48r.png
Thats 648 requests from same ip, in the course of 2 minutes, keep in mind that the attack was going for around 30 minutes.
And this would have been a very efficient use of that script, thats 0.03 seconds between requests, which would have denied the ip in the first 30-40 requests.

Ofc this is not always easy as most of the time the attacks are decentralized, meaning I get that much (and more) from 10+ IPs,

dougiefresh


bestnow

Quote from: dougiefresh on August 07, 2017, 10:08:50 AM
Try this mod: Forum Hard Hit Preventer and let me know if it works for you.

that mod will automatically place a ban in the .htaccess file.


He wrote:

Quote from: Klajdi on August 06, 2017, 05:08:58 PM
Quote from: vbgamer45 on August 06, 2017, 02:49:33 PM
I would try blocking at the server level with a firewall or .htaccess that way it doesn't hit your php code at all.
Well, not really, the way im trying it wont reach php code as it will be blocked by htaccess. But either way, im more interested on how I can include it.


Klajdi

Well, as i said it would be better for me to know how to include a file before anything loads.

As for your mod, i havent checked the code, but i am supposing it needs smf to be loaded first.
But still, I was thinking to use cloudflare api to add the ips.

As i said my main priority now i loading scripts before anything else, but i might try your mod.

Klajdi

Apparently the issue doesn't occur if I include the file after ob_start(),
So far so good, but I have another question, is it certain that it wont mess anything else up?
Considering that session hasn't started yet, i'm going to remove the last line in the script (echo 'xxxxxx';).
So, will it cause anything else to break (sth i cant see)?

Advertisement: