cleantalk/anti-ddos-lite

A small PHP app to protect your site against DDoS attack or crawling web site by bots.

Maintainers

Details

github.com/CleanTalk/anti-ddos-lite

Source

Issues

Installs: 792

Dependents: 0

Suggesters: 0

Security: 0

Stars: 111

Watchers: 7

Forks: 42

Open Issues: 0

2.0.2 2023-07-04 05:32 UTC

Requires (Dev)

GPL-3.0-or-later a58531caa6cc8adebbd7d888a4a7e7697939b410

  • CleanTalk Team <support.woop@cleantalk.org>

This package is auto-updated.

Last update: 2024-04-15 09:23:46 UTC

README

Build Status

Anti-DDoS-Lite (Anti-Crawler app) is a PHP app to protect your site against DDoS attack or crawling web site by bots.

Description

Anti-DDoS-Lite helps block bots and reduce server load and stops bad bots before they can reach your original web page. During the opening of the site page, the application performs a JS check and if the check fails, then a blocking page will be displayed.

Most of bots can't execute JavaScript code or can execute code partially. This app filters traffic from bots by using simple JavaScript code. Bots are denied to read original pages, they get only a single stop-page. As a result DDoS attack is reduced by elimination of bots traffic that participating in the DDoS attack.

In the same time, legitimate/real visitors get the original page after a short delay because the browser of legitimate/real visitors executes JavaScript code. The legitimate/real visitors see the stop-page only once, during first visit to the site.

stop-page1.png

How to use

  1. Include the app as first line in index.php by various way:

A Download, unzip and include the app:

<?php
// This file have to be very first included
require "anti-ddos-lite/anti-ddos-lite.php";

//
// index.php code bellow
// ...
//

?>

B Or install the app by composer package:

composer require cleantalk/anti-ddos-lite

<?php
// Init the app before your web app's main logic
\Cleantalk\CleantalkAntiDdosLite\CleantalkAntiDdosLite::init();
  1. Generate new value for anti_ddos_salt.

Skip protection for visitors from trusted networks, Autonomous systesm (AS)

Setup GeoIP and list excluded Autonomous systems in the $not_rated_as.

  $not_rated_as = '';

Skip trusted User-Agents

Skip trusted User-Agents. Regular expressions are allowed, example is bellow.

  $not_rated_ua = array(
        'CleanTalk Uptime bot.+',
        'Googlebot', 
        'Bingbot',
        'Baiduspider',
        'YandexBot',
        'facebot',
        'facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)',
        'ia_archiver'
);

Changelog

Version 2.0.2

  • Fix. A document.write vulnerability fixed.
  • Fix. UA list converted to regular expressions.
  • Fix. UptimeRobot UA.
  • Fix. Trusted UA is skipped correctly.

Version 2.0.1

  • New. Headless mode detection.
  • Fix. Now visitors without JS will be blocked correctly.
  • Refactoring and minor fixes.

Contacts

Email: welcome@cleantalk.org