I am trying to limit traffic to my website so that people trying to screenscrape mass amounts of data will be blocked after a while. I am supposed to do this based on the IPs of incoming requests. I believe I have the IP-limiting functionality written but, I'm stumped on how I can test it. I need to be able to change my IP address many times, to simulate valid traffic. I also need to test >20 different IPs, so a proxy solution for each one will not work for me.
I am testing the code on my local machine (running Ubuntu) so I can change my server settings (Apache) if I need to for this test.
I'm behind a corporate network so I cannot change MAC address/ARP settings to be "re-assigned" a new IP. I was hoping for some sort of localhost IP-changing type thing, so I could take advantage of the fact that the server and client were the same machine.
Also, I was trying to avoid changing the code before it is rolled out to production servers, but that may be the best way to do it.
How can I set this up?
Well, what you could do is instead of actually checking the IP do something like this:
$ip = '1337.1337.1337.1337';
Instead of:
$ip = $_SERVER['REMOTE_ADDR']
And then go on to do your IP checking code.
So then when you are done you could make your $ip variable code look like this:
//$ip = '1337.1337.1337.1337';
$ip = $_SERVER['REMOTE_ADDR']
So you can easily turn on and off the "debug switch"
EDIT:
Or even make the IP dynamic:
$ips = Array('192.168.1.220', '120.843.592.86', '256.865.463.563');
$ip = $ips[rand(1,count($ips)-1)];
You can easily do that by running the following command on linux:
ifconfig eth0:0 127.0.0.2
ifconfig eth0:1 127.0.0.3
etc... (creating fake local interfaces)
You may have to configure apache to listen on those ips if you're not listening on 0.0.0.0 (all interfaces), then you can directly access those IPs.
If you want to use other ips, you can easily do that too, but remember to remove them once your tests are done.
This will only work from your local machine, to your local machine.
There are many ways you can test this. The easiest way imo would be to create a list of ARP entries where the IP addresses you are impersonating point to the MAC address of the server. You could then write a simple app that sets the src address to each of the impersonated IP addresses, connect and send whatever HTTP request you want. The server should reply just fine.
You want to consider doing this at the firewall level (if not the corp border firewall than a SW firewall on your host). There are many situations where an abusive host can still take down or affect performance on your site if you are only limiting them at the application level. They are still consuming sockets on and web server worker threads even though you end up rejecting them. You may even have some code that has some expense before the IP check. It really all depends on how lightweight your application is, but one thing is sure, a firewall, whether hardware or sw, can block unruly clients way more efficiently than your application can.
This answer is probably overkill for this application, but I like using tcpdump / libpcap, winpcap, and raw sockets for generating traffic. You not only have great control over the volume going to and from your application, you learn a lot about what you can expect firewall/traffic filter settings to do for you and what kinds of traffic is being blocked that you didn't expect (or that you don't want blocked).
use the random function and set limit to rand(0,255) and concat string in to the IP format. when ever you calling you will get new IP address
Related
I am working on a task that requires running a C code on my PC using a PHP code on a website created by me so how can that be possible using the IP and Port Number of my PC ?
I've searched for some codes to do that task but haven't find enough what i demand , it's quite similar to this in that question : PHP sending message via TCP/IP
but not exactly and the code inlink is :
<?php
$errno = NULL;
$error = NULL;
if (!$handle = #fsockopen("192.168.188.24", "49419", $errno, $error, 10))
{
die("Fehler (".$errno."): ".$error);
}
fwrite($handle, "ON\r\n");
fclose($handle);
?>
Well, since not working with Arduino , i hope it's possible to compile and run code remotely from the website
You either need a static IP address and to open up the ports you need on your PC both incoming and out going...
... or you need a dynamic IP service that will pretty much give your PC a domain name you can access, and will update your IP everytime it changes (usually when restarting router).
You will still need to open the ports you require.
Many ISP will give you a static IP though, so if you have a static IP, you can just use that.
DynIP is a good example of a dynamicIP address: https://www.dynip.com/
Simple install, but it's paid for. There's probably free alternatives out there.
Or... get a server on AWS or similar, and host the C script on there, and call that server, rather than your home PC.
If I understand it correctly, you've got a C program on your local computer, that you want to run from a remote website. Your local PC is simply a client and not offering any services. That's not possible for security reasons. Imagine what the internet would be like if servers could start running programs on random PC's.
You need to set up your local PC as a server, and offer the C program through it; possibly a web service running CGI.
On another note, 192.168.188.24 is a local IP address, behind a router; I don't think your website can talk to it unless it's also behind the same router.
I'm making a simple port scanner in PHP, and am trying to figure out how I'd request the name of the service I'm connecting to, similar to how Nmap is able to discover services.
I'm using fsockopen() to open the socket, so I'd use fwrite($socket, "WHAT SERVICE AM I COMMUNICATING WITH?") to ask the question, then listen using fgets($socket).
How do I ask the service what it is?
It's hard coded into the program what the different ports are for. The remote applications don't report them. There are tons of lists on the internet that provide this information.
Same thing for looking at standard services and responses from similar services on different OSs. That's how nmap guesses what OS it's talking to.
Here is a decent starting point.
Here is the source file with the port mappings for nmap.
The scary part is the code that tells which versions and such is running. That's here and I'm glad I don't have to write this :\
Last one, pretty sure this is the file that says how to guess which OS a remote computer is: here
I have a problem that is stuck in my mind for almost 24 hours, and at this moment I don't know how to fix it.
Here is the thing: I want to have one 'main' socket on my server that processes all incoming data and sends it to other clients using PHP. That part goes fine, but I want to connect with that socket using multiple subdomains, e.g. ex.example.com. The thing with this is, that you cannot connect with that subdomain unless you have a socket running on it, and that just fills up your ports and that is what I'm trying to prevent.
The best solution is to make Apache process the incoming TCP request, saves the data on which domain you are connecting, and then redirects the client to the main socket, which processes the received data and immediately acts when the client is accepted.
Honestly, I have no idea how to do this. I'm searching for hours, but the only thing I've found was something on Stackoverflow that got close to it: Apache - handling TCP connections, but not HTTP requests
But with that piece of script I am not able to save data (which domain you're using) and send it to the main socket.
I don't know if this can be done by Apache or if it is possible at all, or if there are any other workarounds.
Thank you :)
You are confused about subdomains. Sockets, TCP, and IP all know absolutely nothing about names. DNS wasn't invented until that networking stack had been around for years.
Thus, you can point any number of domains at a single "socket" port on a machine.
Apache can route an incoming request to different "webspaces" (i.e. virtual hosts) based on the destination IP address of the incoming connection(1) or the HTTP/1.1 "Host" header(2). The former was how virtual hosts used to be done but now almost everybody uses the latter.
(1) A machine can have multiple IP addresses even with a single network card but ports are unique to any given protocol on that machine. You point different domains to different addresses and define a reverse-mapping on the webserver so it can tell how the request began.
(2) The value of the "host" is the DNS name that was given to the browser. Since this value is passed explicitly to the webserver, that server doesn't need to rely on tricks like #1.
When I connect to a mysql database in PHP, and the db is hosted on the same machine as the site itself, I can either use the machine's IP, or 127.0.0.1
Is there a difference in performance between the two? Is there a guideline for when I should use 127.0.0.1?
When you want to connect to the local machine, you should always use localhost, or 127.0.0.1, because the server may deny access to any other interface. Additional when the IP changes you have a huge amount of work to do to change every occurence of the IP you placed somewhere.
However, the loopback address should be slightly faster, but I guess no one can measure it in a reliable way, thus: You shouldn't care. And when you are using loopback anyway (as suggested above), then you are on the safe side.
There is probably an incredibly small (unnoticeable) performance benefit to connecting via 127.0.0.1, since it will not require as many firewall/routing rules to be checked when you connect.
If you have the option, connect via the unix domain socket (usually something like /tmp/mysql.sock). There is a definite performance increase to connecting via this method, as well as improved security.
Edit
According to the comment by MarcB apparently connecting via localhost will automatically attempt to connect via the domain socket. As stated this is the preferred and most performant method,
Both requests ends up hitting the kernel routing table before going out to an interface. There shouldn't be any impact unless the loopback address has in-kernel optimizations.
The performance should be the same unless there are some extremely weird network configuration on the server.
As for guidelines, well, that depends, if your db server is likely to change in the future maybe you should store that url in some xml file or any file so the application can read that configuration later. By doing that you don't have to worry for using any ip or even the hostname or localhost. you may even try to look into DynamicDns for this.
If the server is unlikely to change then don't worry too much. Use 'localhost' instead of any ip just in case the server ip changes. The file option is still a good practice but it won't hurt you too much if you don't use it.
I know this may be an impossible question, since we are dealing with two different layers of the network, but is it possible to send a reply to an ARP request using PHP sockets?
If so how....such as What port and ip address would you connect the socket to? Again, I understand that arp doesn't use a port number...at least not that I can tell.
I want to do it in PHP, but for those that are going to question my intentions, it is ultimately for a program I am writing for a some piece of hardware. It seems that as though the NIC does not reply to ARP requests, so I want to generate the response manually.
Basically, the only sort of functions that would get me close are socket functions. UDP and TCP.
Oh, I forgot....if Arp is not possible with sockets, is it possible that when I broadcast an "A" record for my hostname, that I can give my MAC address to the router in some sort of dns answer, so the router can respond to arp requests for the hardware's ip address.
ARP runs on the link layer, sockets run on IP. If your host does not respond to ARP requests, it can never correctly receive TCP or UDP packets. You need to implement ARP in the operating system or network stack. It is not possible nor desirable to do so in PHP.
As Sjoerd says: no way through the 'normal' channels as ARP isn't even IP. But if you can call libpcap from PHP, you can use it to sniff ARP requests and also inject replies.
Reading your edits: DNS also won't help as it manages IP addresses, not MAC ones.