How to protect your website from DDoS attacks or bot crawls

Anti-DDoS-Lite (Anti-Crawler app) is a small PHP app to protect your site against DDoS attacks or crawling web site by bots.

Anti-DDoS-Lite helps block bots and reduces server load and stops bad bots before they can reach your original web page. During the opening of the site page, the application performs a JS check and if the check fails, then a blocking page will be displayed.

Most of bots can't execute JavaScript code or can execute code partially. This app filters traffic from bots by using simple JavaScript code. Bots are denied reading original pages, they get only a single stop-page. As a result DDoS attack is reduced by the elimination of bots traffic that participates in the DDoS attack.

At the same time, legitimate/real visitors get the original page after a short delay because the browser of legitimate/real visitors executes JavaScript code. The legitimate/real visitors see the stop-page only once, during the first visit to the site.

How to use

1. Include the app as the first line in index.php in various ways:

1.1. Download, unzip the archive to the main folder of the site and include the app:

<?php
// This file have to be very first included
require "anti-ddos-lite/anti-ddos-lite.php";
//
// index.php code bellow
// ...
?>

1.2. Or install the app by composer package:

composer require cleantalk/anti-ddos-lite

<?php
// Init the app before your web app's main logic
\Cleantalk\CleantalkAntiDdosLite\CleantalkAntiDdosLite::init();

2. Generate a new value for the $anti_ddos_salt variable. You can find it in the anti-ddos-lite.php file.

How to test it

1. Disable JavaScript in your browser.

2. Open your site and you will see the blocking screen:

Skip protection for visitors from trusted networks, Autonomous systesm (AS)

Setup GeoIP, open the anti-ddos-lib.php file and list excluded Autonomous systems in the $notRatedAs variable.

// List of trusted Autonomous systems.
$notRatedAs = [13238,15169,8075,10310,36647,13335,2635,32934,38365,55967,
        16509,2559,19500,47764,17012,1449,43247,32734,15768,33512,18730,30148];

Skip trusted User-Agents

You can find it in this path: anti-ddos-lite\src\not_rated_ua.php. Regular expressions are allowed, the example is below.

$not_rated_ua = array(
        'CleanTalk Uptime bot.+',
        'Googlebot', 
        'Bingbot',
        'Baiduspider',
        'YandexBot',
        'facebot',
        'facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)',
        'ia_archiver'
);

Then, in the main anti-ddos-lite.php file, find the test_not_rated_ua variable. And change the false to true.

How to change input data

If you want to change the redirect delay as an example, do the following:

1. Open the main anti-ddos-lite.php file.

2. Find the $data array and find the redirect_delay variable in it.

3. Change the value to a new one.

After these changes, the users will be automatically redirected to the requested page after 10 seconds.

If you haven't found the answer to your question, please, contact our support team.