This is interesting.
So maybe the fsockopen is us using some type of DNS caching etc. Because getting the address with gethostbyname is slow anyway.
I mean:
$fp = @fsockopen('ssl://'.gethostbyname('www.microwallet.org'), 443);
is a mistake.
Sorry I'm just a PHP coder, not a sysadmin etc. And it does not bug for me so don't have a playground to test what is wrong.
Maybe it is time to replace the fsockopen with curl functions. But I don't know if it will work for you either.
Thanks for your help I really appreciate it. The problem here is that I had no balance issue before the last DDoS attack. That's why I'm confused. We'll see if the admin will give an answer to this problem.