IP attacks are upgraded and programs are improved to deal with new attacks
- 2020-03-31 21:18:32
- OfStack
But the last few days have been a lot worse. 90% of the attacks have been impossible to intercept.
IP attack and start time, number of attacks, location note
125.165.1.42 -- 2010-11-19 02:02:19 -- / 10 Indonesia
125.165.26.186 -- 2010-11-19 16:56:45 -- / 1846 Indonesia
151.51.238.254 -- 2010-11-19:32:40 -- / 4581 Italy
151.76.40.182 -- 2010-11-19 11:58:37 -- / 4763 Rome, Italy
186.28.125.37 -- 2010-11-19 11:19:22 -- / 170 Colombia
186.28.131.122 -- 2010-11-19 11:28:43 -- / 22 Colombia
186.28.25.130 -- 11:30:20 -- / 1530 Colombia
188.3.1.108 -- 02:48:28 -- / 1699 Turkey
188.3.1.18 -- 2010-11-19 06:46:01 -- / 1358 Turkey
188.3.34.226 -- 17:07:02 -- / 1672 Turkey
190.24.50.228 -- 2010-11-19 12:26:38 -- / 2038 Colombia
190.24.83.82 -- 14:20:10 -- / 9169 Colombia
190.25.30.213 -- 2010-11-19 14:00:44 -- / 680 Columbia
190.26.29.130 -- Nov. 19, 2010 13:33:11 -- / 510 Colombia
190.27.115.101 -- 2010-11-19 13:53:48 -- / 340 Colombia
190.27.22.222 -- 2010-11-19 12:16:02 -- / 340 Colombia
201.244.113.165 -- 2010-11-19 11:25:55 -- / 170 Colombia
201.244.113.47 -- 11:24:56 -- / 147 Colombia
201.244.115.156 -- 10:13:56 -- / 2031 Colombia
201.244.119.228 -- 2010-11-19 13:50:05 -- / 170 Colombia
201.245.218.155 -- 13:30:30 -- / 21 Colombia
212.156.185.122 -- 08:40:36 -- / 16158 Turkey
78.160.106.60 -- 03:31:12 -- / 340 Turkey
78.162.67.77 -- 2010-11-19 04:26:24 -- / 3595 Turkish procedure caught
78.175.64.173 -- 02:00:08 -- / 2877 Turkey
78.176.178.76 -- 06:12:05 -- / 2370 Turkey
78.177.2.86 -- 13:24:29 -- / 196 Turkey
78.181.76.51 -- 16:04:29 -- / 600 Turkey
78.184.145.63 -- 2010-11-19 14:30:12 -- / 2542 Turkey
78.185.168.24 -- 2010-11-19 09:02:52 -- / 3877 Turkey
78.190.79.225 -- 2010-11-19 13:25:22 -- / 3300 Turkey
78.190.84.230 -- 2010-11-19 06:51:33 -- / 2719 Turkey
78.191.149.47 -- 08:34:34 -- / 8783 Turkey
78.191.233.108 -- 05:10:48 -- / 340 Turkey
78.191.94.126 -- 04:34:26 -- / 3091 Turkey
85.104.231.74 -- 08:03:53 -- / 3500 Turkey
85.104.49.60 -- 04:47:12 -- / 1037 Turkey
85.106.123.116 -- 13:35:45 -- / 68 Turkey
88.224.255.96 -- 07:18:59 -- / 3903 Turkey
88.228.138.65 -- 02:12:31 -- / 396 Turkey
88.228.66.5 -- 2010-11-19 10:44:26 -- / 2797 Turkey
88.229.12.40 -- 2010-11-19 06:57:46 -- / 6792 Turkey
88.234.193.11 -- 08:25:42 -- / 5895 Turkey
88.236.78.79 -- 2010-11-19 15:01:54 -- / 170 Turkey
88.238.26.12 -- 2010-11-19 05:21:46 -- / 473 Turkey
88.238.26.154 -- 2010-11-19 05:31:58 -- / 1683 Turkey
88.242.124.128 -- 2010-11-19 06:53:56 -- / 8401 Turkey
88.242.65.61 -- 2010-11-19 08:38:41 -- / 1204 Turkish program caught
94.122.20.157 -- 2010-11-1909:53:39 -- / 1917 Turkish American program caught
94.54.37.54 -- 2010-11-19 02:44:07 -- / 1096 Turkish American program caught
95.14.1.97 -- 08:30:10 -- / 167 Turkey and the United States
95.15.248.177 -- 2010-11-19 11:14:54 -- / 1454 Turkish American program has been caught
A total of 125,008, 172 in 15 seconds, and only 9,266.
The table is bad enough, our website was attacked 120000 times a day, if let it freeze, will bring the burden of web site of the network effect is obvious, the characteristics of the attack is when an attack is made up of 3-5 different IP at the same time for 3 to 5 times per second attack, combined alone 9-25 times per second, each 1-6 hours in a IP, and IP and the previous record is not repeated. In this way, one is the site memory will suddenly be too large, lit; The second is to bring great instability to the network. Individual IP is blocked has always existed, I have tried to all unblocked, unblocked there are several IP attacks at the same time, even let the site seriously overloaded for a few minutes.
Now, to get started, why don't you stop the new attacks? After research, I found that 90% of the IP USES a new plan of attack: have smart can attack 2 minutes to stop 5 minutes take turns to attack, because my last process parameter is set to 600 seconds/conservative scheme, so, I change the parameters for 120 seconds 120 times of the new scheme, wrong kill rate of 0.5%, through the contrast of the log, I can analyze 120 seconds mistake and have not tried 120 times, 120 seconds more than one page is a freight due to network problem have a refresh for more than 1 back to customer, this is the reason why we trade background is not intelligent.
Finally, thank you for your comments, I will think about your comments. However, I this procedure is only a reference, according to local conditions, is not the best, can only be said to be human nature. Now I send the program again, only changed the time and times parameter, the new parameter has been able to catch 100% of the hackers IP, I tried for two days, caught 62 new IP, or the majority of Turkey.
Anti-ip attack code website ver2.0:
IP attack and start time, number of attacks, location note
125.165.1.42 -- 2010-11-19 02:02:19 -- / 10 Indonesia
125.165.26.186 -- 2010-11-19 16:56:45 -- / 1846 Indonesia
151.51.238.254 -- 2010-11-19:32:40 -- / 4581 Italy
151.76.40.182 -- 2010-11-19 11:58:37 -- / 4763 Rome, Italy
186.28.125.37 -- 2010-11-19 11:19:22 -- / 170 Colombia
186.28.131.122 -- 2010-11-19 11:28:43 -- / 22 Colombia
186.28.25.130 -- 11:30:20 -- / 1530 Colombia
188.3.1.108 -- 02:48:28 -- / 1699 Turkey
188.3.1.18 -- 2010-11-19 06:46:01 -- / 1358 Turkey
188.3.34.226 -- 17:07:02 -- / 1672 Turkey
190.24.50.228 -- 2010-11-19 12:26:38 -- / 2038 Colombia
190.24.83.82 -- 14:20:10 -- / 9169 Colombia
190.25.30.213 -- 2010-11-19 14:00:44 -- / 680 Columbia
190.26.29.130 -- Nov. 19, 2010 13:33:11 -- / 510 Colombia
190.27.115.101 -- 2010-11-19 13:53:48 -- / 340 Colombia
190.27.22.222 -- 2010-11-19 12:16:02 -- / 340 Colombia
201.244.113.165 -- 2010-11-19 11:25:55 -- / 170 Colombia
201.244.113.47 -- 11:24:56 -- / 147 Colombia
201.244.115.156 -- 10:13:56 -- / 2031 Colombia
201.244.119.228 -- 2010-11-19 13:50:05 -- / 170 Colombia
201.245.218.155 -- 13:30:30 -- / 21 Colombia
212.156.185.122 -- 08:40:36 -- / 16158 Turkey
78.160.106.60 -- 03:31:12 -- / 340 Turkey
78.162.67.77 -- 2010-11-19 04:26:24 -- / 3595 Turkish procedure caught
78.175.64.173 -- 02:00:08 -- / 2877 Turkey
78.176.178.76 -- 06:12:05 -- / 2370 Turkey
78.177.2.86 -- 13:24:29 -- / 196 Turkey
78.181.76.51 -- 16:04:29 -- / 600 Turkey
78.184.145.63 -- 2010-11-19 14:30:12 -- / 2542 Turkey
78.185.168.24 -- 2010-11-19 09:02:52 -- / 3877 Turkey
78.190.79.225 -- 2010-11-19 13:25:22 -- / 3300 Turkey
78.190.84.230 -- 2010-11-19 06:51:33 -- / 2719 Turkey
78.191.149.47 -- 08:34:34 -- / 8783 Turkey
78.191.233.108 -- 05:10:48 -- / 340 Turkey
78.191.94.126 -- 04:34:26 -- / 3091 Turkey
85.104.231.74 -- 08:03:53 -- / 3500 Turkey
85.104.49.60 -- 04:47:12 -- / 1037 Turkey
85.106.123.116 -- 13:35:45 -- / 68 Turkey
88.224.255.96 -- 07:18:59 -- / 3903 Turkey
88.228.138.65 -- 02:12:31 -- / 396 Turkey
88.228.66.5 -- 2010-11-19 10:44:26 -- / 2797 Turkey
88.229.12.40 -- 2010-11-19 06:57:46 -- / 6792 Turkey
88.234.193.11 -- 08:25:42 -- / 5895 Turkey
88.236.78.79 -- 2010-11-19 15:01:54 -- / 170 Turkey
88.238.26.12 -- 2010-11-19 05:21:46 -- / 473 Turkey
88.238.26.154 -- 2010-11-19 05:31:58 -- / 1683 Turkey
88.242.124.128 -- 2010-11-19 06:53:56 -- / 8401 Turkey
88.242.65.61 -- 2010-11-19 08:38:41 -- / 1204 Turkish program caught
94.122.20.157 -- 2010-11-1909:53:39 -- / 1917 Turkish American program caught
94.54.37.54 -- 2010-11-19 02:44:07 -- / 1096 Turkish American program caught
95.14.1.97 -- 08:30:10 -- / 167 Turkey and the United States
95.15.248.177 -- 2010-11-19 11:14:54 -- / 1454 Turkish American program has been caught
A total of 125,008, 172 in 15 seconds, and only 9,266.
The table is bad enough, our website was attacked 120000 times a day, if let it freeze, will bring the burden of web site of the network effect is obvious, the characteristics of the attack is when an attack is made up of 3-5 different IP at the same time for 3 to 5 times per second attack, combined alone 9-25 times per second, each 1-6 hours in a IP, and IP and the previous record is not repeated. In this way, one is the site memory will suddenly be too large, lit; The second is to bring great instability to the network. Individual IP is blocked has always existed, I have tried to all unblocked, unblocked there are several IP attacks at the same time, even let the site seriously overloaded for a few minutes.
Now, to get started, why don't you stop the new attacks? After research, I found that 90% of the IP USES a new plan of attack: have smart can attack 2 minutes to stop 5 minutes take turns to attack, because my last process parameter is set to 600 seconds/conservative scheme, so, I change the parameters for 120 seconds 120 times of the new scheme, wrong kill rate of 0.5%, through the contrast of the log, I can analyze 120 seconds mistake and have not tried 120 times, 120 seconds more than one page is a freight due to network problem have a refresh for more than 1 back to customer, this is the reason why we trade background is not intelligent.
Finally, thank you for your comments, I will think about your comments. However, I this procedure is only a reference, according to local conditions, is not the best, can only be said to be human nature. Now I send the program again, only changed the time and times parameter, the new parameter has been able to catch 100% of the hackers IP, I tried for two days, caught 62 new IP, or the majority of Turkey.
Anti-ip attack code website ver2.0:
<?php
//Query disable IP
$ip =$_SERVER['REMOTE_ADDR'];
$fileht=".htaccess2";
if(!file_exists($fileht))file_put_contents($fileht,"");
$filehtarr=@file($fileht);
if(in_array($ip."rn",$filehtarr))die("Warning:"."<br>"."Your IP address are forbided by Mydalle.com Anti-refresh mechanism, IF you have any question Pls emill to shop@mydalle.com!<br>(Mydalle.com Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");
//Add forbidden IP
$time=time();
$fileforbid="log/forbidchk.dat";
if(file_exists($fileforbid))
{ if($time-filemtime($fileforbid)>30)unlink($fileforbid);
else{
$fileforbidarr=@file($fileforbid);
if($ip==substr($fileforbidarr[0],0,strlen($ip)))
{
if($time-substr($fileforbidarr[1],0,strlen($time))>120)unlink($fileforbid);
elseif($fileforbidarr[2]>120){file_put_contents($fileht,$ip."rn",FILE_APPEND);unlink($fileforbid);}
else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);}
}
}
}
//The refresh
$str="";
$file="log/ipdate.dat";
if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777);
if(!file_exists($file))file_put_contents($file,"");
$allowTime = 60;//Anti-refresh time
$allowNum=5;//Anti-refresh times
$uri=$_SERVER['REQUEST_URI'];
$checkip=md5($ip);
$checkuri=md5($uri);
$yesno=true;
$ipdate=@file($file);
foreach($ipdate as $k=>$v)
{ $iptem=substr($v,0,32);
$uritem=substr($v,32,32);
$timetem=substr($v,64,10);
$numtem=substr($v,74);
if($time-$timetem<$allowTime){
if($iptem!=$checkip)$str.=$v;
else{
$yesno=false;
if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1rn";
elseif($numtem<$allowNum)$str.=$iptem.$uritem.$timetem.($numtem+1)."rn";
else
{
if(!file_exists($fileforbid)){$addforbidarr=array($ip."rn",time()."rn",1);file_put_contents($fileforbid,$addforbidarr);}
file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."rn",FILE_APPEND);
$timepass=$timetem+$allowTime-$time;
die("Warning:"."<br>"."Pls don't refresh too frequently, and wait for ".$timepass." seconds to continue, IF not your IP address will be forbided automatic by Mydalle.com Anti-refresh mechanism!<br>(Mydalle.com Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");
}
}
}
}
if($yesno) $str.=$checkip.$checkuri.$time."1rn";
file_put_contents($file,$str);
?>