PHP anti attack code upgrade
- 2020-03-31 21:22:29
- OfStack
The table is bad enough, our website was attacked 120000 times a day, if let it freeze, will bring the burden of web site of the network effect is obvious, the characteristics of the attack is when an attack is made up of 3-5 different IP at the same time for 3 to 5 times per second attack, combined alone 9-25 times per second, each 1-6 hours in a IP, and IP and the previous record is not repeated. In this way, one is the site memory will suddenly be too large, lit; The second is to bring great instability to the network. Individual IP is blocked has always existed, I have tried to all unblocked, unblocked there are several IP attacks at the same time, even let the site seriously overloaded for a few minutes.
Now, to get started, why don't you stop the new attacks? After research, I found that 90% of the IP USES a new plan of attack: have smart can attack 2 minutes to stop 5 minutes take turns to attack, because my last process parameter is set to 600 seconds/conservative scheme, so, I change the parameters for 120 seconds 120 times of the new scheme, wrong kill rate of 0.5%, through the contrast of the log, I can analyze 120 seconds mistake and have not tried 120 times, 120 seconds more than one page is a freight due to network problem have a refresh for more than 1 back to customer, this is the reason why we trade background is not intelligent.
Finally, thank you for your comments, I will think about your comments. However, I this procedure is only a reference, according to local conditions, is not the best, can only be said to be human nature. Now I send the program again, only changed the time and times parameter, the new parameter has been able to catch 100% of the hackers IP, I tried for two days, caught 62 new IP, or the majority of Turkey.
Anti-ip attack code website ver2.0:
<?php
//Query disable IP
$ip =$_SERVER['REMOTE_ADDR'];
$fileht=".htaccess2";
if(!file_exists($fileht))file_put_contents($fileht,"");
$filehtarr=@file($fileht);
if(in_array($ip."rn",$filehtarr))die("Warning:"."<br>"."Your IP address are forbided by Mydalle.com Anti-refresh mechanism, IF you have any question Pls emill to shop@mydalle.com!<br>(Mydalle.com Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");
//Add forbidden IP
$time=time();
$fileforbid="log/forbidchk.dat";
if(file_exists($fileforbid))
{ if($time-filemtime($fileforbid)>30)unlink($fileforbid);
else{
$fileforbidarr=@file($fileforbid);
if($ip==substr($fileforbidarr[0],0,strlen($ip)))
{
if($time-substr($fileforbidarr[1],0,strlen($time))>120)unlink($fileforbid);
elseif($fileforbidarr[2]>120){file_put_contents($fileht,$ip."rn",FILE_APPEND);unlink($fileforbid);}
else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);}
}
}
}
//The refresh
$str="";
$file="log/ipdate.dat";
if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777);
if(!file_exists($file))file_put_contents($file,"");
$allowTime = 60;//Anti-refresh time
$allowNum=5;//Anti-refresh times
$uri=$_SERVER['REQUEST_URI'];
$checkip=md5($ip);
$checkuri=md5($uri);
$yesno=true;
$ipdate=@file($file);
foreach($ipdate as $k=>$v)
{ $iptem=substr($v,0,32);
$uritem=substr($v,32,32);
$timetem=substr($v,64,10);
$numtem=substr($v,74);
if($time-$timetem<$allowTime){
if($iptem!=$checkip)$str.=$v;
else{
$yesno=false;
if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1rn";
elseif($numtem<$allowNum)$str.=$iptem.$uritem.$timetem.($numtem+1)."rn";
else
{
if(!file_exists($fileforbid)){$addforbidarr=array($ip."rn",time()."rn",1);file_put_contents($fileforbid,$addforbidarr);}
file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."rn",FILE_APPEND);
$timepass=$timetem+$allowTime-$time;
die("Warning:"."<br>"."Pls don't refresh too frequently, and wait for ".$timepass." seconds to continue, IF not your IP address will be forbided automatic by Mydalle.com Anti-refresh mechanism!<br>(Mydalle.com Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");
}
}
}
}
if($yesno) $str.=$checkip.$checkuri.$time."1rn";
file_put_contents($file,$str);
?>