Heim >php教程 >php手册 >php网站防止刷流量攻击方法

php网站防止刷流量攻击方法

WBOY
WBOYOriginal
2016-05-25 16:41:111379Durchsuche

流量攻击是一种比较初级的网站攻击方法,就是不停的去刷样网站,导致服务器处理不过来或数据库负载不了,导致网站无法正常方法的一种攻击手段了,下面我来介绍一个利用php防网站刷流量攻击方法.

php网站防止刷流量攻击方法实例代码如下:

<?php
//查询禁止IP
$ip = $_SERVER[&#39;REMOTE_ADDR&#39;];
$fileht = ".htaccess2";
if (!file_exists($fileht)) file_put_contents($fileht, "");
$filehtarr = @file($fileht);
if (in_array($ip . "rn", $filehtarr)) die("Warning:" . "<br>" . "Your IP address are forbided by some reason, IF you have any question Pls emill to shop@mydalle.com!");
//加入禁止IP
$time = time();
$fileforbid = "log/forbidchk.dat";
if (file_exists($fileforbid)) {
    if ($time - filemtime($fileforbid) > 60) unlink($fileforbid);
    else {
        $fileforbidarr = @file($fileforbid);
        if ($ip == substr($fileforbidarr[0], 0, strlen($ip))) {
            if ($time - substr($fileforbidarr[1], 0, strlen($time)) > 600) unlink($fileforbid);
            elseif ($fileforbidarr[2] > 600) {
                file_put_contents($fileht, $ip . "rn", FILE_APPEND);
                unlink($fileforbid);
            } else {
                $fileforbidarr[2]++;
                file_put_contents($fileforbid, $fileforbidarr);
            }
        }
    }
}
//防刷新
$str = "";
$file = "log/ipdate.dat";
if (!file_exists("log") && !is_dir("log")) mkdir("log", 0777);
if (!file_exists($file)) file_put_contents($file, "");
$allowTime = 120; //防刷新时间
$allowNum = 10; //防刷新次数
$uri = $_SERVER[&#39;REQUEST_URI&#39;];
$checkip = md5($ip);
$checkuri = md5($uri);
$yesno = true;
$ipdate = @file($file);
foreach ($ipdate as $k => $v) {
    $iptem = substr($v, 0, 32);
    $uritem = substr($v, 32, 32);
    $timetem = substr($v, 64, 10);
    $numtem = substr($v, 74);
    if ($time - $timetem < $allowTime) {
        if ($iptem != $checkip) $str.= $v;
        else {
            $yesno = false;
            if ($uritem != $checkuri) $str.= $iptem . $checkuri . $time . "1rn";
            elseif ($numtem < $allowNum) $str.= $iptem . $uritem . $timetem . ($numtem + 1) . "rn";
            else {
                if (!file_exists($fileforbid)) {
                    $addforbidarr = array(
                        $ip . "rn",
                        time() . "rn",
                        1
                    );
                    file_put_contents($fileforbid, $addforbidarr);
                }
                file_put_contents("log/forbided_ip.log", $ip . "--" . date("Y-m-d H:i:s", time()) . "--" . $uri . "rn", FILE_APPEND);
                $timepass = $timetem + $allowTime - $time;
                die("Warning:" . "<br>" . "Sorry,you are forbided by refreshing frequently too much, Pls wait for " . $timepass . " seconds to continue!");
            } //开源代码phprm.com
            
        }
    }
}
if ($yesno) $str.= $checkip . $checkuri . $time . "1rn";
file_put_contents($file, $str);
?>

利用session 跟踪防post提交,代码如下:

<?php
session_start();
$clean = array();
$email_pattern = &#39;/^[^@s<&>]+@([-a-z0-9]+.)+[a-z]{2,}$/i&#39;;
if (preg_match($email_pattern, $_POST[&#39;email&#39;])) {
    $clean[&#39;email&#39;] = $_POST[&#39;email&#39;];
    $user = $_SESSION[&#39;user&#39;];
    $new_password = md5(uniqid(rand() , TRUE));
    if ($_SESSION[&#39;verified&#39;]) {
        /* Update Password */
        mail($clean[&#39;email&#39;], &#39;Your New Password&#39;, $new_password);
    }
}
?>


Stellungnahme:
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn