Some issues about preventing ticket fraud, some issues about preventing ticket fraud

Home

Backend Development

PHP Tutorial

Some issues about preventing ticket fraud, some issues about preventing ticket fraud_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 12, 2016 am 09:04 AM

aboutofquestionAnti-brushproblem

关于防刷票的一些问题，防刷票一些问题

刷票行为，一直以来都是个难题，无法从根本上防止。

但是我们可以尽量减少刷票的伤害，比如：通过人为增加的逻辑限制。

基于 PHP，下面介绍防刷票的一些技巧：

1、使用CURL进行信息伪造

$ch = curl_init();  
curl_setopt($ch, CURLOPT_URL, "http://localhost/2.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:8.8.8.8', 'CLIENT-IP:8.8.8.8'));
curl_setopt($ch, CURLOPT_REFERER, "http://localhost/ ");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.0)");
$out = curl_exec($ch);  
curl_close($ch);

2、`验证码`：采用非常复杂的验证码

确切的说验证码的出现不是针对于人，而是针对于机器。通过复杂度和识别难易度的控制来阻拦掉一部分刷票机，从而减少刷票的发生。但随着软件技术、识别技术的发展越来越多的验证码面对着先进的刷票软件也失去了其防范的作用、但是专业刷票机可以攻破。如果不用验证码，投票基本就歇菜了，验证码获取方式，采用异步加载，即点击输入框时，才去请求，投票成功后，删除验证码的 Session

3、`限时投票`

比如：从早8点至晚23 点

4、设置`投票间隔`

用户投票后，需要隔多长时间才能继续投。

很多投票站点基本上都有这个限制，但是对于更改 IP的攻击，就没办法了

5、`投票结果展示`：延迟展示，友好展示

页面上投票，JS 立马加1，但是刷新页面，不一定立马展示最新投票结果，返回状态给页面（感谢您的投票！或者投票成功！至于有没有成功，另说了！）

6、`扣量逻辑`：常见于一些软件评选之类的投票

这是个杀手锏，后台跑脚本实时监控异常增长（刷票）的项，然后实施扣量逻辑
即对于这个项，投 10 票才算一票

7、`Cookie`：常用的手段。比较低级

投票后，在客户端写入 Cookie，下次投票时判断 Cookie 是否存在
但是，这种方式非常容易攻破，因为 Cookie 可删除

8、`加密选项 ID`：对一些投票选项的ID，进行随机加密

加密算法，加Salt，并且设置有效时间，比如5分钟内
服务器端进行解密并且验证

9、nginx限制链接数

ngx_http_limit_conn_module
ngx_http_limit_req_module
nginx_limit_speed_module

可以使用这三个模块来限制，不过这不是一个好的解决方法

10、iptables限制

/sbin/iptables -A INPUT -p tcp --dport 80 --syn -m recent --name webpool --rcheck --seconds 60 --hitcount 10 -j DROP 
/sbin/iptables -A INPUT -p tcp --dport 80 --syn -m recent --name webpool --set -j ACCEPT
/sbin/iptables -t filter -A INPUT -p tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 10 --connlimit-mask
 32 -j REJECT

具体脚本

#!/bin/bash
# Date: 2015-09-29
# # Author: cpz@erongtu.com

shopt -s -o nounset
export PATH=/usr/bin/:/bin

iptables_log="/tmp/iptables_conf.log"

/sbin/iptables -A INPUT -p tcp --dport 80 --syn -m recent --name webpool --rcheck --seconds 60 --hitcount 10 -j DROP 
/sbin/iptables -A INPUT -p tcp --dport 80 --syn -m recent --name webpool --set -j ACCEPT
/sbin/iptables -t filter -A INPUT -p tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 10 --connlimit-mask 32 -j REJECT

while [ true ]; do

    #sleep 1
    for IP in `netstat -an | grep -i ':80 '|grep 'ESTAB' | awk '{print $5}' | cut -d : -f 1 | sort | uniq -c | awk '{if($1 > 30 && $2!="127.0.0.1" ) {print $2}}'`
    do
        /sbin/iptables -L -n  | grep  $IP >/dev/null || /sbin/iptables -A INPUT -p tcp --dport 80 -s $IP -j DROP
        echo "/sbin/iptables -A INPUT -p tcp  -s $IP -j DROP" >> ${iptables_log}
    done
done

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Performance Tuning for High Traffic WebsitesMay 14, 2025 am 12:13 AM

ThesecrettokeepingaPHP-poweredwebsiterunningsmoothlyunderheavyloadinvolvesseveralkeystrategies:1)ImplementopcodecachingwithOPcachetoreducescriptexecutiontime,2)UsedatabasequerycachingwithRedistolessendatabaseload,3)LeverageCDNslikeCloudflareforservin

Dependency Injection in PHP: Code Examples for BeginnersMay 14, 2025 am 12:08 AM

You should care about DependencyInjection(DI) because it makes your code clearer and easier to maintain. 1) DI makes it more modular by decoupling classes, 2) improves the convenience of testing and code flexibility, 3) Use DI containers to manage complex dependencies, but pay attention to performance impact and circular dependencies, 4) The best practice is to rely on abstract interfaces to achieve loose coupling.

PHP Performance: is it possible to optimize the application?May 14, 2025 am 12:04 AM

Yes,optimizingaPHPapplicationispossibleandessential.1)ImplementcachingusingAPCutoreducedatabaseload.2)Optimizedatabaseswithindexing,efficientqueries,andconnectionpooling.3)Enhancecodewithbuilt-infunctions,avoidingglobalvariables,andusingopcodecaching

PHP Performance Optimization: The Ultimate GuideMay 14, 2025 am 12:02 AM

ThekeystrategiestosignificantlyboostPHPapplicationperformanceare:1)UseopcodecachinglikeOPcachetoreduceexecutiontime,2)Optimizedatabaseinteractionswithpreparedstatementsandproperindexing,3)ConfigurewebserverslikeNginxwithPHP-FPMforbetterperformance,4)

PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AM

APHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.

Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AM

Select DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.

PHP performance optimization strategies.May 13, 2025 am 12:06 AM

PHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi

PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AM

PHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055612 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Nordhold: Fusion System, Explained

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Hot Topics

Java Tutorial

1673

CakePHP Tutorial

1429

Laravel Tutorial

1333