Methods to prevent brush traffic attacks on PHP websites_PHP tutorial

Traffic attack is a relatively basic website attack method. It is an attack method that constantly brushes the website, causing the server to be unable to process or the database to be loaded, causing the website to be unable to operate normally. I will introduce it below. A method to use php to prevent website traffic attacks.

//Add banned IP
$time=time();
$fileforbid="log/forbidchk.dat";
if(file_exists($fileforbid))
{ if($time-filemtime($fileforbid)>60)unlink($fileforbid);
else{
$fileforbidarr=@file($fileforbid);
if($ip==substr($fileforbidarr[0],0,strlen($ip)))
{
if($time-substr($fileforbidarr[1],0,strlen($time))>600)unlink($fileforbid);
elseif($fileforbidarr[2]>600){file_put_contents($fileht,$ip."rn",FILE_APPEND);unlink($fileforbid);}
else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);}
}
}
}
//Anti-refresh
$str="";
$file="log/ipdate.dat";
if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777);
if(!file_exists($file))file_put_contents($file,"");
$allowTime = 120;//Anti-refresh time
$allowNum=10;//Number of anti-refresh
$uri=$_SERVER['REQUEST_URI'];
$checkip=md5($ip);
$checkuri=md5($uri);
$yesno=true;
$ipdate=@file($file);
foreach($ipdate as $k=>$v)
{ $iptem=substr($v,0,32);
$uritem=substr($v,32,32);
$timetem=substr($v,64,10);
$numtem=substr($v,74);
if($time-$timetem<$allowTime){
if($iptem!=$checkip)$str.=$v;
else{
$yesno=false;
if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1rn";
elseif($numtem<$allowNum)$str.=$iptem.$uritem.$timetem.($numtem+1)."rn";
else
{
if(!file_exists($fileforbid)){$addforbidarr=array($ip."rn",time()."rn",1);file_put_contents($fileforbid,$addforbidarr);}
file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."rn",FILE_APPEND);< br /> $timepass=$timetem+$allowTime-$time;
die("Warning:"."
"."Sorry, you are forbided by refreshing frequently too much, Pls wait for ".$timepass." seconds to continue!");
}
}
}
}
if($yesno) $str.=$checkip.$checkuri.$time."1rn";
file_put_contents($file,$str);
?>

The code is as follows

代码如下

复制代码

//查询禁止IP $ip =$_SERVER['REMOTE_ADDR']; $fileht=".htaccess2"; if(!file_exists($fileht))file_put_contents($fileht,""); $filehtarr=@file($fileht); if(in_array($ip."rn",$filehtarr))die("Warning:"." "."Your IP address are forbided by some reason, IF you have any question Pls emill to shop@mydalle.com!"); //加入禁止IP $time=time(); $fileforbid="log/forbidchk.dat"; if(file_exists($fileforbid)) { if($time-filemtime($fileforbid)>60)unlink($fileforbid); else{ $fileforbidarr=@file($fileforbid); if($ip==substr($fileforbidarr[0],0,strlen($ip))) { if($time-substr($fileforbidarr[1],0,strlen($time))>600)unlink($fileforbid); elseif($fileforbidarr[2]>600){file_put_contents($fileht,$ip."rn",FILE_APPEND);unlink($fileforbid);} else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);} } } } //防刷新 $str=""; $file="log/ipdate.dat"; if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777); if(!file_exists($file))file_put_contents($file,""); $allowTime = 120;//防刷新时间 $allowNum=10;//防刷新次数 $uri=$_SERVER['REQUEST_URI']; $checkip=md5($ip); $checkuri=md5($uri); $yesno=true; $ipdate=@file($file); foreach($ipdate as $k=>$v) { $iptem=substr($v,0,32); $uritem=substr($v,32,32); $timetem=substr($v,64,10); $numtem=substr($v,74); if($time-$timetem<$allowTime){ if($iptem!=$checkip)$str.=$v; else{ $yesno=false; if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1rn"; elseif($numtem<$allowNum)$str.=$iptem.$uritem.$timetem.($numtem+1)."rn"; else { if(!file_exists($fileforbid)){$addforbidarr=array($ip."rn",time()."rn",1);file_put_contents($fileforbid,$addforbidarr);} file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."rn",FILE_APPEND); $timepass=$timetem+$allowTime-$time; die("Warning:"." "."Sorry,you are forbided by refreshing frequently too much, Pls wait for ".$timepass." seconds to continue!"); } } } } if($yesno) $str.=$checkip.$checkuri.$time."1rn"; file_put_contents($file,$str); ?>

Copy code

代码如下	复制代码
session_start(); $clean = array(); $email_pattern = '/^[^@s<&>]+@([-a-z0-9]+.)+[a-z]{2,}$/i'; if (preg_match($email_pattern, $_POST['email'])) { $clean['email'] = $_POST['email']; $user = $_SESSION['user']; $new_password = md5(uniqid(rand(), TRUE)); if ($_SESSION['verified']) { /* Update Password */ mail($clean['email'], 'Your New Password', $new_password); } } ?>

//Query banned IP
$ip =$_SERVER['REMOTE_ADDR'];
$fileht=".htaccess2";
if(!file_exists($fileht))file_put_contents($fileht,"");
$filehtarr=@file($fileht);
if(in_array($ip."rn",$filehtarr))die("Warning:"."
"."Your IP address are forbided by some reason, IF you have any question Pls emill to shop@mydalle .com!");

Use session tracking to prevent post submission

The code is as follows

Copy code

session_start(); $clean = array(); $email_pattern = '/^[^@s<&>]+@([-a-z0-9]+.)+[a-z]{2,}$/i'; if (preg_match($email_pattern, $_POST['email'])) { $clean['email'] = $_POST['email']; $user = $_SESSION['user']; $new_password = md5(uniqid(rand(), TRUE)); if ($_SESSION['verified']) { /* Update Password */ mail($clean['email'], 'Your New Password', $new_password); } } ?> http://www.bkjia.com/PHPjc/629634.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629634.htmlTechArticleTraffic attack is a relatively basic website attack method, which is to constantly brush the website, causing the server to process It cannot be accessed or the database cannot be loaded, causing the website to be unable to function normally...