Home >Backend Development >PHP Tutorial >PHP anti-attack code upgraded version_PHP tutorial
不过最近几天突然糟糕了起来,有90%的攻击已经没法拦截,请看下图一天的统计:
IP攻击及开始时间 | 攻击次数 | 地点 | 备注 |
125.165.1.42--2010-11-19 02:02:19--/ | 10 | 印度尼西亚 | |
125.165.26.186--2010-11-19 16:56:45--/ | 1846 | 印度尼西亚 | |
151.51.238.254--2010-11-19 09:32:40--/ | 4581 | 意大利 | |
151.76.40.182--2010-11-19 11:58:37--/ | 4763 | 意大利 罗马 | |
186.28.125.37--2010-11-19 11:19:22--/ | 170 | 哥伦比亚 | |
186.28.131.122--2010-11-19 11:28:43--/ | 22 | 哥伦比亚 | |
186.28.25.130--2010-11-19 11:30:20--/ | 1530 | 哥伦比亚 | |
188.3.1.108--2010-11-19 02:48:28--/ | 1699 | 土耳其 | |
188.3.1.18--2010-11-19 06:46:01--/ | 1358 | 土耳其 | |
188.3.34.226--2010-11-19 17:07:02--/ | 1672 | 土耳其 | |
190.24.50.228--2010-11-19 12:26:38--/ | 2038 | 哥伦比亚 | |
190.24.83.82--2010-11-19 14:20:10--/ | 9169 | 哥伦比亚 | |
190.25.30.213--2010-11-19 14:00:44--/ | 680 | 哥伦比亚 | |
190.26.29.130--2010-11-19 13:33:11--/ | 510 | 哥伦比亚 | |
190.27.115.101--2010-11-19 13:53:48--/ | 340 | 哥伦比亚 | |
190.27.22.222--2010-11-19 12:16:02--/ | 340 | 哥伦比亚 | |
201.244.113.165--2010-11-19 11:25:55--/ | 170 | 哥伦比亚 | |
201.244.113.47--2010-11-19 11:24:56--/ | 147 | 哥伦比亚 | |
201.244.115.156--2010-11-19 10:13:56--/ | 2031 | 哥伦比亚 | |
201.244.119.228--2010-11-19 13:50:05--/ | 170 | 哥伦比亚 | |
201.245.218.155--2010-11-19 13:30:30--/ | 21 | 哥伦比亚 | |
212.156.185.122--2010-11-19 08:40:36--/ | 16158 | 土耳其 | |
78.160.106.60--2010-11-19 03:31:12--/ | 340 | 土耳其 | |
78.162.67.77--2010-11-19 04:26:24--/ | 3595 | 土耳其 | 程序已抓 |
78.175.64.173--2010-11-19 02:00:08--/ | 2877 | 土耳其 | |
78.176.178.76--2010-11-19 06:12:05--/ | 2370 | 土耳其 | |
78.177.2.86--2010-11-19 13:24:29--/ | 196 | 土耳其 | |
78.181.76.51--2010-11-19 16:04:29--/ | 600 | 土耳其 | |
78.184.145.63--2010-11-19 14:30:12--/ | 2542 | 土耳其 | |
78.185.168.24--2010-11-19 09:02:52--/ | 3877 | 土耳其 | |
78.190.79.225--2010-11-19 13:25:22--/ | 3300 | 土耳其 | |
78.190.84.230--2010-11-19 06:51:33--/ | 2719 | 土耳其 | |
78.191.149.47--2010-11-19 08:34:34--/ | 8783 | 土耳其 | |
78.191.233.108--2010-11-19 05:10:48--/ | 340 | 土耳其 | |
78.191.94.126--2010-11-19 04:34:26--/ | 3091 | 土耳其 | |
85.104.231.74--2010-11-19 08:03:53--/ | 3500 | 土耳其 | |
85.104.49.60--2010-11-19 04:47:12--/ | 1037 | 土耳其 | |
85.106.123.116--2010-11-19 13:35:45--/ | 68 | 土耳其 | |
88.224.255.96--2010-11-19 07:18:59--/ | 3903 | 土耳其 | |
88.228.138.65--2010-11-19 02:12:31--/ | 396 | 土耳其 | |
88.228.66.5--2010-11-19 10:44:26--/ | 2797 | 土耳其 | |
88.229.12.40--2010-11-19 06:57:46--/ | 6792 | 土耳其 | |
88.234.193.11--2010-11-19 08:25:42--/ | 5895 | 土耳其 | |
88.236.78.79--2010-11-19 15:01:54--/ | 170 | 土耳其 | |
88.238.26.12--2010-11-19 05:21:46--/ | 473 | 土耳其 | |
88.238.26.154--2010-11-19 05:31:58--/ | 1683 | 土耳其 | |
88.242.124.128--2010-11-19 06:53:56--/ | 8401 | 土耳其 | |
88.242.65.61--2010-11-19 08:38:41--/ | 1204 | 土耳其 | 程序已抓 |
94.122.20.157--2010-11-19 09:53:39--/ | 1917 | 土耳其 美国 | 程序已抓 |
94.54.37.54--2010-11-19 02:44:07--/ | 1096 | 土耳其 美国 | 程序已抓 |
95.14.1.97--2010-11-19 08:30:10--/ | 167 | 土耳其 美国 | |
95.15.248.177--2010-11-19 11:14:54--/ | 1454 | 土耳其 美国 | 程序已抓 |
共125008次,快的15秒172次,只抓9266次。 |
This table is bad enough. Our website was attacked 120,000 times a day. If we let it go unchecked, the impact on the speed of the website will be obvious. The characteristics of this attack are that every When an attack is launched, 3-5 different IPs will attack at the same time at a rate of 3-5 times per second, totaling 9-25 times per second, and the IP will be changed every 1-6 hours, and IP and previous records are not duplicated. In this way, firstly, the website memory will suddenly be too large and the light will turn on; secondly, it will bring great instability to the network. Some IPs have been blocked and have always existed. I tried to unblock them all. Once unblocked, several IPs attacked at the same time, which even seriously overloaded the website for several minutes.
Now, let’s start the topic of this issue, why can’t we block new attacks? After research, I found that 90% of the IPs adopted a new attack plan: they can intelligently attack in turns with a 2-minute pause and a 5-minute pause. Since my last program parameters were set to a conservative plan of 600 seconds/period, I changed the parameters to a new solution of 120 times in 120 seconds, and the false kill rate was within 0.5%. After comparing the logs, I can analyze that 120 false kills in 120 seconds has never been tried, and more than 1 time in 120 seconds is only one. One customer refreshed the freight page one more time due to network problems. This is mostly because our transaction backend is not intelligent enough.
Finally, thank you all for your messages. I will think about your messages. However, my program is just a reference. It is not the best as it is adapted to local conditions. It can only be said to be humane. Now I sent the program again and only changed the time and frequency parameters. The new parameters can already capture 100% of those hacker IPs. I tested it for two days and captured 62 new IPs, mostly from Turkey.
Anti-IP attack code website ver2.0: