Home > Article > Backend Development > Simple prevention of multiple malicious machine submission attacks
Simple prevention of multiple malicious machine submission attacks
- WBOYOriginal
- 2016-07-29 09:07:511082browse
The process of identifying and verifying ip is as follows;Let’s talk about the background first: the machine’s continuous sending of requests or malicious submissions will put a lot of pressure on the server; the best strategy for this kind of attack is to determine the number of submissions and generate a dynamic verification code
, that is,determine the IP within the specified time Send the pop-up verification code repeatedly for N times. The following is a simple process of identifying IP and using session recording and defense in practice.
- Identify ip
- ip belongs to the whitelist directly through [whitelist policy: intranet ip + designated ip table]
- Use session to store ip Request timestamp
- Verify the number of IP requests within the specified time
- Take corresponding measures
<code>/**
* 获取和校验ip;同时防止短时间内多次提交
*
* @notice :弹出验证码,需要替换掉echo $echo_str 即可。
* @return string :返回校验成功的ip
*/
protected function getAndCheckIP()
{
// 获取环境ip
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
// check 环境ip
if (!$this->isWhiteList($ip)) {
$echo_str = "提交过于频繁,请稍后再试!";
// 构建ip的时间栈数据
if (!is_array($_SESSION[$ip])) {
$_SESSION[$ip] = array();
}
if (isset($_SESSION[$ip][0])) {
$_SESSION[$ip][] = time();
// session 保存时间为6小时。清理session
$post_interval_first = time() - $_SESSION[$ip][0];
if ($post_interval_first > 21600) {
$_SESSION[$ip] = array();
}
// 两次提交小于1s,禁止提交
$post_interval_pre = time() - $_SESSION[$ip][count($_SESSION[$ip]) - 3];
if ($post_interval_pre < 1) {
echo $echo_str;
exit;
};
// 您在10s内已经提交了3请求,禁止提交
$post_interval_third = time() - $_SESSION[$ip][count($_SESSION[$ip]) - 3];
if (isset($_SESSION[$ip][3]) && ($post_interval_third < 10)) {
echo $echo_str;
exit;
}
// 您在1分钟期间已经提交了5请求,禁止提交
$post_interval_fifth = time() - $_SESSION[$ip][count($_SESSION[$ip]) - 3];
if (isset($_SESSION[$ip][5]) && ($post_interval_fifth < 60)) {
echo $echo_str;
exit;
}
// 6小时内提交10次,禁止提交
if (isset($_SESSION[$ip][10])) {
echo $echo_str;
exit;
}
} else {
$_SESSION[$ip][] = time();
}
}
return ($ip);
}
</code>Whitelist strategyThe whitelist strategy adopts: intranet IP release and specific IP release<code>/**
* 检验是否存在于白名单中
*
* @param $ip :校验的ip
* @return bool :校验结果
*/
function isWhiteList($ip){
/**
* 内网ip默认全部存在于白名单中
*/
if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)){
return true;
}
// 是否在写死的whitelist 里面
return in_array($ip,$this->_WHTTE_LIST);
}
</code> Anti-attack strategy Xiaoya adopts a relatively simple strategy, such as the above code, which can be combined with business needs in the actual process.
- No repeated submissions within 1s
- Maximum submission 3 times within 5s
- Maximum submission 5 times within 60s
- Maximum submission 10 times within 6 hours
The above introduces the simple prevention of multiple malicious submission attacks on the machine, including aspects of the attack. I hope it will be helpful to friends who are interested in PHP tutorials.
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:php教程之配置文件详解(十一)Next article:阿里云服务器使用OneinStack的lnmp一键安装包后查看nginx的并发数