Home  >  Article  >  php教程  >  php网站防止刷流量攻击方法

php网站防止刷流量攻击方法

WBOY
WBOYOriginal
2016-05-25 16:41:111350browse

流量攻击是一种比较初级的网站攻击方法,就是不停的去刷样网站,导致服务器处理不过来或数据库负载不了,导致网站无法正常方法的一种攻击手段了,下面我来介绍一个利用php防网站刷流量攻击方法.

php网站防止刷流量攻击方法实例代码如下:

<?php
//查询禁止IP
$ip = $_SERVER[&#39;REMOTE_ADDR&#39;];
$fileht = ".htaccess2";
if (!file_exists($fileht)) file_put_contents($fileht, "");
$filehtarr = @file($fileht);
if (in_array($ip . "rn", $filehtarr)) die("Warning:" . "<br>" . "Your IP address are forbided by some reason, IF you have any question Pls emill to shop@mydalle.com!");
//加入禁止IP
$time = time();
$fileforbid = "log/forbidchk.dat";
if (file_exists($fileforbid)) {
    if ($time - filemtime($fileforbid) > 60) unlink($fileforbid);
    else {
        $fileforbidarr = @file($fileforbid);
        if ($ip == substr($fileforbidarr[0], 0, strlen($ip))) {
            if ($time - substr($fileforbidarr[1], 0, strlen($time)) > 600) unlink($fileforbid);
            elseif ($fileforbidarr[2] > 600) {
                file_put_contents($fileht, $ip . "rn", FILE_APPEND);
                unlink($fileforbid);
            } else {
                $fileforbidarr[2]++;
                file_put_contents($fileforbid, $fileforbidarr);
            }
        }
    }
}
//防刷新
$str = "";
$file = "log/ipdate.dat";
if (!file_exists("log") && !is_dir("log")) mkdir("log", 0777);
if (!file_exists($file)) file_put_contents($file, "");
$allowTime = 120; //防刷新时间
$allowNum = 10; //防刷新次数
$uri = $_SERVER[&#39;REQUEST_URI&#39;];
$checkip = md5($ip);
$checkuri = md5($uri);
$yesno = true;
$ipdate = @file($file);
foreach ($ipdate as $k => $v) {
    $iptem = substr($v, 0, 32);
    $uritem = substr($v, 32, 32);
    $timetem = substr($v, 64, 10);
    $numtem = substr($v, 74);
    if ($time - $timetem < $allowTime) {
        if ($iptem != $checkip) $str.= $v;
        else {
            $yesno = false;
            if ($uritem != $checkuri) $str.= $iptem . $checkuri . $time . "1rn";
            elseif ($numtem < $allowNum) $str.= $iptem . $uritem . $timetem . ($numtem + 1) . "rn";
            else {
                if (!file_exists($fileforbid)) {
                    $addforbidarr = array(
                        $ip . "rn",
                        time() . "rn",
                        1
                    );
                    file_put_contents($fileforbid, $addforbidarr);
                }
                file_put_contents("log/forbided_ip.log", $ip . "--" . date("Y-m-d H:i:s", time()) . "--" . $uri . "rn", FILE_APPEND);
                $timepass = $timetem + $allowTime - $time;
                die("Warning:" . "<br>" . "Sorry,you are forbided by refreshing frequently too much, Pls wait for " . $timepass . " seconds to continue!");
            } //开源代码phprm.com
            
        }
    }
}
if ($yesno) $str.= $checkip . $checkuri . $time . "1rn";
file_put_contents($file, $str);
?>

利用session 跟踪防post提交,代码如下:

<?php
session_start();
$clean = array();
$email_pattern = &#39;/^[^@s<&>]+@([-a-z0-9]+.)+[a-z]{2,}$/i&#39;;
if (preg_match($email_pattern, $_POST[&#39;email&#39;])) {
    $clean[&#39;email&#39;] = $_POST[&#39;email&#39;];
    $user = $_SESSION[&#39;user&#39;];
    $new_password = md5(uniqid(rand() , TRUE));
    if ($_SESSION[&#39;verified&#39;]) {
        /* Update Password */
        mail($clean[&#39;email&#39;], &#39;Your New Password&#39;, $new_password);
    }
}
?>


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn