But in the last few days it's been a bad day, with 90% of attacks that can't be intercepted, take a look at the stats:
IP attack and start time |
Number of attacks |
Place |
Note |
125.165.1.42--2010-11-19 02:02:19--/ |
10 |
Indonesia |
|
125.165.26.186--2010-11-19 16:56:45--/ |
1846 |
Indonesia |
|
151.51.238.254--2010-11-19 09:32:40--/ |
4581 |
Italy |
|
151.76.40.182--2010-11-19 11:58:37--/ |
4763 |
Rome, Italy |
|
186.28.125.37--2010-11-19 11:19:22--/ |
170 |
Colombia |
|
186.28.131.122--2010-11-19 11:28:43--/ |
22 |
Colombia |
|
186.28.25.130--2010-11-19 11:30:20--/ |
1530 |
Colombia |
|
188.3.1.108--2010-11-19 02:48:28--/ |
1699 |
Turkey |
|
188.3.1.18--2010-11-19 06:46:01--/ |
1358 |
Turkey |
|
188.3.34.226--2010-11-19 17:07:02--/ |
1672 |
Turkey |
|
190.24.50.228--2010-11-19 12:26:38--/ |
2038 |
Colombia |
|
190.24.83.82--2010-11-19 14:20:10--/ |
9169 |
Colombia |
|
190.25.30.213--2010-11-19 14:00:44--/ |
680 |
Colombia |
|
190.26.29.130--2010-11-19 13:33:11--/ |
510 |
Colombia |
|
190.27.115.101--2010-11-19 13:53:48--/ |
340 |
Colombia |
|
190.27.22.222--2010-11-19 12:16:02--/ |
340 |
Colombia |
|
201.244.113.165--2010-11-19 11:25:55--/ |
170 |
Colombia |
|
201.244.113.47--2010-11-19 11:24:56--/ |
147 |
Colombia |
|
201.244.115.156--2010-11-19 10:13:56--/ |
2031 |
Colombia |
|
201.244.119.228--2010-11-19 13:50:05--/ |
170 |
Colombia |
|
201.245.218.155--2010-11-19 13:30:30--/ |
21st |
Colombia |
|
212.156.185.122--2010-11-19 08:40:36--/ |
16158 |
Turkey |
|
78.160.106.60--2010-11-19 03:31:12--/ |
340 |
Turkey |
|
78.162.67.77--2010-11-19 04:26:24--/ |
3595 |
Turkey |
Program has been caught |
78.175.64.173--2010-11-19 02:00:08--/ |
2877 |
Turkey |
|
78.176.178.76--2010-11-19 06:12:05--/ |
2370 |
Turkey |
|
78.177.2.86--2010-11-19 13:24:29--/ |
196 |
Turkey |
|
78.181.76.51--2010-11-19 16:04:29--/ |
600 |
Turkey |
|
78.184.145.63--2010-11-19 14:30:12--/ |
2542 |
Turkey |
|
78.185.168.24--2010-11-19 09:02:52--/ |
3877 |
Turkey |
|
78.190.79.225--2010-11-19 13:25:22--/ |
3300 |
Turkey |
|
78.190.84.230--2010-11-19 06:51:33--/ |
2719 |
Turkey |
|
78.191.149.47--2010-11-19 08:34:34--/ |
8783 |
Turkey |
|
78.191.233.108--2010-11-19 05:10:48--/ |
340 |
Turkey |
|
78.191.94.126--2010-11-19 04:34:26--/ |
3091 |
Turkey |
|
85.104.231.74--2010-11-19 08:03:53--/ |
3500 |
Turkey |
|
85.104.49.60--2010-11-19 04:47:12--/ |
1037 |
Turkey |
|
85.106.123.116--2010-11-19 13:35:45--/ |
68 |
Turkey |
|
88.224.255.96--2010-11-19 07:18:59--/ |
3903 |
Turkey |
|
88.228.138.65--2010-11-19 02:12:31--/ |
396 |
Turkey |
|
88.228.66.5--2010-11-19 10:44:26--/ |
2797 |
Turkey |
|
88.229.12.40--2010-11-19 06:57:46--/ |
6792 |
Turkey |
|
88.234.193.11--2010-11-19 08:25:42--/ |
5895 |
Turkey |
|
88.236.78.79--2010-11-19 15:01:54--/ |
170 |
Turkey |
|
88.238.26.12--2010-11-19 05:21:46--/ |
473 |
Turkey |
|
88.238.26.154--2010-11-19 05:31:58--/ |
1683 |
Turkey |
|
88.242.124.128--2010-11-19 06:53:56--/ |
8401 |
Turkey |
|
88.242.65.61--2010-11-19 08:38:41--/ |
160° |
Turkey |
Program has been caught |
94.122.20.157--2010-11-19 09:53:39--/ |
1917 |
Turkey USA |
Program has been caught |
94.54.37.54--2010-11-19 02:44:07--/ |
1096 |
Turkey USA |
Program has been caught |
95.14.1.97--2010-11-19 08:30:10--/ |
167 |
Turkey USA |
|
95.15.248.177--2010-11-19 11:14:54--/ |
1454 |
Turkey USA |
Program has been caught |
|
|
|
|
A total of 125,008 times, fast 15 seconds 172 times, only catch 9,266 times. |
|
|
|
This watch is bad enough, our site was attacked more than 120,000 times a day, if allowed to do so, the Web site will be the burden of the impact of the Internet is obvious, the attack is characterized by a 3-5 different IP at the time of the attack will be at the same time 3-5 times per second, the speed of attack come over, Total up to 9-25 times per second, every 1-6 hours to change the IP, and the IP and previous records are not duplicated. In this way, the site's memory will suddenly be too large, bright lights, and the other is to bring great instability to the network. Individual IP is sealed has always existed, I tried to complete the solution, a solution to a number of IP at the same time to attack, and even make the website severely overloaded for a few minutes.
Now, starting the topic of this issue, why can not stop the new attack? After research, I found that 90% of IP using a new attack scheme: has been intelligent to attack 2 minutes to stop 5 minutes of the rotation attack, because my last program parameter set to 600 seconds/period of the conservative scheme, so I changed the parameter to 120 seconds 120 times the new scheme, the error rate of 0.5% or less, After the log comparison, I can analyze 120 seconds 120 times the wrong kill is never tried, 120 seconds more 1 times also just have a freight page because of network problems have a customer refresh more 1 back, this is our trading background reason is not enough intelligent majority.
Finally, thank you for your message, I will think of your message. However, I this program is only a reference, local conditions, is not the best, can only be said to be humane. Now I send the program again, only changed the time parameter, the new parameters have been able to 100% to seize those hacker IP, I experimented for two days, grabbed 62 new IP, or the majority of Turkey.
Website anti-IP attack code (ANTI-IP attack Code website) ver2.0:
Copy the Code code as follows:
/*
* Web site Anti-IP attack code (ANTI-IP attack code website) 2010-11-20,ver2.0
*mydalle.com Anti-refresh mechanism
*design by www.mydalle.com
*/
Query prohibit IP
$ip =$_server[' remote_addr '];
$fileht = ". Htaccess2";
if (!file_exists ($fileht)) file_put_contents ($fileht, "");
$filehtarr = @file ($fileht);
if (In_array ($ip. " \ r \ n ", $filehtarr)) Die (" Warning: ".")
"." Your IP address is forbided by mydalle.com Anti-refresh mechanism and IF you had any question Pls Emill to shop@mydalle.com !
(mydalle.com Anti-refresh mechanism is to enable the users to has a good shipping services, but there maybe some inevitable n Etwork problems in your IP address, so (can mail to us to solve.));
Add Forbidden IP
$time =time ();
$fileforbid = "Log/forbidchk.dat";
if (file_exists ($fileforbid))
{if ($time-filemtime ($fileforbid) >30) unlink ($fileforbid);
else{
$fileforbidarr = @file ($fileforbid);
if ($ip ==substr ($fileforbidarr [0],0,strlen ($IP)))
{
if ($time-substr ($fileforbidarr [1],0,strlen ($time)) >120) unlink ($fileforbid);
ElseIf ($fileforbidarr [2]>120) {file_put_contents ($fileht, $ip. " \ r \ n ", file_append); unlink ($fileforbid);}
else{$fileforbidarr [2]++;file_put_contents ($fileforbid, $fileforbidarr);}
}
}
}
Anti-Refresh
$str = "";
$file = "Log/ipdate.dat";
if (!file_exists ("Log") &&!is_dir ("Log")) mkdir ("Log", 0777);
if (!file_exists ($file)) file_put_contents ($file, "");
$allowTime = 60;//anti-refresh Time
$allowNum =5;//anti-refresh times
$uri =$_server[' Request_uri '];
$checkip =md5 ($IP);
$checkuri =md5 ($uri);
$yesno =true;
$ipdate = @file ($file);
foreach ($ipdate as $k = $v)
{$iptem =substr ($v, 0,32);
$uritem =substr ($v, 32,32);
$timetem =substr ($v, 64,10);
$numtem =substr ($v, 74);
if ($time-$timetem < $allowTime) {
if ($iptem! = $checkip) $str. = $v;
else{
$yesno =false;
if ($uritem! = $checkuri) $str. = $iptem. $checkuri. $time. " 1\r\n ";
ElseIf ($numtem < $allowNum) $str. = $iptem. $uritem. $timetem. ($numtem + 1). " \ r \ n ";
Else
{
if (!file_exists ($fileforbid)) {$addforbidarr =array ($ip. ") \ r \ n ", Time ()." \ r \ n ", 1); File_put_contents ($fileforbid, $addforbidarr);}
File_put_contents ("Log/forbided_ip.log", $ip. " --". Date (" Y-m-d h:i:s ", Time ())." --". $uri." \ r \ n ", file_append);
$timepass = $timetem + $allowTime-$time;
Die ("Warning:". ")
"." Pls don ' t refresh too frequently, and wait for ". $timepass." Seconds to continue, IF not your IP address would be forbided Automatic by mydalle.com Anti-refresh mechanism!
(mydalle.com Anti-refresh mechanism is to enable the users to has a good shipping services, but there maybe some inevitable n Etwork problems in your IP address, so (can mail to us to solve.));
}
}
}
}
if ($yesno) $str. = $checkip. $checkuri. $time. " 1\r\n ";
File_put_contents ($file, $STR);
?>
The above describes the anti-attack PHP anti-attack code upgrade version, including anti-attack content, I hope the PHP tutorial interested in a friend helpful.