Example of PHP anti-CC attack and quick page refresh prevention

Source: Internet
Author: User
The reason for the CC attack is that the dynamic page is constantly refreshed, such as the page for reading and writing databases from php + mysql. if the page is refreshed quickly, the page may be stuck or the server resource usage exceeds the limit, as a result, the server crashes. The following describes some examples to prevent CC attacks .... the reason for the CC attack is that the dynamic page is constantly refreshed, such as the page for reading and writing databases from php + mysql. if the page is refreshed quickly, the page may be stuck or the server resource usage exceeds the limit, as a result, the server crashes. The following provides some examples to prevent CC attacks.

CC attack causes

The principle of CC attack is that attackers control some hosts to repeatedly send a large number of packets to the other server, causing server resource depletion until the server crashes. CC is mainly used to attack pages, everyone has this experience. when a webpage has a large number of visitors, it will be slow to open the webpage. CC is used to simulate multiple users, and the number of threads is the number of users, non-stop access to pages that require a large amount of data operations, that is, pages that require a large amount of CPU time, resulting in a waste of server resources. the CPU time is at 100% for a long time, there will always be endless connections until network congestion occurs and normal access is terminated.

Refreshing the page for cc attacks does not make any sense to us. to make it meaningful, we use all our website resources. we can prevent CC attacks by disabling website proxy access in multiple ways, try to make the website static pages, limit the number of connections, and modify the maximum timeout time.

The PHP instance code is as follows:

 = $ Refresh) {// jump to the attacker server address header (sprintf ('Location: % s', 'http: // 127.0.0.1 ')); exit ('Access Denied ') ;}} else {$ _ SESSION ['refresh _ times'] = 0; $ _ SESSION ['last _ time'] = $ cur_time;}?>

Firewall is a very good solution to prevent CC attacks. it not only has no impact on the server, but also effectively prevents CC attacks.

We recommend that webmasters use dongle to defend against CC attacks or linux iptalbs to prevent CC attacks. Similarly, if my server has a server room firewall, these attacks are automatically blocked.


Tutorial address:

Reprinted! But please include the article address ^

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.