IP attack escalation, program improvement to counter new attack _php tips

However, the last few days suddenly bad, 90% of the attack has been unable to intercept, please look at the following chart of the day's statistics:
IP attack and start time Attack location notes
125.165.1.42--2010-11-19 02:02:19--/10 Indonesia
125.165.26.186--2010-11-19 16:56:45--/1846 Indonesia
151.51.238.254--2010-11-19 09:32:40--/4581 Italy
151.76.40.182--2010-11-19 11:58:37--/4763 Rome, Italy
186.28.125.37--2010-11-19 11:19:22--/170 Columbia
186.28.131.122--2010-11-19 11:28:43--/22 Columbia
186.28.25.130--2010-11-19 11:30:20--/1530 Columbia
188.3.1.108--2010-11-19 02:48:28--/1699 Turkey
188.3.1.18--2010-11-19 06:46:01--/1358 Turkey
188.3.34.226--2010-11-19 17:07:02--/1672 Turkey
190.24.50.228--2010-11-19 12:26:38--/2038 Columbia
190.24.83.82--2010-11-19 14:20:10--/9169 Columbia
190.25.30.213--2010-11-19 14:00:44--/680 Columbia
190.26.29.130--2010-11-19 13:33:11--/510 Columbia
190.27.115.101--2010-11-19 13:53:48--/340 Columbia
190.27.22.222--2010-11-19 12:16:02--/340 Columbia
201.244.113.165--2010-11-19 11:25:55--/170 Columbia
201.244.113.47--2010-11-19 11:24:56--/147 Columbia
201.244.115.156--2010-11-19 10:13:56--/2031 Columbia
201.244.119.228--2010-11-19 13:50:05--/170 Columbia
201.245.218.155--2010-11-19 13:30:30--/21 Columbia
212.156.185.122--2010-11-19 08:40:36--/16158 Turkey
78.160.106.60--2010-11-19 03:31:12--/340 Turkey
78.162.67.77--2010-11-19 04:26:24--/3595 Turkish procedure has been caught
78.175.64.173--2010-11-19 02:00:08--/2877 Turkey
78.176.178.76--2010-11-19 06:12:05--/2370 Turkey
78.177.2.86--2010-11-19 13:24:29--/196 Turkey
78.181.76.51--2010-11-19 16:04:29--/600 Turkey
78.184.145.63--2010-11-19 14:30:12--/2542 Turkey
78.185.168.24--2010-11-19 09:02:52--/3877 Turkey
78.190.79.225--2010-11-19 13:25:22--/3300 Turkey
78.190.84.230--2010-11-19 06:51:33--/2719 Turkey
78.191.149.47--2010-11-19 08:34:34--/8783 Turkey
78.191.233.108--2010-11-19 05:10:48--/340 Turkey
78.191.94.126--2010-11-19 04:34:26--/3091 Turkey
85.104.231.74--2010-11-19 08:03:53--/3500 Turkey
85.104.49.60--2010-11-19 04:47:12--/1037 Turkey
85.106.123.116--2010-11-19 13:35:45--/68 Turkey
88.224.255.96--2010-11-19 07:18:59--/3903 Turkey
88.228.138.65--2010-11-19 02:12:31--/396 Turkey
88.228.66.5--2010-11-19 10:44:26--/2797 Turkey
88.229.12.40--2010-11-19 06:57:46--/6792 Turkey
88.234.193.11--2010-11-19 08:25:42--/5895 Turkey
88.236.78.79--2010-11-19 15:01:54--/170 Turkey
88.238.26.12--2010-11-19 05:21:46--/473 Turkey
88.238.26.154--2010-11-19 05:31:58--/1683 Turkey
88.242.124.128--2010-11-19 06:53:56--/8401 Turkey
88.242.65.61--2010-11-19 08:38:41--/1204 Turkish procedure has been caught
94.122.20.157--2010-11-19 09:53:39--/1917 Turkish-American procedure has been caught
94.54.37.54--2010-11-19 02:44:07--/1096 Turkish-American procedure has been caught
95.14.1.97--2010-11-19 08:30:10--/167 Turkish-American
95.15.248.177--2010-11-19 11:14:54--/1454 Turkish-American procedure has been caught
A total of 125,008 times, fast 15 seconds 172 times, only catch 9,266 times.
This watch is bad enough. Our site has been attacked 120,000 times a day, if allowed to make a mess, the Web site will bring the impact of the network is obvious, the attack is characterized by the attack every time by 3-5 different IP at the same time 3-5 times per second attack over, Total up to 9-25 times per second, IP every 1-6 hours, and the IP and previous records are not duplicated. In this way, the Web site memory will suddenly be too large, light, and the other is to bring great instability to the network. Individual IP is sealed has been, I tried all the solution, a solution to a number of IP at the same time to attack, and even make the site seriously overloaded for several minutes.
Now, starting this issue, why can't you stop the new attack? After research, I found that 90% of IP using a new attack scheme: already intelligent can attack 2 minutes to stop 5 minutes of the rotation attack, because my last program parameters set to 600 seconds/period of conservative scheme, so I changed the parameter to 120 seconds 120 new scheme, the wrong kill rate of 0.5%, Through log contrast, I can analyze 120 seconds 120 times wrong kill is not tried, 120 seconds more than 1 times also just have a freight page due to network problems have a customer refresh more than 1 back, this is the reason for our trading background is not intelligent majority.
Finally, thank you for your message, I will think of your message. However, I this procedure is only a reference, local conditions, is not the best, can only say that it is human. Now I send the program again, only to change the time number of parameters, the new parameters have been able to 100% seize those hacker IP, I tried two days, grabbed 62 new IP, or Turkey majority.
Website anti-IP attack codes (anti-ip attack code website) ver2.0:

Copy Code code as follows:

/*
* Website anti-IP attack code (ANTI-IP attack codes website) 2010-11-20,ver2.0
*mydalle.com Anti-refresh mechanism
*design by www.mydalle.com
*/
<?php
Query prohibits IP
$ip =$_server[' remote_addr '];
$fileht = ". Htaccess2";
if (!file_exists ($fileht)) file_put_contents ($fileht, "");
$filehtarr = @file ($fileht);
if (In_array ($ip.) \ r \ n ", $filehtarr)) Die (" Warning: ".) <br> "." Your IP address are forbided by mydalle.com Anti-refresh mechanism, IF your have any question Pls Emill to shop@mydalle.com !<br> (mydalle.com Anti-refresh mechanism are to enable users to have a good shipping services, but there, maybe I Nevitable network problems in your IP addresses, so and can mail to us to solve.);

Add Prohibit IP
$time =time ();
$fileforbid = "Log/forbidchk.dat";
if (file_exists ($fileforbid))
{if ($time-filemtime ($fileforbid) >30) unlink ($fileforbid);
else{
$fileforbidarr = @file ($fileforbid);
if ($ip ==substr ($fileforbidarr [0],0,strlen ($IP))
{
if ($time-substr ($fileforbidarr [1],0,strlen ($time)) >120) unlink ($fileforbid);
ElseIf ($fileforbidarr [2]>120) {file_put_contents ($fileht, $ip.) \ r \ n ", file_append); unlink ($fileforbid);}
else{$fileforbidarr [2]++;file_put_contents ($fileforbid, $fileforbidarr);}
}
}
}
Anti-Refresh
$str = "";
$file = "Log/ipdate.dat";
if (!file_exists ("Log") &&!is_dir ("Log")) mkdir ("Log", 0777);
if (!file_exists ($file)) file_put_contents ($file, "");
$allowTime = 60;//anti-refresh Time
$allowNum =5;//anti-refresh times
$uri =$_server[' Request_uri '];
$checkip =md5 ($IP);
$checkuri =md5 ($uri);
$yesno =true;
$ipdate = @file ($file);
foreach ($ipdate as $k => $v)
{$iptem =substr ($v, 0,32);
$uritem =substr ($v, 32,32);
$timetem =substr ($v, 64,10);
$numtem =substr ($v, 74);
if ($time-$timetem < $allowTime) {
if ($iptem!= $checkip) $str. = $v;
else{
$yesno =false;
if ($uritem!= $checkuri) $str. = $iptem. $checkuri. $time. " 1\r\n ";
ElseIf ($numtem < $allowNum) $str. = $iptem. $uritem. $timetem. ($numtem + 1). " \ r \ n ";
Else
{
if (!file_exists ($fileforbid)) {$addforbidarr =array ($ip.) \ r \ n ", Time ()." \ r \ n ", 1); File_put_contents ($fileforbid, $addforbidarr);}
File_put_contents ("Log/forbided_ip.log", $ip.) -". Date (" Y-m-d h:i:s ", Time ())." --". $uri." \ r \ n ", file_append);
$timepass = $timetem + $allowTime-$time;
Die ("Warning:".) <br> "." Pls don ' t refresh too frequently, and wait for ". $timepass." Seconds to continue, IF not your IP address would be forbided Automatic by mydalle.com Anti-refresh mechanism!<br> (mydalle.com Anti-refresh mechanism are to enable users to have a Good shipping services, but there maybe some inevitable network problems in your IP addresses, so and can mail to us t o solve) ");
}
}
}
}
if ($yesno) $str. = $checkip. $checkuri. $time. " 1\r\n ";
File_put_contents ($file, $STR);
?>