PHP anti-CC Attack Implementation Code summary

Source: Internet
Author: User
Tags php file sprintf

Example 1

The code is as follows Copy Code

//proxy IP directly exits
empty ($_server[' Http_via ')) or exit (' Access Denied ');
//Prevent quick Refresh
Session_Start ();
$seconds = ' 3 ';//Time period [sec]
$refresh = ' 5 ';//Refresh times
//Set monitor variable
$cur _time = time ();
if (isset ($_session[' last_time ')) {
    $_session[' refresh_times '] = 1;
}else{
    $_session[' refresh_times ' = 1;
    $_session[' last_time ' = $cur _time;
}
//Process monitoring Results
if ($cur _time-$_session[' last_time '] < $seconds) {
    if ($_session[' Refr Esh_times '] >= $refresh) {
       //Jump to attacker server address
         Header (sprintf (' location:%s ', ' http://127.0.0.1 '));
        exit (' Access Denied ');
   }
}else{
    $_session[' refresh_times ' = 0;
    $_session[' last_time ' = $cur _time;
}

Case II

The code is as follows Copy Code

$P _s_t = $t _array[0] + $t _array[1];
$timestamp = time ();

Session_Start ();
$ll _nowtime = $timestamp;
if (session_is_registered (' Ll_lasttime ')) {
$ll _lasttime = $_session[' ll_lasttime '];
$ll _times = $_session[' ll_times '] + 1;
$_session[' ll_times ' = $ll _times;
}else{
$ll _lasttime = $ll _nowtime;
$ll _times = 1;
$_session[' ll_times ' = $ll _times;
$_session[' ll_lasttime ' = $ll _lasttime;
}
if (($ll _nowtime-$ll _lasttime) <3) {
if ($ll _times>=5) {
Header (sprintf ("Location:%s", ' http://127.0.0.1 '));
Exit
}
}else{
$ll _times = 0;
$_session[' ll_lasttime ' = $ll _nowtime;
$_session[' ll_times ' = $ll _times;
}

One instance I've been testing myself.

Log analysis

[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:12] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:12] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:12] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:11] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:11] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:11] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:10] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:10] [Client 61.217.192.39]/index.php

Here is the PHP method: Save the following code as a PHP file, and then include the first line in your common.php file.

The code is as follows Copy Code

<?php
/*
* Anti-CC attack depressed to dead, not dead version.
*
* If the site refreshes more than 2 times per second, delay 5 seconds after the visit.
*/

$CC _min_nums = ' 1 '; Times, refresh times
$CC _url_time = ' 5 '; seconds, delay time
$CC _log = ' cc_log.txt '; Enable logging of this behavior
$CC _forward = ' http://localhost '; Release to URL

//--------------------------------------------

Return URL
$CC _uri = $_server[' Request_uri ']?$_server[' Request_uri ']:($_server[' php_self ']?$_server[' php_self's ']:$_SERVER[' Script_name ']);
$site _url = ' http://'. $_server [' Http_host ']. $CC _uri;

Enable session
if (!isset ($_session)) session_start ();
$_session["Visiter"] = true;
if ($_session["Visiter"] <> true) {
echo "<script>settimeout (" window.location.href = ' $cc _forward '; ", 1);</script>";
Header ("Location:". $CC _forward);
Exit
}

$timestamp = time ();
$CC _nowtime = $timestamp;
if (session_is_registered (' Cc_lasttime ')) {
$CC _lasttime = $_session[' cc_lasttime '];
$CC _times = $_session[' cc_times '] + 1;
$_session[' cc_times ' = $CC _times;
}else{
$CC _lasttime = $CC _nowtime;
$CC _times = 1;
$_session[' cc_times ' = $CC _times;
$_session[' cc_lasttime ' = $CC _lasttime;
}

Get real IP
if (Isset ($_server)) {
$real _ip = $_server[' http_x_forwarded_for '];
}else{
$real _ip = getenv ("Http_x_forwarded_for");
}

Print_r ($_session);

//Release IP
if (($cc _nowtime-$cc _lasttime) <=0) {
 if ($cc _times>= $cc _min_nums) {        
 if (!empty ($cc _log))     Cc_log (Get_ip (), $real _ip, $cc _log, $CC _ URI);   //generates log
 echo "Wait", try again later!<script>settimeout (" window.location.href = ' $site _url '; ", 5000);</script>";
 //printf (' Your refresh is too fast, please later. ');
 //header ("Location:". $CC _forward);
 exit;
 }
}else{
  $CC _times = 0;
 $_session[' cc_lasttime '] = $cc _nowtime;
 $_session[' Cc_times '] = $CC _times;
}

//Record cc log
function Cc_log ($client _ip, $real _ip, $cc _log, $cc _uri) {   
  $temp _time = Date ("Y-m-d h:i:s", Time () + 3600*8);
 
  $temp _result = "[". $temp _time. "] [Client. $client _ip. "] ";   
 if ($real _ip) $temp _result. =" [real ". $real _ip."] ";
  $temp _result. = $cc _uri. "RN";
 
  $handle = fopen ("$cc _log", "RB"),
  $oldcontent = fread ($handle, FileSize ("$CC _log"));
 fclose ($handle);
 
  $newcontent = $temp _result. $oldcontent
  $fhandle =fopen ("$cc _log", "WB");
  Fwrite ($fhandle, $newcontent, strlen ($newcontent));
 fclose ($fhandle);
}

Get online IP
function Get_ip () {
Global $_c;

if (Empty ($_c[' client_ip ')) {
if (getenv (' http_client_ip ') && strcasecmp (getenv (' http_client_ip '), ' unknown ')) {
$client _ip = getenv (' http_client_ip ');
} elseif (getenv (' http_x_forwarded_for ') && strcasecmp (getenv (' http_x_forwarded_for '), ' unknown ')) {
$client _ip = getenv (' http_x_forwarded_for ');
} elseif (getenv (' remote_addr ') && strcasecmp (getenv (' remote_addr '), ' unknown ')) {
$client _ip = getenv (' remote_addr ');
} elseif (Isset ($_server[' remote_addr ')) && $_server[' remote_addr '] && strcasecmp ($_server[' Remote_ ADDR '], ' unknown ') {
$client _ip = $_server[' remote_addr '];
}
$_c[' client_ip ' = $client _ip? $client _ip: ' Unknown ';
}
Return $_c[' client_ip '];
}
?>

This can be prevented by basic industry, but if the more advanced account of no way, you can try to use the relevant hardware to set up fire.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.