PHP anti-CC Attack Implementation Code summary

Example 1

The code is as follows

Copy Code

//proxy IP directly exits empty ($_server[' Http_via ')) or exit (' Access Denied '); //Prevent quick Refresh Session_Start (); $seconds = ' 3 ';//Time period [sec] $refresh = ' 5 ';//Refresh times //Set monitor variable $cur _time = time (); if (isset ($_session[' last_time ')) {     $_session[' refresh_times '] = 1; }else{     $_session[' refresh_times ' = 1;     $_session[' last_time ' = $cur _time; } //Process monitoring Results if ($cur _time-$_session[' last_time '] < $seconds) {     if ($_session[' Refr Esh_times '] >= $refresh) {        //Jump to attacker server address          Header (sprintf (' location:%s ', ' http://127.0.0.1 '));         exit (' Access Denied ');    } }else{     $_session[' refresh_times ' = 0;     $_session[' last_time ' = $cur _time; }

Case II

The code is as follows

Copy Code

$P _s_t = $t _array[0] + $t _array[1]; $timestamp = time (); Session_Start (); $ll _nowtime = $timestamp; if (session_is_registered (' Ll_lasttime ')) { $ll _lasttime = $_session[' ll_lasttime ']; $ll _times = $_session[' ll_times '] + 1; $_session[' ll_times ' = $ll _times; }else{ $ll _lasttime = $ll _nowtime; $ll _times = 1; $_session[' ll_times ' = $ll _times; $_session[' ll_lasttime ' = $ll _lasttime; } if (($ll _nowtime-$ll _lasttime) <3) { if ($ll _times>=5) { Header (sprintf ("Location:%s", ' http://127.0.0.1 ')); Exit } }else{ $ll _times = 0; $_session[' ll_lasttime ' = $ll _nowtime; $_session[' ll_times ' = $ll _times; }

One instance I've been testing myself.

Log analysis

[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:13] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:12] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:12] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:12] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:11] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:11] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:11] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:10] [Client 61.217.192.39]/index.php
[2011-04-16 03:03:10] [Client 61.217.192.39]/index.php

Here is the PHP method: Save the following code as a PHP file, and then include the first line in your common.php file.

The code is as follows

Copy Code

<?php /* * Anti-CC attack depressed to dead, not dead version. * * If the site refreshes more than 2 times per second, delay 5 seconds after the visit. */ $CC _min_nums = ' 1 '; Times, refresh times $CC _url_time = ' 5 '; seconds, delay time $CC _log = ' cc_log.txt '; Enable logging of this behavior $CC _forward = ' http://localhost '; Release to URL //-------------------------------------------- Return URL $CC _uri = $_server[' Request_uri ']?$_server[' Request_uri ']:($_server[' php_self ']?$_server[' php_self's ']:$_SERVER[' Script_name ']); $site _url = ' http://'. $_server [' Http_host ']. $CC _uri; Enable session if (!isset ($_session)) session_start (); $_session["Visiter"] = true; if ($_session["Visiter"] <> true) { echo "<script>settimeout (" window.location.href = ' $cc _forward '; ", 1);</script>"; Header ("Location:". $CC _forward); Exit } $timestamp = time (); $CC _nowtime = $timestamp; if (session_is_registered (' Cc_lasttime ')) { $CC _lasttime = $_session[' cc_lasttime ']; $CC _times = $_session[' cc_times '] + 1; $_session[' cc_times ' = $CC _times; }else{ $CC _lasttime = $CC _nowtime; $CC _times = 1; $_session[' cc_times ' = $CC _times; $_session[' cc_lasttime ' = $CC _lasttime; } Get real IP if (Isset ($_server)) { $real _ip = $_server[' http_x_forwarded_for ']; }else{ $real _ip = getenv ("Http_x_forwarded_for"); } Print_r ($_session); //Release IP if (($cc _nowtime-$cc _lasttime) <=0) {  if ($cc _times>= $cc _min_nums) {          if (!empty ($cc _log))     Cc_log (Get_ip (), $real _ip, $cc _log, $CC _ URI);   //generates log  echo "Wait", try again later!<script>settimeout (" window.location.href = ' $site _url '; ", 5000);</script>";  //printf (' Your refresh is too fast, please later. ');  //header ("Location:". $CC _forward);  exit;  } }else{   $CC _times = 0;  $_session[' cc_lasttime '] = $cc _nowtime;  $_session[' Cc_times '] = $CC _times; } //Record cc log function Cc_log ($client _ip, $real _ip, $cc _log, $cc _uri) {      $temp _time = Date ("Y-m-d h:i:s", Time () + 3600*8);     $temp _result = "[". $temp _time. "] [Client. $client _ip. "] ";     if ($real _ip) $temp _result. =" [real ". $real _ip."] ";   $temp _result. = $cc _uri. "RN";     $handle = fopen ("$cc _log", "RB"),   $oldcontent = fread ($handle, FileSize ("$CC _log"));  fclose ($handle);     $newcontent = $temp _result. $oldcontent   $fhandle =fopen ("$cc _log", "WB");   Fwrite ($fhandle, $newcontent, strlen ($newcontent));  fclose ($fhandle); } Get online IP function Get_ip () { Global $_c; if (Empty ($_c[' client_ip ')) { if (getenv (' http_client_ip ') && strcasecmp (getenv (' http_client_ip '), ' unknown ')) { $client _ip = getenv (' http_client_ip '); } elseif (getenv (' http_x_forwarded_for ') && strcasecmp (getenv (' http_x_forwarded_for '), ' unknown ')) { $client _ip = getenv (' http_x_forwarded_for '); } elseif (getenv (' remote_addr ') && strcasecmp (getenv (' remote_addr '), ' unknown ')) { $client _ip = getenv (' remote_addr '); } elseif (Isset ($_server[' remote_addr ')) && $_server[' remote_addr '] && strcasecmp ($_server[' Remote_ ADDR '], ' unknown ') { $client _ip = $_server[' remote_addr ']; } $_c[' client_ip ' = $client _ip? $client _ip: ' Unknown '; } Return $_c[' client_ip ']; } ?>

This can be prevented by basic industry, but if the more advanced account of no way, you can try to use the relevant hardware to set up fire.