I. background
When developing a website, we usually name the admin directory in the admin background. When someone with ulterior motives finds such a path to crack the administrator password. There are also brute force attacks to find the logon path of the Administrator's background and further crack it.
Unfortunately, my website was compromised last month, and I was even tested by SQL injection. As a result, there were so many 3 MB of error log files.
From the log analysis, these must be accessed through brute force tools to get the background logon address. If such a tool is used to crack the attack every day, the load on the server is as high as that on the server.
Forced by various worries and oppression, I finally thought of a policy to limit the occurrence of such things, that is, to restrict IP Access.
Ii. Strategy
When a website is accessed, an error occurs. This error can be a wrong URL or a keyword injected with SQL to record the visitor's IP address, access is prohibited when the number of malicious IP addresses reaches a certain value.
Database:
In the Application_Error global function, record the user's IP Address:
// When an error occurs, record the user IPstring ip = Request. userHostAddress; MaliciousAccess. service. maliciousAccessService. instance. add_Entity (new Service. maliciousAccess () {IP = ip, CreateTime = DateTime. now}); Response. redirect ("error.html ");
Then, I customized an httpmodule class to intercept all URL access. In this class, I will first determine whether it is a URL injected with SQL, and then determine whether it reaches the IP address online, because the SQL injection method does not jump to the error processing function to access the website.
/* ===================================================== ========================================================== * Class Name: maliciousAccess * class description: * created by: Jim * Creation Time: 10:35:50 * =================================================== ========================================================== = */using System; using System. web; using System. data; namespace MaliciousAccess. service {public class HttpModule: IHttpModule {private int errorcount = 20; // Number of error partitions /// <summary> /// You will need to configure this module in the web. config file of your website, /// and register this module with IIS before using it. For more information, /// see the following link: http://go.microsoft.com /? Linkid = 8101007 // </summary> # region IHttpModule Members public void Dispose () {// place the clearing code here.} Public void Init (HttpApplication context) {context. preRequestHandlerExecute + = new EventHandler (OnPreRequest);} # endregion public void OnPreRequest (Object source, EventArgs e) {// you can place custom logging logic goErr (Uri. unescapeDataString (HttpContext. current. request. url. absoluteUri); // SQL Injection IP address limit // normal error access IP address limit if (HttpContext. current. request. url. absolutePath. indexOf ("Error. aspx ") <=-1) {DataTable dt = Service. maliciousAccessService. instance. db. fromSql ("select count (*) from MaliciousAccess where convert (varchar (10), CreateTime, 120) = '" + DateTime. now. toString ("yyyy-MM-dd") + "'"). toTable () as DataTable; if (int. parse (dt. rows [0] [0]. toString ()> errorcount) {HttpContext. current. response. redirect ("Error. aspx ");}}} /// <summary> /// SQL Injection filtering /// </summary> /// <param name = "InText"> string to be filtered </param> // /<returns> If the parameter contains insecure characters, returns true </returns> public bool SqlFilter (string InText) {string word = "and | exec | insert | select | delete | update | chr | mid | master | or | truncate | char | declare | join | cmd "; if (InText = null) return false; foreach (string I in word. split ('|') {if (InText. toLower (). indexOf (I + "")>-1) | (InText. toLower (). indexOf ("" + I)>-1) {return true ;}} return false ;} /// <summary> /// check whether the parameter contains SQL characters // </summary> /// <param name = "tm"> </param> private void goErr (string tm) {if (SqlFilter (tm) {string ip = HttpContext. current. request. userHostAddress; MaliciousAccessService. instance. add_Entity (new Service. maliciousAccess () {IP = ip, CreateTime = DateTime. now}); HttpContext. current. response. redirect ("Error.html ");}}}}
Iii. Summary
This should effectively prevent malicious access. For the moment, we only think of this method. If you have a better way, please share with us.
Attached example: MaliciousAccess
The database access component uses: MySoft. Data