Php attack prevention measures. Recently, my website was often attacked. I came up with a method to use php to prevent the website from being attacked. below is my code. the code is not the best. I will do it based on my own needs, recently, my website has been attacked. later, I came up with a method to use php to prevent the website from being attacked. below is my code. the code is not the best. I will do it based on my own needs, let's take a look at my code.
Recently, my website was often attacked. later I came up with a php Tutorial to prevent my website from being attacked. below is my code. the code is not the best. I will do it based on my own needs, let's take a look at my code.
/*
* Website anti-ip attack code (anti-ip attack code website) 2010-11-20, ver2.0
* Mydalle.com anti-refresh mechanic
* Design by www. bKjia. c0m
*/
// Query the forbidden ip address
$ Ip = $ _ server ['remote _ addr '];
$ Fileht = ". htaccess2 ";
If (! File_exists ($ fileht) file_put_contents ($ fileht ,"");
$ Filehtarr = @ file ($ fileht );
If (in_array ($ ip. "rn", $ filehtarr) die ("warning :"."
"." Your ip address are forbided by mydalle.com anti-refresh mechanic, if you have any question pls emill to shop@mydalle.com!
(Mydalle.com anti-refresh mechanic is to enable users to have a good shipping services, but there maybe some inevitable network problems in your ip address, so that you can mail to us to solve .) ");
// Add a prohibited ip address
$ Time = time ();
$ Fileforbid = "log/forbidchk. dat ";
If (file_exists ($ fileforbid ))
{If ($ time-filemtime ($ fileforbid)> 30) unlink ($ fileforbid );
Else {
$ Fileforbidarr = @ file ($ fileforbid );
If ($ ip = substr ($ fileforbidarr [0], 0, strlen ($ ip )))
{
If ($ time-substr ($ fileforbidarr [1], 0, strlen ($ time)> 120) unlink ($ fileforbid );
Elseif ($ fileforbidarr [2]> 120) {file_put_contents ($ fileht, $ ip. "rn", file_append); unlink ($ fileforbid );}
Else {$ fileforbidarr [2] ++; file_put_contents ($ fileforbid, $ fileforbidarr );}
}
}
}
// Anti-refresh
$ Str = "";
$ File = "log/ipdate. dat ";
If (! File_exists ("log ")&&! Is_dir ("log") mkdir ("log", 0777 );
If (! File_exists ($ file) file_put_contents ($ file ,"");
$ Allowtime = 60; // Anti-refresh time
$ Allownum = 5; // number of anti-refresh attempts
$ Uri = $ _ server ['request _ uri '];
$ Checkip = md5 ($ ip );
$ Checkuri = md5 ($ uri );
$ Yesno = true;
$ Ipdate = @ file ($ file );
Foreach ($ ipdate as $ k => $ v)
{$ Iptem = substr ($ v, 0, 32 );
$ Uritem = substr ($ v, 32, 32 );
$ Timetem = substr ($ v, 64, 10 );
$ Numtem = substr ($ v, 74 );
If ($ time-$ timetem <$ allowtime ){
If ($ iptem! = $ Checkip) $ str. = $ v;
Else {
$ Yesno = false;
If ($ uritem! = $ Checkuri) $ str. = $ iptem. $ checkuri. $ time. "1rn ";
Elseif ($ numtem <$ allownum) $ str. = $ iptem. $ uritem. $ timetem. ($ numtem + 1). "rn ";
Else
{
If (! File_exists ($ fileforbid) {$ addforbidarr = array ($ ip. "rn", time (). "rn", 1); file_put_contents ($ fileforbid, $ addforbidarr );}
File_put_contents ("log/forbided_ip.log", $ ip. "--". date ("y-m-d h: I: s", time ()). "--". $ uri. "rn", file_append );
$ Timepass = $ timetem + $ allowtime-$ time;
Die ("warning :"."
"." Pls don't refresh too frequently, and wait for ". $ timepass." seconds to continue, if not your ip address will be forbided automatic by mydalle.com anti-refresh mechanic!
(Mydalle.com anti-refresh mechanic is to enable users to have a good shipping services, but there maybe some inevitable network problems in your ip address, so that you can mail to us to solve .) ");
}
}
}
}
If ($ yesno) $ str. = $ checkip. $ checkuri. $ time. "1rn ";
File_put_contents ($ file, $ str );
?>
...