Php emergency code to prevent website attacks, php emergency code to prevent _ PHP Tutorial

Source: Internet
Author: User
Php emergency code to prevent website attacks, php to prevent emergency code. Php emergency code to prevent websites from being attacked. php has recently prevented a website from being attacked and the database has been flushed away. Fortunately, there is a database backup on the customer's machine. In case of such strict php emergency code to prevent website attacks, php will prevent emergency code

Not long ago, a website was attacked and the database was flushed away. Fortunately, there was a database backup on the customer's machine. When encountering such a serious problem, you must promptly identify the vulnerability to prevent further attacks. After various checks, we found that apart from the server needs to be correctly configured, we had to solve this attack problem from the IP address.

If you find that an ip address accesses a website too frequently, you can add it to the blacklist to prohibit access. this is not a good solution, but it is only a matter of expediency, I will conduct further research later.

This method is summarized as follows:Prevent website attacks by disabling frequent IP access.

<? Php header ('content-type: text/html; charset = utf-8 '); $ ip = $ _ SERVER ['remote _ ADDR']; // obtain the ip address of the current visitor $ logFilePath = '. /log/'; // log file storage directory $ fileht = '. htaccess2; // The forbidden ip record file $ allowtime = 60; // Anti-refresh time $ allownum = 5; // Anti-refresh times $ allowRefresh = 120; // add if (! File_exists ($ fileht) {file_put_contents ($ fileht, '') ;}$ filehtarr =@ file ($ fileht); if (in_array ($ ip. "\ r \ n", $ filehtarr) {exit ('Warning: Your IP address has been disabled! ');} // Add the prohibited ip address $ time = time (); $ fileforbid = $ logFilePath. 'forbidchk. dat '; if (file_exists ($ fileforbid) {if ($ time-filemtime ($ fileforbid)> 30) {@ unlink ($ fileforbid );} else {$ fileforbidarr = @ file ($ fileforbid); if ($ ip = substr ($ fileforbidarr [0], 0, strlen ($ ip ))) {if ($ time-substr ($ fileforbidarr [1], 0, strlen ($ time)> 120) {@ unlink ($ fileforbid );} else if ($ fileforbidarr [2]> $ allowRefresh) {file_put_contents ($ fileht, $ Ip. "\ r \ n", FILE_APPEND); @ unlink ($ fileforbid);} else {$ fileforbidarr [2] ++; file_put_contents ($ fileforbid, $ fileforbidarr) ;}}/// anti-refresh $ str = ''; $ file = $ logFilePath. 'ipdate. dat '; if (! File_exists ($ logFilePath )&&! Is_dir ($ logFilePath) {mkdir ($ logFilePath, 0777);} if (! File_exists ($ file) {file_put_contents ($ file, '');} $ uri = $ _ SERVER ['request _ URI ']; // Obtain the current webpage file address $ checkip = md5 ($ ip); $ checkuri = md5 ($ uri); $ yesno = true; $ ipdate = @ file ($ file); foreach ($ ipdate as $ k => $ v) {$ iptem = substr ($ v, 0, 32 ); $ uritem = substr ($ v, 32, 32); $ timetem = substr ($ v, 64, 10); $ numtem = substr ($ v, 74 ); if ($ time-$ timetem <$ allowtime) {if ($ iptem! = $ Checkip) {$ str. = $ v;} else {$ yesno = false; if ($ uritem! = $ Checkuri) {$ str. = $ iptem. $ checkuri. $ time. "\ r \ n";} else if ($ numtem <$ allownum) {$ str. = $ iptem. $ uritem. $ timetem. ($ numtem + 1 ). "\ r \ n";} else {if (! File_exists ($ fileforbid) {$ addforbidarr = array ($ ip. "\ r \ n", time (). "\ r \ n", 1); file_put_contents ($ fileforbid, $ addforbidarr);} file_put_contents ($ logFilePath. 'forbided _ ip. log', $ ip. '--'. date ('Y-m-d H: I: S', time ()). '--'. $ uri. "\ r \ n", FILE_APPEND); $ timepass = $ timetem + $ allowtime-$ time; exit ('Warning: Do not refresh too frequently! ') ;}}} If ($ yesno) {$ str. = $ checkip. $ checkuri. $ time. "\ r \ n";} file_put_contents ($ file, $ str );

The above is all the content of this article, hoping to help you learn.

Recently, a website was attacked and the database was deprecated. Fortunately, there was a database backup on the customer's machine. So strict...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.