Php emergency code to prevent website attacks, php to prevent emergency code. Php emergency code to prevent websites from being attacked. php has recently prevented a website from being attacked and the database has been flushed away. Fortunately, there is a database backup on the customer's machine. In case of such strict php emergency code to prevent website attacks, php will prevent emergency code
Not long ago, a website was attacked and the database was flushed away. Fortunately, there was a database backup on the customer's machine. When encountering such a serious problem, you must promptly identify the vulnerability to prevent further attacks. After various checks, we found that apart from the server needs to be correctly configured, we had to solve this attack problem from the IP address.
If you find that an ip address accesses a website too frequently, you can add it to the blacklist to prohibit access. this is not a good solution, but it is only a matter of expediency, I will conduct further research later.
This method is summarized as follows:Prevent website attacks by disabling frequent IP access.
<? Php header ('content-type: text/html; charset = utf-8 '); $ ip = $ _ SERVER ['remote _ ADDR']; // obtain the ip address of the current visitor $ logFilePath = '. /log/'; // log file storage directory $ fileht = '. htaccess2; // The forbidden ip record file $ allowtime = 60; // Anti-refresh time $ allownum = 5; // Anti-refresh times $ allowRefresh = 120; // add if (! File_exists ($ fileht) {file_put_contents ($ fileht, '') ;}$ filehtarr =@ file ($ fileht); if (in_array ($ ip. "\ r \ n", $ filehtarr) {exit ('Warning: Your IP address has been disabled! ');} // Add the prohibited ip address $ time = time (); $ fileforbid = $ logFilePath. 'forbidchk. dat '; if (file_exists ($ fileforbid) {if ($ time-filemtime ($ fileforbid)> 30) {@ unlink ($ fileforbid );} else {$ fileforbidarr = @ file ($ fileforbid); if ($ ip = substr ($ fileforbidarr [0], 0, strlen ($ ip ))) {if ($ time-substr ($ fileforbidarr [1], 0, strlen ($ time)> 120) {@ unlink ($ fileforbid );} else if ($ fileforbidarr [2]> $ allowRefresh) {file_put_contents ($ fileht, $ Ip. "\ r \ n", FILE_APPEND); @ unlink ($ fileforbid);} else {$ fileforbidarr [2] ++; file_put_contents ($ fileforbid, $ fileforbidarr) ;}}/// anti-refresh $ str = ''; $ file = $ logFilePath. 'ipdate. dat '; if (! File_exists ($ logFilePath )&&! Is_dir ($ logFilePath) {mkdir ($ logFilePath, 0777);} if (! File_exists ($ file) {file_put_contents ($ file, '');} $ uri = $ _ SERVER ['request _ URI ']; // Obtain the current webpage file address $ checkip = md5 ($ ip); $ checkuri = md5 ($ uri); $ yesno = true; $ ipdate = @ file ($ file); foreach ($ ipdate as $ k => $ v) {$ iptem = substr ($ v, 0, 32 ); $ uritem = substr ($ v, 32, 32); $ timetem = substr ($ v, 64, 10); $ numtem = substr ($ v, 74 ); if ($ time-$ timetem <$ allowtime) {if ($ iptem! = $ Checkip) {$ str. = $ v;} else {$ yesno = false; if ($ uritem! = $ Checkuri) {$ str. = $ iptem. $ checkuri. $ time. "\ r \ n";} else if ($ numtem <$ allownum) {$ str. = $ iptem. $ uritem. $ timetem. ($ numtem + 1 ). "\ r \ n";} else {if (! File_exists ($ fileforbid) {$ addforbidarr = array ($ ip. "\ r \ n", time (). "\ r \ n", 1); file_put_contents ($ fileforbid, $ addforbidarr);} file_put_contents ($ logFilePath. 'forbided _ ip. log', $ ip. '--'. date ('Y-m-d H: I: S', time ()). '--'. $ uri. "\ r \ n", FILE_APPEND); $ timepass = $ timetem + $ allowtime-$ time; exit ('Warning: Do not refresh too frequently! ') ;}}} If ($ yesno) {$ str. = $ checkip. $ checkuri. $ time. "\ r \ n";} file_put_contents ($ file, $ str );
The above is all the content of this article, hoping to help you learn.
Recently, a website was attacked and the database was deprecated. Fortunately, there was a database backup on the customer's machine. So strict...