Php prevents CC attack code php prevents frequent page refreshes ,. Php prevents CC attack code php prevents frequent page refreshing and malicious page refreshing. cc attacks allow attackers to use proxy servers to generate legitimate requests directed to the target site, simulate multi-user php protection against CC attack code php prevention of frequent page refreshing,
Web pages are quickly and maliciously refreshed. cc attacks allow attackers to use proxy servers to generate legitimate requests directed to the target site, simulating the constant access of multiple users to the affected website, in particular, accessing pages that require a large amount of data operations and require a large amount of CUP time will eventually result in the depletion of resources on the target website server until the crash occurs. as a result, server resources are wasted, when the CPU remains at 100% for a long time, there will always be endless connections until network congestion occurs and normal access is terminated. We call it CC attacks. Although we can use some attack-Proof Software, the effect is sometimes not obvious.
Below is a piece of PHP code that can defend against CC attacks.
Main functions:If you refresh the page more than 5 times in 3 seconds, it will point to the local http: // 127.0.0.1
You only need to put the code on the page that requires anti-CC attack.
Source code
<? Php $ timestampcc = time (); $ cc_nowtime = $ timestampcc; if (session_is_registered ('CC _ lasttime') {$ cc_lasttime = $ _ SESSION ['CC _ lasttime']; $ cc_times = $ _ SESSION ['cc_times '] + 1; $ _ SESSION ['cc_times'] = $ cc_times;} else {$ cc_lasttime = $ cc_nowtime; $ cc_times = 1; $ _ SESSION ['cc_times '] = $ cc_times; $ _ SESSION ['CC _ lasttime'] = $ cc_lasttime ;} if ($ cc_nowtime-$ cc_lasttime) <3) {// refresh more than 5 times in 3 seconds may be cc attacks if ($ cc_times> = 5) {Echo 'refresh too fast! '; Exit ;}} else {$ cc_times = 0; $ _ SESSION ['CC _ lasttime'] = $ cc_nowtime; $ _ SESSION ['cc_times '] = $ cc_times;}?>
The following is an effective PHP anti-CC attack solution:
1. session Records
Submit. php sets a session variable on the sending page and sends it to submitdeal together as a hidden field and form. on the php page, the server compares the hidden variables in the post with the session variables recorded on the server. for example, if the same, the hidden variables are written to the database and the session is cleared. in this way, the user refreshes the page, if the two values are not equal, an error or jump is prompted.
Advantages:You do not need to enter the verification code
Disadvantages:Forms are easy to copy
2. verification code
The principle is the same as the first one, except that session data is not submitted as a hidden domain, but is provided to users. most websites use text verification codes and image verification codes, which are highly secure.
3. IP binding
After the data is submitted, the client IP address is retrieved from the IP address table. if the IP address does not expire, an error is returned. Otherwise, the IP address is written to the database, and then the IP address of the room is taken to write the IP address to the database.
4. cookie:After the customer submits the post-processing program, it first retrieves whether the client has set cookies. if so, it does not submit them repeatedly. if not, it writes data and then writes a cookie;
Example:
The user's meaningless frequent jump and requests will put a lot of burden on the server. In fact, using cookies can prevent this.
<? Php error_reporting (0); // if ($ _ COOKIE ["ck"]) die ("refreshing too fast! "); If ($ _ COOKIE [" ck "]) header (" Location: http://www.baidu.com "); // if the user refresh too fast, terminate the php script or directly jump to setcookie 302 ("ck", "1", time () + 3); // Set the cookie survival time to 3 s echo "hello! ";?>
Method 1:
<? Php session_start (); $ k =$ _ GET ['K']; $ t =$ _ GET ['t']; $ allowTime = 1800; // Anti-refresh time $ ip = get_client_ip (); $ allowT = md5 ($ ip. $ k. $ t); if (! Isset ($ _ SESSION [$ allowT]) {$ refresh = true; $ _ SESSION [$ allowT] = time ();} elseif (time () -$ _ SESSION [$ allowT]> $ allowTime) {$ refresh = true; $ _ SESSION [$ allowT] = time ();} else {$ refresh = false;}?>
Method 2:
<? Session_start (); if (! Emptyempty ($ _ POST [name]) {$ data =$ _ POST [name]; $ tag =$ _ POST [tag]; if ($ _ SESSION [status] ==$ tag) {echo $ data;} else {echo "refresh is not allowed! ";}}$ V = mt_rand ();?> <? Echo $ v; $ _ SESSION [status] = $ v;?>
Method 3:
<? Session_start (); if (! Emptyempty ($ _ POST [name]) {$ data =$ _ POST [name]; $ tag =$ _ POST [tag]; if ($ _ SESSION [status] ==$ tag) {echo $ data;} else {echo "refresh is not allowed! ";}}$ V = mt_rand ();?> <? Echo $ v; $ _ SESSION [status] = $ v;?>
The above are various php methods to prevent CC attacks, hoping to help you prevent quick and malicious refreshing of webpages.
Articles you may be interested in:
- Enable PHP cookies to take effect immediately without refreshing
- Php code summary for preventing malicious page refreshing
- Php methods to prevent malicious refresh and ticket refresh
- Summary of php methods to prevent websites from being refreshed
- Refresh the PHP buffer to accelerate your site
- PHP prevents refresh of sample code for repeated submission pages
- Php uses session to prevent page refresh
Php prevents frequent page refreshes and malicious page refreshes. cc attacks allow attackers to use a proxy server to generate valid requests directed to the target site and simulate multiple users...