Php website protection against traffic flooding attacks _ PHP Tutorial

Source: Internet
Author: User
Tags php website
Php website protection against traffic flooding attacks. Traffic attacks are a relatively primitive method of website attacks, that is, they constantly refresh the website, resulting in the server being unable to handle or the database being overloaded, A traffic attack that causes the website to fail to work normally is a relatively basic website attack method, that is, the website is constantly refreshed, resulting in the server being unable to handle or the database being overloaded, an attack method that causes the website to fail to work normally. next I will introduce a method to use php to prevent website traffic flooding attacks.
The code is as follows:

// Query the forbidden IP address
$ Ip = $ _ SERVER ['remote _ ADDR '];
$ Fileht = ". htaccess2 ";
If (! File_exists ($ fileht) file_put_contents ($ fileht ,"");
$ Filehtarr = @ file ($ fileht );
If (in_array ($ ip. "rn", $ filehtarr) die ("Warning :"."
"." Your IP address are forbided by some reason, IF you have any question Pls emill to shop@mydalle.com! ");

// Add a prohibited IP address
$ Time = time ();
$ Fileforbid = "log/forbidchk. dat ";
If (file_exists ($ fileforbid ))
{If ($ time-filemtime ($ fileforbid)> 60) unlink ($ fileforbid );
Else {
$ Fileforbidarr = @ file ($ fileforbid );
If ($ ip = substr ($ fileforbidarr [0], 0, strlen ($ ip )))
{
If ($ time-substr ($ fileforbidarr [1], 0, strlen ($ time)> 600) unlink ($ fileforbid );
Elseif ($ fileforbidarr [2]> 600) {file_put_contents ($ fileht, $ ip. "rn", FILE_APPEND); unlink ($ fileforbid );}
Else {$ fileforbidarr [2] ++; file_put_contents ($ fileforbid, $ fileforbidarr );}
}
}
}
// Anti-refresh
$ Str = "";
$ File = "log/ipdate. dat ";
If (! File_exists ("log ")&&! Is_dir ("log") mkdir ("log", 0777 );
If (! File_exists ($ file) file_put_contents ($ file ,"");
$ AllowTime = 120; // Anti-refresh time
$ AllowNum = 10; // number of anti-refresh attempts
$ Uri = $ _ SERVER ['request _ URI '];
$ Checkip = md5 ($ ip );
$ Checkuri = md5 ($ uri );
$ Yesno = true;
$ Ipdate = @ file ($ file );
Foreach ($ ipdate as $ k => $ v)
{$ Iptem = substr ($ v, 0, 32 );
$ Uritem = substr ($ v, 32, 32 );
$ Timetem = substr ($ v, 64, 10 );
$ Numtem = substr ($ v, 74 );
If ($ time-$ timetem <$ allowTime ){
If ($ iptem! = $ Checkip) $ str. = $ v;
Else {
$ Yesno = false;
If ($ uritem! = $ Checkuri) $ str. = $ iptem. $ checkuri. $ time. "1rn ";
Elseif ($ numtem <$ allowNum) $ str. = $ iptem. $ uritem. $ timetem. ($ numtem + 1). "rn ";
Else
{
If (! File_exists ($ fileforbid) {$ addforbidarr = array ($ ip. "rn", time (). "rn", 1); file_put_contents ($ fileforbid, $ addforbidarr );}
File_put_contents ("log/forbided_ip.log", $ ip. "--". date ("Y-m-d H: I: s", time ()). "--". $ uri. "rn", FILE_APPEND );
$ Timepass = $ timetem + $ allowTime-$ time;
Die ("Warning :"."
"." Sorry, you are forbided by refreshing frequently too much, Pls wait for ". $ timepass." seconds to continue! ");
}
}
}
}
If ($ yesno) $ str. = $ checkip. $ checkuri. $ time. "1rn ";
File_put_contents ($ file, $ str );
?>

Use session tracking to prevent post submission

The code is as follows:

Session_start ();
$ Clean = array ();
$ Email_pattern = '/^ [^ @ s <&>] + @ ([-a-z0-9] +.) + [a-z] {2,} $/I ';
If (preg_match ($ email_pattern, $ _ POST ['email '])
{
$ Clean ['email '] = $ _ POST ['email'];
$ User = $ _ SESSION ['user'];
$ New_password = md5 (uniqid (rand (), TRUE ));
If ($ _ SESSION ['verified '])
{
/* Update Password */
Mail ($ clean ['email '], 'Your New password', $ new_password );
}
}
?>

...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.