Prevent hackers from remote high frequency request website solution

Recently gave the school a most beautiful department voting website, many people want to through the SQL Injection Vulnerability Attack website, I was also forced rogue good and these people fought for 2 days.

At first they should have used some tools to constantly detect my SQL injection point, which was the second time I formally made this large voting system, and I had been very close to paying attention to not leaving the injection point.

Just in the query statement is the use of SQL strings pieced together, I think the query statement should not do anything. Then I found out that they were attacking the patchwork, so I thought about it.

Also found a lot of information on the site, that as long as there is a piece of SQL patchwork can inject vulnerabilities.

-for example, a: SELECT * FORM USER WHERE id=prams1;--originally PRAMS1 is the ID number we read but if the parameter is replaced by:  1  ; Drop USER----So something terrible happened and the table was deleted!  

So don't leave a piece of it in the program. These are time bombs!

Even if this is done, there is no piece of work left in the program, but their incessant requests for scanning still cause the site to visit very slowly.

So I started thinking about how to prevent their high frequency requests below is the filter code: The basic idea is

1. Define a temporary HashMap record visitor IP address and last access time and number of visits

2, if the access time interval is less than 150ms is considered an exception request when the number of requests more than 200 times, the IP address is stored in another set hklist.

3, each pass through the filter first to determine whether the visitor IP exists hklist, and then decide whether to let it continue to access

Look at the code specifically!

Of particular note: If the other party uses the program to send the request then the data exists in the session is meaningless, because the program sends the request each time the session is new although they come from the same IP address. Specifically because of what .... I don't know.

So my record value is stored in the ServletContext.

 Public classAexinterceptorImplementsInterceptor {Private Static Final LongSerialversionuid = -5178310397732210602l;  Public voiddestroy () {} Public voidinit () {} PublicString Intercept (actioninvocation invocation)throwsException {actioncontext actioncontext=Invocation.getinvocationcontext (); HttpServletRequest Request=(HttpServletRequest) actioncontext.get (strutsstatics.http_request); HttpServletResponse Response=(HttpServletResponse) Actioncontext.get (strutsstatics.http_response);
Cu.debugprintln ("Go to Interceptor" +request.getrequesturi () + "Session id=" +request.getsession (). GetId ()); String IP=request.getremoteaddr (); ArrayList<String> hklist= (arraylist<string>) request.getsession (). Getservletcontext (). getattribute ("HkList"); if(hklist==NULL) {cu.debugprintln ("Create Hklist"); Hklist=NewArraylist<string>(); Request.getsession (). Getservletcontext (). SetAttribute ("Hklist", hklist); }                        //If this IP address is present in the blacklist, jump directly            if(Hklist.contains (IP)) {cu.debugprintln ("Forward to tip page-----------------------"); Response.sendredirect ("Info.jsp"); return NULL; }                      //The number of records reached 1000 and emptied once        if(Hklist.size () >1000) {cu.debugprintln ("Empty hacker IP Surveillance-----------------------");        Hklist.clear ();                                } cu.debugprintln (Hklist); @SuppressWarnings ("Unchecked") HashMap<string, string> tempiplist= (hashmap<string, string>) request.getsession (). GetServletContext (). GetAttribute ("Tempiplist"); if(tempiplist==NULL) {tempiplist=NewHashmap<string, string>(); Request.getsession (). Getservletcontext (). SetAttribute ("Tempiplist", tempiplist); } cu.debugprintln ("Current number of IP records = = =" +tempiplist.size ()); //The number of records reached 2000 and emptied once        if(Tempiplist.size () >2000) {cu.debugprintln ("Clear IP monitoring-----------------------");        Tempiplist.clear (); } Long nowtime=NewDate (). GetTime (); String Valuestr=tempiplist.get (IP); if(valuestr==NULL) {tempiplist.put (IP, nowtime+ "," +1); //Normal AccessCu.debugprintln ("First time access-----------" +IP); }Else{Long Prevtime= Long.parselong (valuestr.substring (0, Tempiplist.get (IP). IndexOf (","))); intCount=integer.parseint (Valuestr.substring (Valuestr.indexof (",") +1));            Cu.debugprintln (Nowtime);                       Cu.debugprintln (Prevtime); //Change IP address in context            if(nowtime-prevtime<150 && count>200){              //If the difference is less than 150 milliseconds and the number of requests reached is hacker//overwrite the original recalculation timeTempiplist.put (IP, nowtime+ "," + (count+1)); //Add to blacklistCu.debugprintln ("Hacker attack request-----------" +IP);             Hklist.add (IP); Cu.debugprintln ("Hacker attack request-----------" +IP); }Else{tempiplist.put (IP, nowtime+ "," + (count+1)); //Normal AccessCu.debugprintln ("Normal access-----------" +IP); }    }        returnInvocation.invoke (); }    }

Finally, attach the page of this project! Advertise for our school. Hunan Institute of Humanities and Technology welcome you Oh!

Original address: http://www.cnblogs.com/jyyjava/p/4617309.html

Prevent hackers from remote high frequency request website solution