PHP Brush vote, let you top of the list! This article is attached to the method of brush and defense strategy.
Case is 1.5 months ago. Did not release the reason has two, one is because the blog domain name record does not come down, does not have the mood to write the thing. Second, the most important, timely release of the case site has serious damage, not me and other it people should be.
Ps: The ticket has the risk, the use should be cautious. This article is to do study and discussion of the use, can not be used for improper use!
This article for the Virgin of this blog, the theme stems from a recent friend request, is because her sister took part in a calligraphy contest, asked me if I can brush the vote on the website. As a rookie just a year ago, I am very frightened. A year ago just contact with PHP, completely do not know to do, now the first reaction is curl.
Nonsense not much said, directly on the code.
<?php
Header (' content-type:text/html; charset=gb2312 ');
Randomly generating IP
$ip 1 = rand (101, 255). '. ';
$ip 2 = rand (1, 255). '. ';
$ip 3 = rand (1, 255). '. ';
$ip 4 = rand (1, 255);
$ip = $ip 1. $ip 2. $ip 3. $ip 4;
$clientIp = ' Client-ip: '. $ip;
$xforwarded = ' x-forwarded-for: '. $ip;
Set goals and sources
$url = ' http://www.dunhuangwomen.org.cn/vote/Vote.asp?id=67 ';
$referer = ' http://www.dunhuangwomen.org.cn/vote/list.asp?id=2 ';
Curl
$ch = Curl_init ();
curl_setopt ($ch, Curlopt_url, $url); Goal
curl_setopt ($ch, Curlopt_httpheader, Array ($xforwarded, $clientIp)); Constructing IP
curl_setopt ($ch, Curlopt_referer, $referer); Source
curl_setopt ($ch, Curlopt_returntransfer, 1);
curl_setopt ($ch, Curlopt_header, 0);
$ret = curl_exec ($ch);
Curl_close ($ch);
Echo $ret;
?>
OK, let's analyze it.
1, imitation IP, the site has restrictions on an IP in a day can only be cast once
2, fill in the source, the site will determine the source of the request is the legal path
The other is Curl's regular options.
How to prevent and cure?
I talents, only for running bricks to lure Jade.
1. Restrict IP
This article has cracked
2. Limiting sources
This article has cracked
3, verification code. As one of the most anti-human inventions, it is possible to use this fully automatic computer and human Turing test that has a tall name.
Available OPENCV.
4, record MAC address.
Theoretically each NIC has a unique MAC address, and if the change may cause a conflict, it will not be able to access the Internet. can also be modified with software at present
5, Registered Members
Although still can break through the verification code, curl fill in parameters and then post the past, but the threshold is high after all, or ignore it.
6. Mobile phone
Vote in the mobile phone number and text message verification code, high cost, the unit does not want to. Users to send so-and-so instructions to So-and-so, the user's own pocket, users do not want.
At present, only the verification code, mobile phone and verify the effectiveness of the phone is the best preventive measures.