Some questions about the anti-brush ticket

Some questions about the anti-brush ticket

刷票行为, has always been a difficult problem, can not fundamentally prevent.

But we can minimize the damage to the ticket, for example, by artificially increasing the logic limit.

Based on PHP , here are some tips for anti-brush tickets:

1. Using Curl for information forgery

$ch = Curl_init ();  curl_setopt ($ch, Curlopt_url, "http://localhost/2.php") curl_setopt ($ch, Curlopt_httpheader, Array (' x-forwarded-for:8.8.8.8 ', ' client-ip:8.8.8.8 '); curl_setopt ($ch, Curlopt_referer, "http://localhost/"); curl_ Setopt ($ch, Curlopt_header, 1); curl_setopt ($ch, Curlopt_useragent, "mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.0); $out = Curl_exec ($ch);  Curl_close ($ch);  

2, 验证码 : Using a very complex verification code

The exact appearance of the verification code is not directed at the person, but on the machine. Through the complexity and identification of the difficulty of the control to block off part of the brush ticket machine, thereby reducing the occurrence of the brush ticket. But with the development of software technology, identification technology more and more verification code facing the advanced Brush ticket software has also lost its preventive role, but the professional brush ticket machine can be breached. If you do not have to verify the code, the vote is basically the rest of the dish, the verification code to get the way, using asynchronous loading, that is, click the input box, only to request, after the successful vote, delete the verification code Session

3.限时投票

For example: from 8 o'clock to 23 o'clock in the evening

4. Setting投票间隔

After the user polls, how often does it take to continue to vote. Many polling sites basically have this limitation, but there is no way to change the IP attack.

5. 投票结果展示 : Delayed display, friendly display

On the page to vote, JS immediately add 1, but refresh the page, not necessarily immediately show the latest poll results, return status to the page (thank you for your vote!) or vote successfully! As to whether there was success, another said! ）

6, 扣量逻辑 : Common in some software selection, such as voting

• It's a killer, backstage run. Script real-time monitoring of abnormal growth (brush ticket) items, and then implement the deduction logic
• That is, for this item, 10 votes will be counted for one vote.

7, Cookie : Common means. Relatively low

• After the poll, the client writes a cookie, and the next poll determines whether the cookie exists
• However, this approach is very easy to break because cookies can be deleted

8, 加密选项 ID : The ID of some voting options, random encryption

• Encryption algorithm, add salt, and set the effective time, for example, within 5 minutes
• Server-side decryption and validation

9, Nginx limit the number of links

• Ngx_http_limit_conn_module
• Ngx_http_limit_req_module
• Nginx_limit_speed_module

Can use these three modules to limit, but this is not a good solution

See also: The speed limit module for Nginx

10. Iptables Limit

/sbin/iptables-a input-p TCP--dport/--syn-m recent--name webpool--rcheck--seconds--hitcount 10-j LOG--log- Prefix ' DDOS: '--log-ip-options#60 seconds 10 new connections, more than log logs. /sbin/iptables-a input-p TCP--dport--syn-m recent--name webpool--rcheck--seconds--hitcount 10-j drop#60 sec 10 A new connection, exceeding the drop packet. /sbin/iptables-a input-p TCP--dport--syn-m recent--name Webpool--set-j accept# in the range allowed through. /sbin/iptables-t filter-a input-p tcp--dport--tcp-flags fin,syn,rst,ack syn-m connlimit--connlimit-above Ten--co Nnlimit-mask 32-j reject# Limit the maximum number of IP connections to 80 ports for 10# reference other/sbin/iptables-a input-f-M limit–-limit 100/s–-limit-burst 100-j accept# allows up to 100 new connections per second/sbin/iptables-a forward-p ICMP--icmp-type echo-request-m limit--limit 1/s--limit-burst 10-j A Ccept #防止ping洪水攻击, limit ping packets per second to no more than 10/sbin/iptables-a input-p tcp-m tcp–tcp-flags syn,rst,ack syn-m limit--limit 20/s- -limit-burst 200-j accept# prevents various port scans, limiting SYN and ACK syn to no more than 200 per second, lest you run out of digital bandwidth/sbin/iptables-a output-p Icmp-oEth0-j accept/sbin/iptables-a input-p ICMP--icmp-type echo-reply-s 0/0-i eth0-j accept/sbin/iptables-a input-p IC MP--icmp-type Destination-unreachable-s 0/0-i eth0-j accept/sbin/iptables-a input-p ICMP--icmp-type time-exceeded- S 0/0-i eth0-j accept/sbin/iptables-a input-p icmp-i eth0-j drop# deny ping request or Net.ipv4.icmp_echo_ignore_all = 1

Specific script

#!/bin/bash# date:2015-09-29# # Author: [email protected]shopt-s-O nounsetexport path=/usr/bin/:/biniptables_log= '/ Tmp/iptables_conf.log/sbin/iptables-a input-p TCP--dport--syn-m recent--name webpool--rcheck--seconds--hit  Count 10-j drop/sbin/iptables-a input-p TCP--dport--syn-m recent--name webpool--set-j accept/sbin/iptables-t Filter-a input-p TCP--dport--tcp-flags fin,syn,rst,ack syn-m connlimit--connlimit-above--connlimit-mask 32- J Rejectwhile [True]; Do    #sleep 1 for    IPs in ' Netstat-an | grep-i ': ' |grep ' estab ' | awk ' {print $} ' | cut-d:-F 1 | sort | uniq -C | awk ' {if ($ > && $2!= "127.0.0.1") {print $}} ' do    /sbin/iptables-l-        n  | grep  $IP >/DEV /null | | /sbin/iptables-a input-p TCP--dport 80-s $IP-j drop        echo "/sbin/iptables-a input-p TCP-  s $IP-j Drop" > > ${iptables_log}    Donedone

