The strategy method of WordPress anti-CC class malicious attack under LNMP environment

Since the beginning of last month, the blog's WordPress site, often suffer from all kinds of unknown attacks, performance for the same IP address, in a short period of time to a certain page or a picture to visit, began to think that it is their own articles were reprinted, others of the site was CC attack, but later through the Web site log found, Not so, a large number of IP, in different time period suddenly hit, all of a sudden CPU occupy to 100%, there is no way, from Baidu found a piece of code, together to see this method.

This, if your WordPress site has not been attacked, do not operate. Because this piece of code obviously has an impact on the speed of the site.

First take a look at the tribal site after the attack, Aliyun SMS notification,:

This is not an attack every moment, but only in our casual time will initiate, and often change IP, people quite headache.

Tribe from the site to find a section of the blog before the code, I believe there are many people in use, the tribe is just the operation.

A method of WordPress anti-CC class malicious attack

Take a look at this method, the effect of words, now the tribe also said not clear, a few days to feedback it.

1. First, we create a new forbiddencc.php file that includes the following:

The code is as follows

Copy Code

<?php Session_Start ();//Open session $timestamp = time (); $ll _nowtime = $timestamp; //To determine if the session exists if there is a value from the session if there is no initialization assignment if ($_session) {   $ll _lasttime = $_session[' Ll_lasttime ' ];   $ll _times = $_session[' ll_times '] + 1;   $_session[' ll_times ' = $ll _times; }else{   $ll _lasttime = $ll _nowtime;   $ll _times = 1;   $_session[' ll_times ' = $ll _times;   $_session[' ll_lasttime ' = $ll _lasttime; } //Now time-start logon time to determine if the login is frequently jump otherwise assign the session to if (($ll _nowtime-$ll _lasttime) < 3) {   if ($ll _ times>=5) { Header ("location:http://127.0.0.1");   Exit;  } }else{   $ll _times = 0;   $_session[' ll_lasttime ' = $ll _nowtime;   $_session[' ll_times ' = $ll _times; }

Then call it in this file in the header,php of your current topic. Here the tribe to hint, this call must be out of the front, otherwise there will be an error.

The code is as follows	Copy Code
<?php include (' includes/forbiddencc.php ');?>

That is, it appears in front of the DOCTYPE HTML.

To illustrate, the main role of this code is to verify the frequent refresh, if frequent refresh, then exit the current page, wait 2 seconds to continue access.

In this way, we can kill those unscrupulous low-level other cc attacks, but everything has its two sides, this method is the same, it will affect the loading speed of the page. Of course, the tribe has not found any other negative effects at the moment.