CC attack means that the other party uses programs or some agents to continuously access your website, causing your website to be unable to process and in a crashed state. Below we will summarize some PHP example codes to prevent CC attacks. Friends, you can refer to.
Example 1
The code is as follows | Copy code | ||||
empty($_SERVER['HTTP_VIA']) or exit('Access Denied'); //Prevent fast refresh session_start(); $seconds = '3'; //Time period [seconds] $refresh = '5'; //Number of refreshes //Set monitoring variables $cur_time = time(); if(isset($_SESSION['last_time'])){ $_SESSION['refresh_times'] += 1; }else{ $_SESSION['refresh_times'] = 1; $_SESSION['last_time'] = $cur_time; } //Process monitoring results if($cur_time - $_SESSION['last_time'] < $seconds){ If($_SESSION['refresh_times'] >= $refresh){ //Jump to the attacker's server address header(sprintf('Location:%s', 'http://127.0.0.1')); exit('Access Denied'); } }else{ $_SESSION['refresh_times'] = 0; $_SESSION['last_time'] = $cur_time; }
|
代码如下 | 复制代码 |
$P_S_T = $t_array[0] + $t_array[1]; session_start(); |
The code is as follows | Copy code |
$P_S_T = $t_array[0] + $t_array[1]; $timestamp = time(); session_start(); $ll_nowtime = $timestamp; if (session_is_registered('ll_lasttime')){ $ll_lasttime = $_SESSION['ll_lasttime']; $ll_times = $_SESSION['ll_times'] + 1; $_SESSION['ll_times'] = $ll_times; }else{ $ll_lasttime = $ll_nowtime; $ll_times = 1; $_SESSION['ll_times'] = $ll_times; $_SESSION['ll_lasttime'] = $ll_lasttime; } if (($ll_nowtime - $ll_lasttime)<3){ if ($ll_times>=5){ header(sprintf("Location: %s",'http://127.0.0.1')); exit; } }else{ $ll_times = 0; $_SESSION['ll_lasttime'] = $ll_nowtime; $_SESSION['ll_times'] = $ll_times; } |
An example I personally tested
Log Analysis
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:12] [client 61.217.192.39] /index.php
[2011-04-16 03:03:12] [client 61.217.192.39] /index.php
[2011-04-16 03:03:12] [client 61.217.192.39] /index.php
[2011-04-16 03:03:11] [client 61.217.192.39] /index.php
[2011-04-16 03:03:11] [client 61.217.192.39] /index.php
[2011-04-16 03:03:11] [client 61.217.192.39] /index.php
[2011-04-16 03:03:10] [client 61.217.192.39] /index.php
[2011-04-16 03:03:10] [client 61.217.192.39] /index.php
The following is the PHP method: save the following code as a php file, and then include the first line into your common.php file.
The code is as follows | Copy code |
/* //--------------------------------------------- //Return URL //Enable session $timestamp = time(); //Get the real IP //print_r($_SESSION); //Release IP //记录cc日志 //获取在线IP |
这样就可以基础工业防止了,但是如果更高级占的就没办法,大家可尝试使用相关硬件防火强来设置。