IP攻击升级,程序改进以对付新的攻击
不过最近几天突然糟糕了起来,有90%的攻击已经没法拦截,请看下图一天的统计:
IP攻击及开始时间 攻击次数 地点 备注
125.165.1.42--2010-11-19 02:02:19--/ 10 印度尼西亚
125.165.26.186--2010-11-19 16:56:45--/ 1846 印度尼西亚
151.51.238.254--2010-11-19 09:32:40--/ 4581 意大利
151.76.40.182--2010-11-19 11:58:37--/ 4763 意大利 罗马
186.28.125.37--2010-11-19 11:19:22--/ 170 哥伦比亚
186.28.131.122--2010-11-19 11:28:43--/ 22 哥伦比亚
186.28.25.130--2010-11-19 11:30:20--/ 1530 哥伦比亚
188.3.1.108--2010-11-19 02:48:28--/ 1699 土耳其
188.3.1.18--2010-11-19 06:46:01--/ 1358 土耳其
188.3.34.226--2010-11-19 17:07:02--/ 1672 土耳其
190.24.50.228--2010-11-19 12:26:38--/ 2038 哥伦比亚
190.24.83.82--2010-11-19 14:20:10--/ 9169 哥伦比亚
190.25.30.213--2010-11-19 14:00:44--/ 680 哥伦比亚
190.26.29.130--2010-11-19 13:33:11--/ 510 哥伦比亚
190.27.115.101--2010-11-19 13:53:48--/ 340 哥伦比亚
190.27.22.222--2010-11-19 12:16:02--/ 340 哥伦比亚
201.244.113.165--2010-11-19 11:25:55--/ 170 哥伦比亚
201.244.113.47--2010-11-19 11:24:56--/ 147 哥伦比亚
201.244.115.156--2010-11-19 10:13:56--/ 2031 哥伦比亚
201.244.119.228--2010-11-19 13:50:05--/ 170 哥伦比亚
201.245.218.155--2010-11-19 13:30:30--/ 21 哥伦比亚
212.156.185.122--2010-11-19 08:40:36--/ 16158 土耳其
78.160.106.60--2010-11-19 03:31:12--/ 340 土耳其
78.162.67.77--2010-11-19 04:26:24--/ 3595 土耳其 程序已抓
78.175.64.173--2010-11-19 02:00:08--/ 2877 土耳其
78.176.178.76--2010-11-19 06:12:05--/ 2370 土耳其
78.177.2.86--2010-11-19 13:24:29--/ 196 土耳其
78.181.76.51--2010-11-19 16:04:29--/ 600 土耳其
78.184.145.63--2010-11-19 14:30:12--/ 2542 土耳其
78.185.168.24--2010-11-19 09:02:52--/ 3877 土耳其
78.190.79.225--2010-11-19 13:25:22--/ 3300 土耳其
78.190.84.230--2010-11-19 06:51:33--/ 2719 土耳其
78.191.149.47--2010-11-19 08:34:34--/ 8783 土耳其
78.191.233.108--2010-11-19 05:10:48--/ 340 土耳其
78.191.94.126--2010-11-19 04:34:26--/ 3091 土耳其
85.104.231.74--2010-11-19 08:03:53--/ 3500 土耳其
85.104.49.60--2010-11-19 04:47:12--/ 1037 土耳其
85.106.123.116--2010-11-19 13:35:45--/ 68 土耳其
88.224.255.96--2010-11-19 07:18:59--/ 3903 土耳其
88.228.138.65--2010-11-19 02:12:31--/ 396 土耳其
88.228.66.5--2010-11-19 10:44:26--/ 2797 土耳其
88.229.12.40--2010-11-19 06:57:46--/ 6792 土耳其
88.234.193.11--2010-11-19 08:25:42--/ 5895 土耳其
88.236.78.79--2010-11-19 15:01:54--/ 170 土耳其
88.238.26.12--2010-11-19 05:21:46--/ 473 土耳其
88.238.26.154--2010-11-19 05:31:58--/ 1683 土耳其
88.242.124.128--2010-11-19 06:53:56--/ 8401 土耳其
88.242.65.61--2010-11-19 08:38:41--/ 1204 土耳其 程序已抓
94.122.20.157--2010-11-19 09:53:39--/ 1917 土耳其 美国 程序已抓
94.54.37.54--2010-11-19 02:44:07--/ 1096 土耳其 美国 程序已抓
95.14.1.97--2010-11-19 08:30:10--/ 167 土耳其 美国
95.15.248.177--2010-11-19 11:14:54--/ 1454 土耳其 美国 程序已抓
共125008次,快的15秒172次,只抓9266次。
这个表够糟糕的了,我们网站一天被攻击了12万次之多,如果任由其乱来,会给网站的负担带来的网速影响是显而易见的,该攻击的特点是每当发起攻击的时候都会由3-5个不同的IP同时以每秒3-5次的速度攻击过来,合计起来每秒钟就达9-25次,每过1-6小时换一次IP,而且IP和以前的记录是不重复的。这样,一来是网站内存会突然过大,亮灯;二来是给网络带来很大的不稳定性。个别IP是封了一直存在的,我试过全部解封了,一解封就有好几个IP同时进行攻击,甚至会让网站严重过载了几分钟。
现在,开始本期的话题,为什么会挡不住新的攻击了呢?经过研究,我发现那90%的IP采用了新的攻击方案:已经智能的能攻击2分钟停5分钟的轮流攻击,由于我上次的程序参数设置为600秒/期的保守方案,所以,我把参数改为了120秒120次的新方案,错杀率0.5%以内,经过log的对比,我可以分析出120秒120次错杀是未曾试过的,120秒多1次也只是有一个运费页面由于网络问题有个客户刷新多了1回,这是我们的交易后台的原因不够智能化居多。
最后,感谢大家的留言,你们的留言我都会思考的。不过,我这个程序只是个参考,因地制宜,也不是最好的,只能说是人性化的罢了。现在我把程序再发一遍,只改了时间次数参数,新的参数已经能100%抓住那些黑客IP,我试验了两天,抓了62个新IP,还是土耳其的居多。
网站防IP攻击代码(Anti-IP attack code website) ver2.0:
复制代码 代码如下:
/*
*网站防IP攻击代码(Anti-IP attack code website)2010-11-20,Ver2.0
*Mydalle.com Anti-refresh mechanism
*design by www.mydalle.com
*/
//查询禁止IP
$ip =$_SERVER['REMOTE_ADDR'];
$fileht=".htaccess2";
if(!file_exists($fileht))file_put_contents($fileht,"");
$filehtarr=@file($fileht);
if(in_array($ip."\r\n",$filehtarr))die("Warning:"."
"."Your IP address are forbided by Mydalle.com Anti-refresh mechanism, IF you have any question Pls emill to shop@mydalle.com!
(Mydalle.com Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");
//加入禁止IP
$time=time();
$fileforbid="log/forbidchk.dat";
if(file_exists($fileforbid))
{ if($time-filemtime($fileforbid)>30)unlink($fileforbid);
else{
$fileforbidarr=@file($fileforbid);
if($ip==substr($fileforbidarr[0],0,strlen($ip)))
{
if($time-substr($fileforbidarr[1],0,strlen($time))>120)unlink($fileforbid);
elseif($fileforbidarr[2]>120){file_put_contents($fileht,$ip."\r\n",FILE_APPEND);unlink($fileforbid);}
else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);}
}
}
}
//防刷新
$str="";
$file="log/ipdate.dat";
if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777);
if(!file_exists($file))file_put_contents($file,"");
$allowTime = 60;//防刷新时间
$allowNum=5;//防刷新次数
$uri=$_SERVER['REQUEST_URI'];
$checkip=md5($ip);
$checkuri=md5($uri);
$yesno=true;
$ipdate=@file($file);
foreach($ipdate as $k=>$v)
{ $iptem=substr($v,0,32);
$uritem=substr($v,32,32);
$timetem=substr($v,64,10);
$numtem=substr($v,74);
if($time-$timetemif($iptem!=$checkip)$str.=$v;
else{
$yesno=false;
if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1\r\n";
elseif($numtemelse
{
if(!file_exists($fileforbid)){$addforbidarr=array($ip."\r\n",time()."\r\n",1);file_put_contents($fileforbid,$addforbidarr);}
file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."\r\n",FILE_APPEND);
$timepass=$timetem+$allowTime-$time;
die("Warning:"."
"."Pls don't refresh too frequently, and wait for ".$timepass." seconds to continue, IF not your IP address will be forbided automatic by Mydalle.com Anti-refresh mechanism!
(Mydalle.com Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");
}
}
}
}
if($yesno) $str.=$checkip.$checkuri.$time."1\r\n";
file_put_contents($file,$str);
?>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to make Google Maps the default map in iPhone
Apr 17, 2024 pm 07:34 PM
The default map on the iPhone is Maps, Apple's proprietary geolocation provider. Although the map is getting better, it doesn't work well outside the United States. It has nothing to offer compared to Google Maps. In this article, we discuss the feasible steps to use Google Maps to become the default map on your iPhone. How to Make Google Maps the Default Map in iPhone Setting Google Maps as the default map app on your phone is easier than you think. Follow the steps below – Prerequisite steps – You must have Gmail installed on your phone. Step 1 – Open the AppStore. Step 2 – Search for “Gmail”. Step 3 – Click next to Gmail app
Several methods for upgrading Python version in Conda
Feb 18, 2024 pm 08:56 PM
Several methods for Conda to upgrade the Python version require specific code examples. Overview: Conda is an open source package manager and environment management system for managing Python packages and environments. During development using Python, in order to use a new version of Python, we may need to upgrade from an older Python version. This article will introduce several methods of using Conda to upgrade the Python version and provide specific code examples. Method 1: Use the condainstall command
Clock app missing in iPhone: How to fix it
May 03, 2024 pm 09:19 PM
Is the clock app missing from your phone? The date and time will still appear on your iPhone's status bar. However, without the Clock app, you won’t be able to use world clock, stopwatch, alarm clock, and many other features. Therefore, fixing missing clock app should be at the top of your to-do list. These solutions can help you resolve this issue. Fix 1 – Place the Clock App If you mistakenly removed the Clock app from your home screen, you can put the Clock app back in its place. Step 1 – Unlock your iPhone and start swiping to the left until you reach the App Library page. Step 2 – Next, search for “clock” in the search box. Step 3 – When you see “Clock” below in the search results, press and hold it and
Performance and security of PHP5 and PHP8: comparison and improvements
Jan 26, 2024 am 10:19 AM
PHP is a widely used server-side scripting language used for developing web applications. It has developed into several versions, and this article will mainly discuss the comparison between PHP5 and PHP8, with a special focus on its improvements in performance and security. First let's take a look at some features of PHP5. PHP5 was released in 2004 and introduced many new functions and features, such as object-oriented programming (OOP), exception handling, namespaces, etc. These features make PHP5 more powerful and flexible, allowing developers to
Upgrading numpy versions: a detailed and easy-to-follow guide
Feb 25, 2024 pm 11:39 PM
How to upgrade numpy version: Easy-to-follow tutorial, requires concrete code examples Introduction: NumPy is an important Python library used for scientific computing. It provides a powerful multidimensional array object and a series of related functions that can be used to perform efficient numerical operations. As new versions are released, newer features and bug fixes are constantly available to us. This article will describe how to upgrade your installed NumPy library to get the latest features and resolve known issues. Step 1: Check the current NumPy version at the beginning
Can't allow access to camera and microphone in iPhone
Apr 23, 2024 am 11:13 AM
Are you getting "Unable to allow access to camera and microphone" when trying to use the app? Typically, you grant camera and microphone permissions to specific people on a need-to-provide basis. However, if you deny permission, the camera and microphone will not work and will display this error message instead. Solving this problem is very basic and you can do it in a minute or two. Fix 1 – Provide Camera, Microphone Permissions You can provide the necessary camera and microphone permissions directly in settings. Step 1 – Go to the Settings tab. Step 2 – Open the Privacy & Security panel. Step 3 – Turn on the “Camera” permission there. Step 4 – Inside, you will find a list of apps that have requested permission for your phone’s camera. Step 5 – Open the “Camera” of the specified app
How to upgrade Xiaohongshu to a professional account
Mar 01, 2024 pm 04:00 PM
Many friends expressed that they want to know how to upgrade to a professional account in Xiaohongshu. Here I will introduce the operation method. If you are interested, come and take a look with me. Open the "Little Red Book" APP on your mobile phone, click the "My" option in the lower right corner after entering it, then find the "three horizontal lines" icon in the upper left corner of the My page and click to open it. 2. A menu page will pop up, in which click to select the "Creation Center" item to enter. 3. Next, find "More Services" in the options under "Creation Services" on the page you enter, and click on it to enter. 4. After the page jumps, click "Open a Professional Account" in the options under "Author Capabilities". 5. Finally, the Xiaohongshu Professional Account will be introduced on the entered page. Click "
Tutorial on how to solve the problem of being unable to access the Internet after upgrading win10 system
Mar 27, 2024 pm 02:26 PM
1. Use the win+x shortcut key to open the menu and select [Command Prompt (Administrator) (A)], as shown below: 2. After entering the command prompt interface, enter the [ipconfig/flushdns] command and press Enter , as shown in the figure below: 3. Then enter the [netshwinsockresetcatalog] command and press Enter, as shown in the figure below: 4. Finally enter the [netshintipreset] command and press Enter, restart the computer and you can access the Internet, as shown in the figure below:
