防CC攻击——转
使用Session或者是Cookie验证?写一些PHP代码进行记录?严格过滤同一个IP或是Mac地址的访问次数?实在不行就只有暂停服务?没有什么办法可以绝对控制CC攻击?对同一动态页面每分钟28736个请求怎么化解?
所谓的CC攻击就是对方利用程序或一些代理对您的网站进行不间断的访问,造成您的网站处理不了而处于当机状态。
日志分析:
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:13] [client 61.217.192.39] /index.php
[2011-04-16 03:03:12] [client 61.217.192.39] /index.php
[2011-04-16 03:03:12] [client 61.217.192.39] /index.php
[2011-04-16 03:03:12] [client 61.217.192.39] /index.php
[2011-04-16 03:03:11] [client 61.217.192.39] /index.php
[2011-04-16 03:03:11] [client 61.217.192.39] /index.php
[2011-04-16 03:03:11] [client 61.217.192.39] /index.php
[2011-04-16 03:03:10] [client 61.217.192.39] /index.php
[2011-04-16 03:03:10] [client 61.217.192.39] /index.php
下面是PHP方法:将以下代码另存为php文件,然后首行include入你的common.php文件中。
<?php
/*
* 防CC攻击郁闷到死,不死版。
*
* 如果每秒内网站刷新次数超过2次,延迟5秒后访问。
*/
$cc_min_nums = '1'; //次,刷新次数
$cc_url_time = '5'; //秒,延迟时间
//$cc_log = 'cc_log.txt'; //启用本行为记录日志
$cc_forward = 'http://localhost'; //释放到URL
//--------------------------------------------
//返回URL
$cc_uri = $_SERVER['REQUEST_URI']?$_SERVER['REQUEST_URI']:($_SERVER['PHP_SELF']?$_SERVER['PHP_SELF']:$_SERVER['SCRIPT_NAME']);
$site_url = 'http://'.$_SERVER ['HTTP_HOST'].$cc_uri;
//启用session
if( !isset( $_SESSION ) ) session_start();
$_SESSION["visiter"] = true;
if ($_SESSION["visiter"] <> true){
echo "<script>setTimeout(\"window.location.href ='$cc_forward';\", 1);</script>";
//header("Location: ".$cc_forward);
exit;
}
$timestamp = time();
$cc_nowtime = $timestamp ;
if (session_is_registered('cc_lasttime')){
$cc_lasttime = $_SESSION['cc_lasttime'];
$cc_times = $_SESSION['cc_times'] + 1;
$_SESSION['cc_times'] = $cc_times;
}else{
$cc_lasttime = $cc_nowtime;
$cc_times = 1;
$_SESSION['cc_times'] = $cc_times;
$_SESSION['cc_lasttime'] = $cc_lasttime;
}
//获取真实IP
if (isset($_SERVER)){
$real_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$real_ip = getenv("HTTP_X_FORWARDED_FOR");
}
//print_r($_SESSION);
//释放IP
if (($cc_nowtime - $cc_lasttime)<=0){
if ($cc_times>=$cc_min_nums){
if(!empty($cc_log)) cc_log(get_ip(), $real_ip, $cc_log, $cc_uri); //产生log
echo "Wait please, try again later!<script>setTimeout(\"window.location.href ='$site_url';\", 5000);</script>";
//printf('您的刷新过快,请稍后。');
//header("Location: ".$cc_forward);
exit;
}
}else{
$cc_times = 0;
$_SESSION['cc_lasttime'] = $cc_nowtime;
$_SESSION['cc_times'] = $cc_times;
}
//记录cc日志
function cc_log($client_ip, $real_ip, $cc_log, $cc_uri){
$temp_time = date("Y-m-d H:i:s", time() + 3600*8);
$temp_result = "[".$temp_time."] [client ".$client_ip."] ";
if($real_ip) $temp_result .= " [real ".$real_ip."] ";
$temp_result .= $cc_uri . "\r\n";
$handle = fopen ("$cc_log", "rb");
$oldcontent = fread($handle,filesize("$cc_log"));
fclose($handle);
$newcontent = $temp_result . $oldcontent;
$fhandle=fopen("$cc_log", "wb");
fwrite($fhandle,$newcontent,strlen($newcontent));
fclose($fhandle);
}
//获取在线IP
function get_ip() {
global $_C;
if(empty($_C['client_ip'])) {
if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
$client_ip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
$client_ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
$client_ip = getenv('REMOTE_ADDR');
} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
$client_ip = $_SERVER['REMOTE_ADDR'];
}
$_C['client_ip'] = $client_ip ? $client_ip : 'unknown';
}
return $_C['client_ip'];
}
?>小提示:上面的方法并不是绝对的,建议合理的选择有硬防的服务器来防止突发性CC攻击。用防火墙(iptables)禁止掉client真实IP,以使他们的请求,在入口就Deny掉。
最后更新于 2011-05-14 21:58:42 并被添加「cc攻击 hack」标签,已有 1628 位童鞋阅读过。
本站使用「署名 4.0 国际」创作共享协议,可自由转载、引用,但需署名作者且注明文章出处