黑帽seo:php防cc攻击代码,如何防止cc攻击,ip攻击及xss攻击?

黑帽seo:php防cc攻击代码,如何防止cc攻击?做seo的朋友,不管是白帽seo,还是黑帽seo,在排名上来以后都要经理webshell,网站压力测试,及cc攻击测试,因为竞争对手不喜欢你排在他前面,特别是暴力行业有利润的词,因此cdn,各种高仿防火墙也就出现了,今天风酷seo给大家分享的是php防cc攻击代码:(以下代码只是能起到一定的防范作用)

黑帽seo:php防cc攻击代码,如何防止cc攻击,ip攻击及xss攻击?

CC攻击就是对方利用程序或一些代理对您的网站进行不间断的访问,造成您的网站处理不了而处于当机状态,下面是PHP方法:将以下代码另存为php文件,然后首行include入你的common.php文件中

<?php/* * 防CC攻击郁闷到死,不死版。 * * 如果每秒内网站刷新次数超过2次,延迟5秒后访问。 */ $cc_min_nums = '1'; //次,刷新次数$cc_url_time = '5'; //秒,延迟时间//$cc_log = 'cc_log.txt'; //启用本行为记录日志$cc_forward = 'http://localhost'; //释放到URL//--------------------------------------------//返回URL$cc_uri = $_SERVER['REQUEST_URI']?$_SERVER['REQUEST_URI']:($_SERVER['PHP_SELF']?$_SERVER['PHP_SELF']:$_SERVER['SCRIPT_NAME']);$site_url = 'http://'.$_SERVER ['HTTP_HOST'].$cc_uri;//启用sessionif( !isset( $_SESSION ) ) session_start();$_SESSION["visiter"] = true;if ($_SESSION["visiter"] <> true){ echo "<script>setTimeout("window.location.href ='$cc_forward';", 1);</script>"; //header("Location: ".$cc_forward); exit;}$timestamp = time();$cc_nowtime = $timestamp ;if (session_is_registered('cc_lasttime')){ $cc_lasttime = $_SESSION['cc_lasttime']; $cc_times = $_SESSION['cc_times'] + 1; $_SESSION['cc_times'] = $cc_times;}else{ $cc_lasttime = $cc_nowtime; $cc_times = 1; $_SESSION['cc_times'] = $cc_times; $_SESSION['cc_lasttime'] = $cc_lasttime;}//获取真实IPif (isset($_SERVER)){ $real_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];}else{ $real_ip = getenv("HTTP_X_FORWARDED_FOR");}//print_r($_SESSION);//释放IPif (($cc_nowtime - $cc_lasttime)<=0){ if ($cc_times>=$cc_min_nums){ if(!empty($cc_log)) cc_log(get_ip(), $real_ip, $cc_log, $cc_uri); //产生log echo "Wait please, try again later!<script>setTimeout("window.location.href ='$site_url';", 5000);</script>"; //printf('您的刷新过快,请稍后。'); //header("Location: ".$cc_forward); exit; }}else{ $cc_times = 0; $_SESSION['cc_lasttime'] = $cc_nowtime; $_SESSION['cc_times'] = $cc_times;}//记录cc日志function cc_log($client_ip, $real_ip, $cc_log, $cc_uri){ $temp_time = date("Y-m-d H:i:s", time() + 3600*8); $temp_result = "[".$temp_time."] [client ".$client_ip."] "; if($real_ip) $temp_result .= " [real ".$real_ip."] "; $temp_result .= $cc_uri . "rn"; $handle = fopen ("$cc_log", "rb"); $oldcontent = fread($handle,filesize("$cc_log")); fclose($handle); $newcontent = $temp_result . $oldcontent; $fhandle=fopen("$cc_log", "wb"); fwrite($fhandle,$newcontent,strlen($newcontent)); fclose($fhandle);}//获取在线IPfunction get_ip() { global $_C; if(empty($_C['client_ip'])) { if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) { $client_ip = getenv('HTTP_CLIENT_IP'); } elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) { $client_ip = getenv('HTTP_X_FORWARDED_FOR'); } elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { $client_ip = getenv('REMOTE_ADDR'); } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) { $client_ip = $_SERVER['REMOTE_ADDR']; } $_C['client_ip'] = $client_ip ? $client_ip : 'unknown'; } return $_C['client_ip'];}?>

 

PHP 防范IP攻击

<?php//查询禁止IP$ip =$_SERVER['REMOTE_ADDR'];$fileht=".htaccess2";if(!file_exists($fileht))file_put_contents($fileht,"");[email protected]($fileht);if(in_array($ip."\r\n",$filehtarr))die("Warning:"."<br>"."Your IP address are forbided by some reason, IF you have any question Pls emill to [email protected]!");//加入禁止IP$time=time();$fileforbid="log/forbidchk.dat";if(file_exists($fileforbid)){ if($time-filemtime($fileforbid)>60)unlink($fileforbid);else{[email protected]($fileforbid);if($ip==substr($fileforbidarr[0],0,strlen($ip))){if($time-substr($fileforbidarr[1],0,strlen($time))>600)unlink($fileforbid);elseif($fileforbidarr[2]>600){file_put_contents($fileht,$ip."\r\n",FILE_APPEND);unlink($fileforbid);}else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);}}}}//防刷新$str="";$file="log/ipdate.dat";if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777);if(!file_exists($file))file_put_contents($file,"");$allowTime = 120;//防刷新时间$allowNum=10;//防刷新次数$uri=$_SERVER['REQUEST_URI'];$checkip=md5($ip);$checkuri=md5($uri);$yesno=true;[email protected]($file);foreach($ipdate as $k=>$v){ $iptem=substr($v,0,32);$uritem=substr($v,32,32);$timetem=substr($v,64,10);$numtem=substr($v,74);if($time-$timetem<$allowTime){if($iptem!=$checkip)$str.=$v;else{$yesno=false;if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1\r\n";elseif($numtem<$allowNum)$str.=$iptem.$uritem.$timetem.($numtem+1)."\r\n";else{if(!file_exists($fileforbid)){$addforbidarr=array($ip."\r\n",time()."\r\n",1);file_put_contents($fileforbid,$addforbidarr);}file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."\r\n",FILE_APPEND);$timepass=$timetem+$allowTime-$time;die("Warning:"."<br>"."Sorry,you are forbided by refreshing frequently too much, Pls wait for ".$timepass." seconds to continue!");}}}}if($yesno) $str.=$checkip.$checkuri.$time."1\r\n";file_put_contents($file,$str);?>

PHP 防范xss攻击

XSS 全称为 Cross Site Scripting,用户在表单中有意或无意输入一些恶意字符,从而破坏页面的表现!

看看常见的恶意字符XSS 输入:

1.XSS 输入通常包含 JavaScript 脚本,如弹出恶意警告框:<script>alert(“XSS”);</script>

2.XSS 输入也可能是 HTML 代码段,譬如:

(1).网页不停地刷新 <meta http-equiv=”refresh” content=”0;”>

(2).嵌入其它网站的链接 <iframe src=http://xxxx width=250 height=250></iframe>

<?PHP /** * @blog http://www.fengku.net * @param $string * @param $low 安全别级低 */ function clean_xss(&$string, $low = False) { if (! is_array ( $string )) { $string = trim ( $string ); $string = strip_tags ( $string ); $string = htmlspecialchars ( $string ); if ($low) { return True; } $string = str_replace ( array ('"', "\\", "'", "/", "..", "../", "./", "//" ), '', $string ); $no = '/%0[0-8bcef]/'; $string = preg_replace ( $no, '', $string ); $no = '/%1[0-9a-f]/'; $string = preg_replace ( $no, '', $string ); $no = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; $string = preg_replace ( $no, '', $string ); return True; } $keys = array_keys ( $string ); foreach ( $keys as $key ) { clean_xss ( $string [$key] ); } } //just a test $str = 'phpddt.com<meta http-equiv="refresh" content="0;">'; clean_xss($str); //如果你把这个注释掉,你就知道xss攻击的厉害了 echo $str; ?>

转载请注明出处::【风酷SEO】 » 黑帽seo:php防cc攻击代码,如何防止cc攻击,ip攻击及xss攻击?

评论 0


Fatal error: Call to undefined function hui_user_avatar() in D:\wwwroot\fengkunet\wwwroot\wp-content\themes\xiu\functions.xiu.php on line 788