Simple prevention of multiple malicious machine submission attacks

WBOY
Release: 2016-07-29 09:07:51
Original
1095 people have browsed it

Let’s talk about the background first: the machine’s continuous sending of requests or malicious submissions will put a lot of pressure on the server; the best strategy for this kind of attack is to determine the number of submissions and generate a dynamic verification code , that is, determine the IP within the specified time Send the pop-up verification code repeatedly for N times. The following is a simple process of identifying IP and using session recording and defense in practice.

The process of identifying and verifying ip

is as follows;

  • Identify ip

  • ip belongs to the whitelist directly through [whitelist policy: intranet ip + designated ip table]

  • Use session to store ip Request timestamp

  • Verify the number of IP requests within the specified time

  • Take corresponding measures

<code>/**
 * 获取和校验ip;同时防止短时间内多次提交
 *
 * @notice        :弹出验证码,需要替换掉echo $echo_str 即可。
 * @return string :返回校验成功的ip
 */
protected function getAndCheckIP()
{

    // 获取环境ip
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
        $ip = $_SERVER['REMOTE_ADDR'];
    else
        $ip = "unknown";

    // check 环境ip
    if (!$this->isWhiteList($ip)) {
        $echo_str = "提交过于频繁,请稍后再试!";
        // 构建ip的时间栈数据
        if (!is_array($_SESSION[$ip])) {
            $_SESSION[$ip] = array();
        }

        if (isset($_SESSION[$ip][0])) {
            $_SESSION[$ip][] = time();

            // session 保存时间为6小时。清理session
            $post_interval_first = time() - $_SESSION[$ip][0];
            if ($post_interval_first > 21600) {
                $_SESSION[$ip] = array();
            }

            // 两次提交小于1s,禁止提交
            $post_interval_pre = time() - $_SESSION[$ip][count($_SESSION[$ip]) - 3];
            if ($post_interval_pre < 1) {
                echo $echo_str;
                exit;
            };

            // 您在10s内已经提交了3请求,禁止提交
            $post_interval_third = time() - $_SESSION[$ip][count($_SESSION[$ip]) - 3];
            if (isset($_SESSION[$ip][3]) && ($post_interval_third < 10)) {
                echo $echo_str;
                exit;
            }

            // 您在1分钟期间已经提交了5请求,禁止提交
            $post_interval_fifth = time() - $_SESSION[$ip][count($_SESSION[$ip]) - 3];
            if (isset($_SESSION[$ip][5]) && ($post_interval_fifth < 60)) {
                echo $echo_str;
                exit;
            }

            // 6小时内提交10次,禁止提交
            if (isset($_SESSION[$ip][10])) {
                echo $echo_str;
                exit;
            }
        } else {
            $_SESSION[$ip][] = time();
        }
    }

    return ($ip);
}
</code>
Copy after login
Whitelist strategy

The whitelist strategy adopts: intranet IP release and specific IP release

<code>/**
 * 检验是否存在于白名单中
 *
 * @param $ip    :校验的ip
 * @return bool  :校验结果
 */
function isWhiteList($ip){
    /**
     * 内网ip默认全部存在于白名单中
     */
    if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)){
        return true;
    }

    // 是否在写死的whitelist 里面
    return in_array($ip,$this->_WHTTE_LIST);
}
</code>
Copy after login
Anti-attack strategy

Xiaoya adopts a relatively simple strategy, such as the above code, which can be combined with business needs in the actual process.

  • No repeated submissions within 1s

  • Maximum submission 3 times within 5s

  • Maximum submission 5 times within 60s

  • Maximum submission 10 times within 6 hours

【Please indicate when reprinting: Simple prevention of multiple malicious submission attacks by machines | Reliable Cui Xiaoyan】

The above introduces the simple prevention of multiple malicious submission attacks on the machine, including aspects of the attack. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template