最近几个网站CC不断，了解一下CC的原理，然后勉强找个方法暂时防护下吧。实在是伤不起。
附上现在被攻击的屏蔽截图

 

 

<?php

 

 

@session_start();

$allow_sep = "1"; //刷新时间

if (isset($_SESSION["post_sep"]))

{

if (time() - $_SESSION["post_sep"] < $allow_sep)

{

exit("请不要反复刷新");

}

else

{

$_SESSION["post_sep"] = time();

}

}

else

{

$_SESSION["post_sep"] = time();

}

?>

附上另外一段代码

<?php

//查询禁止IP

$ip =$_SERVER['REMOTE_ADDR'];

$fileht=".htaccess2";

if(!file_exists($fileht))file_put_contents($fileht,"");

$filehtarr=@file($fileht);

if(in_array($ip."rn",$filehtarr))die("Warning:"."

"."Your IP address are forbided by Mydalle.com Anti-refresh mechanism, IF you have any question Pls emill to root@zsl.name!

(zsl.name Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");

//加入禁止IP

$time=time();

$fileforbid="log/forbidchk.dat";

if(file_exists($fileforbid))

{ if($time-filemtime($fileforbid)>30)unlink($fileforbid);

else{

$fileforbidarr=@file($fileforbid);

if($ip==substr($fileforbidarr[0],0,strlen($ip)))

{

if($time-substr($fileforbidarr[1],0,strlen($time))>120)unlink($fileforbid);

elseif($fileforbidarr[2]>120){file_put_contents($fileht,$ip."rn",FILE_APPEND);unlink($fileforbid);}

else{$fileforbidarr[2]++;file_put_contents($fileforbid,$fileforbidarr);}

}

}

}

$str="";

$file="log/ipdate.dat";

if(!file_exists("log")&&!is_dir("log"))mkdir("log",0777);

if(!file_exists($file))file_put_contents($file,"");

$allowTime = 15;//防刷新时间

$allowNum=2;//防刷新次数

$uri=$_SERVER['REQUEST_URI'];

$checkip=md5($ip);

$checkuri=md5($uri);

$yesno=true;

$ipdate=@file($file);

foreach($ipdate as $k=>$v)

{ $iptem=substr($v,0,32);

$uritem=substr($v,32,32);

$timetem=substr($v,64,10);

$numtem=substr($v,74);

if($time-$timetem<$allowTime){

if($iptem!=$checkip)$str.=$v;

else{

$yesno=false;

if($uritem!=$checkuri)$str.=$iptem.$checkuri.$time."1rn";

elseif($numtem<$allowNum)$str.=$iptem.$uritem.$timetem.($numtem+1)."rn";

else

{

if(!file_exists($fileforbid)){$addforbidarr=array($ip."rn",time()."rn",1);file_put_contents($fileforbid,$addforbidarr);}

file_put_contents("log/forbided_ip.log",$ip."--".date("Y-m-d H:i:s",time())."--".$uri."rn",FILE_APPEND);

$timepass=$timetem+$allowTime-$time;

die("Warning:"."

"."Pls don't refresh too frequently, and wait for ".$timepass." seconds to continue, IF not your IP address will be forbided automatic by Nanshan.Biz Anti-refresh mechanism!

(zsl.name Anti-refresh mechanism is to enable users to have a good shipping services, but there maybe some inevitable network problems in your IP address, so that you can mail to us to solve.)");

}

}

}

}

if($yesno) $str.=$checkip.$checkuri.$time."1rn";

file_put_contents($file,$str);

?>

下面一段是判断Sessions然后把可能CC的IP执向到127.0.0.1 即攻击者本身。

 

<?php

session_start();

$timestamp = time();

$cc_nowtime = $timestamp ;

if (session_is_registered('cc_lasttime')){

$cc_lasttime = $_SESSION['cc_lasttime'];

$cc_times = $_SESSION['cc_times'] + 1;

$_SESSION['cc_times'] = $cc_times;

}else{

$cc_lasttime = $cc_nowtime;

$cc_times = 1;

$_SESSION['cc_times'] = $cc_times;

$_SESSION['cc_lasttime'] = $cc_lasttime;

}

if (($cc_nowtime - $cc_lasttime)<5){

if ($cc_times>=10){

header(sprintf("Location: %s",'http://127.0.0.1'));

exit;

}

}else{

$cc_times = 0;

$_SESSION['cc_lasttime'] = $cc_nowtime;

$_SESSION['cc_times'] = $cc_times;

}

?>

至于网上流传的判断代理IP来屏蔽的，测试失败，用VPN，用本机均失败。