如何使用php检测和禁止攻击ips

I have a web hosting that does not allow to edit iptables. From to time I have light (about 300 requests/sec) DoS attacks (usually not distributed). I decided to write a PHP script that will block those ips. First I tried to store all requests for last 10 secs in database and look up abusing addresses for every request. But I quickly realized that this way I have to do at least 1 request to database for every DoS request, and it's not good. Then I optimized this approach as follows:

Read 'deny.txt' with blocked ip's
If it contains request ip, then die()
--- at this point we have filtered out all known attacking ips ---
store requesting ip in database
clean all requests older than 10 secs
count requests from this ip, if it is greater than threshold, add it to 'deny.txt'

This way, new attacking ip will make only Threshold requests to database and then gets blocked.

So, the question is, does this approach have optimal performance? Is there a better way to do this task?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

dongtao9095 2011-11-22 12:43

关注

Here's my code:

$ip = $_SERVER['REMOTE_ADDR'];

// Log ip
$query = "INSERT INTO Access (ip) VALUES ('$ip')";      
mysql_query($query) or HandleException("Error on logging ip access: " . mysql_error() . "; Query: " . $query);  

// Here should be database cleanup code

// Count requests
$query = "SELECT COUNT(*) FROM Access WHERE ip='$ip' AND time > SUBTIME(NOW(), '00:01:00')";        
$result = mysql_query($query) or HandleException("Error on getting ip access count: " . mysql_error() . "; Query: " . $query);  
$num = mysql_fetch_array($result);
$accesses = $num[0];

// Ban ip's that made more than 1000 requests in 1 minute
if($accesses > 1000)
{
    file_put_contents('.htaccess', 'deny from ' . $ip . "
", FILE_APPEND | LOCK_EX);
}

and .htaccess stub:

order deny,allow
deny from 111.222.33.44
deny from 55.66.77.88

本回答被题主选为最佳回答 , 对您是否有帮助呢?

查看更多回答(1条)

报告相同问题？

关注问题

PHP仅使用dns_record获取记录 php
2017-05-20 20:59

回答 1 已采纳 Fixed code (works properly): function test() { $host = "google.com"; $result = dns_get_r
PHP总是返回相同的IP php
2019-05-17 04:40

回答 2 已采纳 HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR are both HTTP headers that are non-standard and have to be
在项目列表中删除php中的文件 php
2018-10-15 11:45

回答 1 已采纳 What I ended up doing was to create a second php file, accepting url get arguments. <?php
php实现Linux服务器木马排查及加固功能
2020-10-24 23:52

5. **防火墙和入侵检测**：设置防火墙规则，限制不必要的端口访问，并启用入侵检测系统（IDS）或入侵预防系统（IPS）。 6. **日志监控**：定期检查系统和应用程序日志，分析异常行为，及时发现潜在攻击。 7. **...
PHP如果字符串存在于数组中 php
2017-05-07 13:18

回答 2 已采纳 Maybe you want to use strpos instead of looping through the array <?php $myString = "10.0.0.
testip.php 代码提交后返回的数据整理，请求帮助 php
2021-01-13 17:22

回答 7 已采纳 <?php error_reporting(0); $url = 'https://www.xxx.xxx/api/fdkhd/config/'; $data = array( 'aut
php Curl 405不允许 php
2017-02-22 15:37

回答 2 已采纳 Add the following to your code to help debug the issue: $info = curl_getinfo($ch); print_r( $info
php 禁止国内IP访问网站
2013-03-01 16:55

此外，除了IP限制，还可以结合其他安全措施，如使用防火墙规则、CDN的访问控制，甚至使用更复杂的地理位置检测服务，以提高网站的安全性和访问控制精度。总的来说，禁止国内IP访问外贸网站是通过PHP等编程语言实现...
PHP在foreach中更改数组值 php
2016-12-01 14:59

回答 3 已采纳 A foreach loop works by copying each value into a temporary variable. If you want to edit the ori
如何使用php停止将重复值写入文本文件 php
2014-11-02 00:59

回答 2 已采纳 $ip_file = "ips/".$ip.".txt"; $names = file_get_contents($ip_file); //read names into string if(fa
PHP随机化一个数组 php
2016-12-31 05:26

回答 2 已采纳 Here's a simple example of how you could cycle three array keys using php memcached: $servers = [
web-security-esgi
2021-03-22 16:49

使用入侵检测系统（IDS）和入侵防御系统（IPS）提升安全防护能力。以上这些只是Web安全和PHP安全基础的一部分。实际的开发环境中，还需要遵循安全编码原则，进行定期的安全审计和漏洞扫描，持续更新和修补软件，...
服务器安全检测和防御技术
2022-07-07 16:51

坏坏-5的博客关于SCSA中服务器安全检测和防御技术的介绍！
使用浏览器作为代理从公网攻击内网
2019-04-15 18:15

瑟荻的博客介绍在Forcepoint，我们不断寻求改善我们产品所提供的防护。为此，我们经常研究不寻常或潜在新颖的攻击技术。最近的一个研究课题是从公网发起的针对localhost...
常见网络攻击以及防御方法大全！零基础入门到精通
2024-10-06 14:21

程序员-老K的博客常见网络攻击以及防御方法大全！
没有解决我的问题, 去提问

悬赏问题

¥15 用verilog实现tanh函数和softplus函数
¥15 Hadoop集群部署启动Hadoop时碰到问题
¥15 求京东批量付款能替代天诚
¥15 slaris 系统断电后，重新开机后一直自动重启
¥15 QTableWidget重绘程序崩溃
¥15 谁能帮我看看这拒稿理由啥意思啊阿啊
¥15 关于vue2中methods使用call修改this指向的问题
¥15 idea自动补全键位冲突
¥15 请教一下写代码，代码好难
¥15 iis10中如何阻止别人网站重定向到我的网站

码龄粉丝数原力等级 --

如何使用php检测和禁止攻击ips

2条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

如何使用php检测和禁止攻击ips

2条回答 默认 最新

悬赏问题

2条回答默认最新