开发者

is it possible to stop an automated request from particular ip

I am getting automated request from some ips i have blocked the IP now its coming from some other IP.

Is开发者_StackOverflow it possible to detect the automated request and block the IP programtically?


Try to block the IP subnet. Also, you can use CAPTCHA to prevent automated requests.


While I think its better to handle this using a firewall, you could insert time in the execution of the script using sleep(). Amounts less than 100ms won't make a difference to your users, but can seriously reduce the effectiveness of automated attacks. Again, I would attack it using appropriate firewall rules, but this can be an effective hack in the mean time.


One thing you can do is to track the IPs of your last X visitors (100/1000/10K, etc) and include timestamps. If there are too many actions within a given time frame, you can disable or discontinue functionality of your pages.

To do this all...

1) You'll need a php file included in every page of your side that performs the check to see if the requester IP is not "banned". Simply build your criteria and have it pull info from the database. If they are to be "blocked" or "banned", just use header() (or similar) to deny access. http://php.net/manual/en/function.header.php

2) To capture the IP, you will need to use $_SERVER['REMOTE_ADDR'] to obtain the IP address of the current client.

http://php.net/manual/en/reserved.variables.server.php


You may also like to deal with them at network layer using good old iptables. More info:

http://www.cyberciti.biz/faq/iptables-connection-limits-howto/

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜