Jump to content

flood protector

RobertP

By RobertP
in Application Design

 Share

Recommended Posts

RobertP Regular Member

RobertP

Posted
Posted

i know there is a better way, but this is what i have.

the reason i don't want to use sessions, is because you can simply clean your cookies, refresh page.

also, i don't think bots / attackers even hold cookies.

 

//flood protector.
$floodFile = 'flood.txt';
$floodInterval = 1;
$floodTime = array_sum(explode(' ',microtime()));
$floodDataRaw = explode(';',(is_file($floodFile)) ? file_get_contents($floodFile) : null);
$floodData = array();
foreach($floodDataRaw as $raw){
$raw = explode(',',$raw);
$floodData[$raw[0]] = $raw[1];
}
foreach($floodData as $ip => $time){
if($_SERVER['REMOTE_ADDR']==$ip){
	if(($time+$floodInterval)>$floodTime)
		exit('Flood Protector');
	unset($floodData[$ip]);
}
if(($time+($floodInterval*10))<$floodTime)
	unset($floodData[$ip]);
}
$floodData[$_SERVER['REMOTE_ADDR']] = $floodTime;
if(count($floodData)>0){
$fileData = array();
foreach($floodData as $ip => $time)
	if($ip!=null)
		$fileData[] = $ip.','.$time;
file_put_contents($floodFile,implode(';',$fileData));
}
print_r($floodData);
//===============

 

flood.txt

127.0.0.1,1322205164.8157;127.0.0.2,1322205134.2344

Link to comment
Share on other sites
thehippy Newbie

thehippy

Posted
Posted

Your script will eat up memory as it currently sits, one small botnet sending requests will have that script firing off, reading that file, writing to that file and as the file gets bigger your script reads the entire thing in memory and it won't be long until you're getting out of memory errors. 

 

Its admirable to try to fix this problem as you see it, but the solution is just not suited to a php script.  Even if your script didn't have that problem I would suggest moving your flood protection elsewhere.  PHP sits atop Apache, Apache sits on HTTP and HTTP relies on the network layer, its better to nip the problem down in the network layer.  DDoS (typically SYN flooding) protection is best done by your provider with a packet inspecting firewall appliance.  But sometimes that's not available or the service is too much, the server's own firewall could be a solution but its not ideal, a proxy server or the switch its connected to would be better.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.