Shulou(Shulou.com)06/03 Report--

This article mainly shows you "how to achieve anti-brushing tickets based on PHP", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "how to achieve anti-brushing tickets based on PHP" this article.

Ticket brushing has always been a difficult problem and can not be fundamentally prevented.

But we can minimize the damage caused by ticket brushing, for example, through artificially increased logical restrictions.

Based on PHP, here are some tips for anti-brushing tickets:

1. Use CURL for information forgery

$ch = curl_init ()

Curl_setopt ($ch, CURLOPT_URL, "http://localhost/2.php");"

Curl_setopt ($ch, CURLOPT_HTTPHEADER, array ('Xmuri FORWARDED FORDA 8.8.8.8 CLIENT-IP:8.8.8.8'))

Curl_setopt ($ch, CURLOPT_REFERER, "http://localhost/")

Curl_setopt ($ch, CURLOPT_HEADER, 1)

Curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.0)")

$out = curl_exec ($ch)

Curl_close ($ch)

2. CAPTCHA: use very complex CAPTCHA

To be exact, the emergence of CAPTCHA is not for people, but for machines. Through the control of complexity and recognition difficulty to block part of the ticket brushing machine, so as to reduce the occurrence of ticket brushing. However, with the development of software technology and identification technology, more and more CAPTCHA codes have lost their preventive role in the face of advanced ticket brushing software, but professional ticket brushing machines can be broken. If the CAPTCHA is not used, the voting is basically closed. The CAPTCHA is obtained by asynchronous loading, that is, the request is made only when the input box is clicked. After the vote is successful, delete the Session of the CAPTCHA.

3. Limited time voting

For example, from 8: 00 a.m. to 23:00

4. Set the voting interval

How long will it take for users to continue to vote after they have voted?

Many polling sites basically have this restriction, but there is no way to change the IP attack.

5. Voting results display: delayed display, friendly display

Vote on the page, JS immediately add 1, but refresh the page, not necessarily immediately show the latest voting results, return the status to the page (thank you for your vote! Or win the vote! As for whether it has been successful or not, I said otherwise! )

6. Deduction logic: it is common in votes such as software selection.

This is a killer's mace. The background script monitors the abnormal growth (ticket brushing) in real time, and then implements the deduction logic.

That is to say, for this item, 10 votes can be counted as one vote.

7. Cookie: a commonly used means. Relatively low-level

After voting, write Cookie on the client side, and determine whether Cookie exists in the next vote.

However, this approach is very easy to break because Cookie can be deleted

8. Encryption option ID: randomly encrypt the ID of some voting options

Encryption algorithm, add Salt, and set the valid time, such as within 5 minutes

The server decrypts and verifies

9. Nginx limits the number of links

Ngx_http_limit_conn_module

Ngx_http_limit_req_module

Nginx_limit_speed_module

You can use these three modules to limit, but this is not a good solution.

10. Iptables restrictions

/ sbin/iptables-An INPUT-p tcp-- dport 80-- syn-m recent-- name webpool-- rcheck-- seconds 60-- hitcount 10-j DROP

/ sbin/iptables-An INPUT-p tcp-- dport 80-- syn-m recent-- name webpool-- set-j ACCEPT

/ sbin/iptables-t filter-An INPUT-p tcp--dport 80-- tcp-flags FIN,SYN,RST,ACK SYN-m connlimit--connlimit-above 10-- connlimit-mask

32-j REJECT

Specific script

#! / bin/bash# Date: 2015-09-29 # # Author: cpz@erongtu.comshopt-s-o nounsetexport PATH=/usr/bin/:/biniptables_log= "/ tmp/iptables_conf.log" / sbin/iptables-An INPUT-p tcp-- dport 80-- syn-m recent-- name webpool-- rcheck-- seconds 60-- hitcount 10-j DROP/sbin/iptables-An INPUT-p tcp-- dport 80-- syn-m recent-name webpool-- set-j ACCEPT/sbin / iptables-t filter-An INPUT-p tcp--dport 80-- tcp-flags FIN SYN,RST,ACK SYN-m connlimit--connlimit-above 10-- connlimit-mask 32-j REJECTwhile [true] Do # sleep 1 for IP in `netstat-an | grep-I': 80'| grep 'ESTAB' | awk' {print $5}'| cut-d:-f 1 | sort | uniq-c | awk'{if ($1 > 30 & & $2mm = "127.0.0.1") {print $2} '`do / sbin/iptables-L-n | grep $IP > / dev/null | / sbin/iptables-An INPUT-p tcp-- dport 80-s $IP-j DROP Echo "/ sbin/iptables-An INPUT-p tcp-s $IP-j DROP" > ${iptables_log} donedone are all the contents of the article "how to implement Anti-brushing tickets based on PHP" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.