Ina kwana! A cikin labarin zan gaya muku yadda masu amfani da hosting na yau da kullun za su iya kama adiresoshin IP waɗanda ke haifar da nauyi mai yawa akan rukunin yanar gizon sannan kuma su toshe su ta amfani da kayan aikin talla, za a sami “kadan” na php code, ƴan hotunan kariyar kwamfuta.
Bayanan shigarwa:
- Yanar Gizo da aka ƙirƙira akan CMS WordPress
- Hosting Beget (wannan ba talla ba ne, amma hotunan allo na gudanarwa za su kasance daga wannan mai ba da sabis na musamman)
- An ƙaddamar da shafin yanar gizon WordPress a wani wuri a farkon 2000 kuma yana da adadi mai yawa na labarai da kayan aiki
- PHP 7.2
- WP yana da sabon sigar
- Na ɗan lokaci yanzu, rukunin yanar gizon ya fara haifar da babban nauyi akan MySQL bisa ga bayanan baƙi. Kowace rana wannan ƙimar ta wuce 120% na al'ada a kowane asusu
- A cewar Yandex. Mutane 100-200 suna ziyartar shafin Metrica kowace rana
Da farko dai an yi haka:
- An share teburin bayanai daga tarin datti
- An kashe plugin ɗin da ba dole ba, an cire ɓangarori na tsohuwar lambar
A lokaci guda, Ina so in jawo hankalin ku ga gaskiyar cewa an gwada zaɓuɓɓukan caching (caching plugins), an yi abubuwan lura - amma nauyin 120% daga rukunin yanar gizon ɗaya bai canza ba kuma yana iya girma kawai.
Yadda kimanin nauyi akan rumbun adana bayanai yayi kama
A saman akwai rukunin yanar gizon da ake tambaya, a ƙasa akwai wasu rukunin yanar gizo waɗanda ke da cms iri ɗaya kuma kusan zirga-zirga iri ɗaya, amma ƙirƙirar ƙarancin kaya.
Анализ
- An yi ƙoƙari da yawa tare da zaɓuɓɓukan caching na bayanai, an gudanar da lura a cikin makonni da yawa (an yi sa'a, a wannan lokacin hosting bai taɓa rubuta mini cewa na yi muni sosai ba kuma za a cire ni)
- Akwai bincike da bincike don jinkirin queries, sannan tsarin bayanai da nau'in tebur an ɗan canza su
- Don bincike, da farko mun yi amfani da ginanniyar AWStats (a hanya, ya taimaka wajen ƙididdige mafi munin adireshin IP dangane da ƙarar zirga-zirga.
- Metric - ma'aunin yana ba da bayanai game da mutane kawai, ba game da bots ba
- An yi ƙoƙarin yin amfani da plugins don WP wanda zai iya tacewa da toshe baƙi har ma da ƙasar wuri da haɗuwa daban-daban
- Wata hanya mai tsattsauran ra'ayi ta juya ta zama don rufe rukunin yanar gizon na kwana ɗaya tare da bayanin "Muna ƙarƙashin kulawa" - an kuma yi wannan ta amfani da sanannen plugin. A wannan yanayin, muna sa ran nauyin ya sauke, amma ba ga darajar sifili ba, tun da akidar WP ta dogara ne akan ƙugiya kuma plugins sun fara aikin su lokacin da "ƙugiya" ya faru, kuma kafin "ƙugiya" ya faru, buƙatun zuwa ga bayanai na iya. riga an yi
Idea
- Yi lissafin adiresoshin IP waɗanda ke yin buƙatu da yawa a cikin ɗan gajeren lokaci.
- Yi rikodin adadin hits zuwa rukunin yanar gizon
- Toshe damar shiga rukunin yanar gizon bisa yawan hits
- Toshe ta amfani da shigarwar "Karya daga" a cikin fayil .htaccess
- Ban yi la'akari da wasu zaɓuɓɓuka ba, kamar iptables da dokoki don Nginx, saboda ina rubutu game da hosting
Wani ra'ayi ya bayyana, don haka yana buƙatar aiwatar da shi, kamar yadda ba tare da wannan ba ...
- Ƙirƙirar teburi don tara bayanai
CREATE TABLE `wp_visiters_bot` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NULL DEFAULT NULL, `browser` VARCHAR(500) NULL DEFAULT NULL, `cnt` INT(11) NULL DEFAULT NULL, `request` TEXT NULL, `input` TEXT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='Кандидаты для блокировки' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=1;CREATE TABLE `wp_visiters_bot_blocked` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NOT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='Список уже заблокированных' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=59;CREATE TABLE `wp_visiters_bot_history` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NULL DEFAULT NULL, `browser` VARCHAR(500) NULL DEFAULT NULL, `cnt` INT(11) NULL DEFAULT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `data_add` DATETIME NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='История всех запросов для дебага' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=1; - Bari mu ƙirƙiri fayil ɗin da za mu sanya lambar a ciki. Lambar za ta yi rikodin a cikin allunan toshewar ɗan takara kuma ta adana tarihi don yin kuskure.
Lambar fayil don yin rikodin adiresoshin IP
<?php if (!defined('ABSPATH')) { return; } global $wpdb; /** * Вернёт конкретный IP адрес посетителя * @return boolean */ function coderun_get_user_ip() { $client_ip = ''; $address_headers = array( 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR', ); foreach ($address_headers as $header) { if (array_key_exists($header, $_SERVER)) { $address_chain = explode(',', $_SERVER[$header]); $client_ip = trim($address_chain[0]); break; } } if (!$client_ip) { return ''; } if ('0.0.0.0' === $client_ip || '::' === $client_ip || $client_ip == 'unknown') { return ''; } return $client_ip; } $ip = esc_sql(coderun_get_user_ip()); // IP адрес посетителя if (empty($ip)) {// Нет IP, ну и идите лесом... header('Content-type: application/json;'); die('Big big bolt....'); } $browser = esc_sql($_SERVER['HTTP_USER_AGENT']); //Данные для анализа браузера $request = esc_sql(wp_json_encode($_REQUEST)); //Последний запрос который был к сайту $input = esc_sql(file_get_contents('php://input')); //Тело запроса, если было $cnt = 1; //Запрос в основную таблицу с временными кондидатами на блокировку $query = <<<EOT INSERT INTO wp_visiters_bot (`ip`,`browser`,`cnt`,`request`,`input`) VALUES ('{$ip}','{$browser}','{$cnt}','{$request}','$input') ON DUPLICATE KEY UPDATE cnt=cnt+1,request=VALUES(request),input=VALUES(input),browser=VALUES(browser) EOT; //Запрос для истории $query2 = <<<EOT INSERT INTO wp_visiters_bot_history (`ip`,`browser`,`cnt`) VALUES ('{$ip}','{$browser}','{$cnt}') ON DUPLICATE KEY UPDATE cnt=cnt+1,browser=VALUES(browser) EOT; $wpdb->query($query); $wpdb->query($query2);Mahimman lambar shine samun adireshin IP na baƙo kuma a rubuta ta cikin tebur. Idan ip ya riga ya kasance a cikin tebur, za a ƙara filin cnt (yawan buƙatun zuwa rukunin yanar gizon)
- Yanzu abin ban tsoro... Yanzu za su ƙone ni saboda ayyukana :)
Don yin rikodin kowace buƙata zuwa rukunin yanar gizon, muna haɗa lambar fayil zuwa babban fayil ɗin WordPress - wp-load.php. Ee, muna canza fayil ɗin kernel kuma daidai bayan an riga an sami canjin $wpdb na duniya
Don haka, yanzu za mu iya ganin sau nawa wannan ko waccan adireshin IP ɗin aka yi alama a cikin tebur ɗinmu kuma tare da kofi na kofi muna duba wurin sau ɗaya kowane minti 5 don fahimtar hoton.
Sa'an nan kawai kwafi IP na "mai cutarwa", buɗe fayil ɗin .htaccess kuma ƙara shi zuwa ƙarshen fayil ɗin.
Order allow,deny
Allow from all
# start_auto_deny_list
Deny from 94.242.55.248
# end_auto_deny_list
Shi ke nan, yanzu 94.242.55.248 - ba shi da damar shiga rukunin yanar gizon kuma baya haifar da kaya akan bayanan
Amma duk lokacin da aka kwafa da hannu irin wannan ba aiki ne na adalci ba, kuma baya ga haka, an yi nufin code ɗin ya zama mai cin gashin kansa.
Bari mu ƙara fayil ɗin da za a aiwatar ta hanyar CRON kowane minti 30:
Ana gyara lambar fayil .htaccess
<?php
/**
* Файл автоматического задания блокировок по IP адресу
* Должен запрашиваться через CRON
*/
if (empty($_REQUEST['key'])) {
die('Hello');
}
require('wp-load.php');
global $wpdb;
$limit_cnt = 70; //Лимит запросов по которым отбирать
$deny_table = $wpdb->get_results("SELECT * FROM wp_visiters_bot WHERE cnt>{$limit_cnt}");
$new_blocked = [];
$exclude_ip = [
'87.236.16.70'//адрес хостинга
];
foreach ($deny_table as $result) {
if (in_array($result->ip, $exclude_ip)) {
continue;
}
$wpdb->insert('wp_visiters_bot_blocked', ['ip' => $result->ip], ['%s']);
}
$deny_table_blocked = $wpdb->get_results("SELECT * FROM wp_visiters_bot_blocked");
foreach ($deny_table_blocked as $blocked) {
$new_blocked[] = $blocked->ip;
}
//Очистка таблицы
$wpdb->query("DELETE FROM wp_visiters_bot");
//echo '<pre>';print_r($new_blocked);echo '</pre>';
$file = '.htaccess';
$start_searche_tag = 'start_auto_deny_list';
$end_searche_tag = 'end_auto_deny_list';
$handle = @fopen($file, "r");
if ($handle) {
$replace_string = '';//Тест для вставки в файл .htaccess
$target_content = false; //Флаг нужного нам участка кода
while (($buffer = fgets($handle, 4096)) !== false) {
if (stripos($buffer, 'start_auto_deny_list') !== false) {
$target_content = true;
continue;
}
if (stripos($buffer, 'end_auto_deny_list') !== false) {
$target_content = false;
continue;
}
if ($target_content) {
$replace_string .= $buffer;
}
}
if (!feof($handle)) {
echo "Ошибка: fgets() неожиданно потерпел неудачуn";
}
fclose($handle);
}
//Текущий файл .htaccess
$content = file_get_contents($file);
$content = str_replace($replace_string, '', $content);
//Очищаем все блокировки в файле .htaccess
file_put_contents($file, $content);
//Запись новых блокировок
$str = "# {$start_searche_tag}" . PHP_EOL;
foreach ($new_blocked as $key => $value) {
$str .= "Deny from {$value}" . PHP_EOL;
}
file_put_contents($file, str_replace("# {$start_searche_tag}", $str, file_get_contents($file)));
Lambar fayil ɗin abu ne mai sauƙi kuma na farko kuma babban ra'ayinsa shine ɗaukar 'yan takara don toshewa da shigar da ka'idojin toshewa a cikin fayil ɗin .htaccess tsakanin sharhi.
# fara_kai_kasancewa_jerin da # karshen_jerin_karya_kai_kai
Yanzu an katange IPs "mai lahani" da kansu, kuma fayil ɗin .htaccess yayi kama da wani abu kamar haka:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Order allow,deny
Allow from all
# start_auto_deny_list
Deny from 94.242.55.248
Deny from 207.46.13.122
Deny from 66.249.64.164
Deny from 54.209.162.70
Deny from 40.77.167.86
Deny from 54.146.43.69
Deny from 207.46.13.168
....... ниже другие адреса
# end_auto_deny_list
Sakamakon haka, bayan wannan lambar ta fara aiki, zaku iya ganin sakamakon a cikin rukunin yanar gizon:
PS: Kayan na marubucin ne, ko da yake na buga wani ɓangare na shi akan gidan yanar gizona, na sami ƙarin fa'ida akan Habre.
source: www.habr.com