He lā maikaʻi! Ma ka ʻatikala e haʻi aku wau iā ʻoe pehea e hiki ai i nā mea hoʻohana o ka hoʻokipa maʻamau ke hopu i nā IP address e hoʻoulu ai i ka ukana nui ma ka pūnaewele a laila e kāohi iā lākou me ka hoʻohana ʻana i nā mea hoʻokipa, e loaʻa kahi "liʻiliʻi" o ka code php, kekahi mau screenshots.
ʻIkepili hoʻokomo:
- Hana ʻia ka pūnaewele ma CMS WordPress
- ʻO Hosting Beget (ʻaʻole kēia he hoʻolaha, akā ʻo nā kiʻi kiʻi admin panel e loaʻa mai kēia mea hoʻolako kikowaena)
- Ua hoʻokuʻu ʻia ka pūnaewele WordPress ma kahi o ka makahiki 2000 a he nui nā ʻatikala a me nā mea
- PHP mana 7.2
- Loaʻa iā WP ka mana hou loa
- No kekahi manawa i kēia manawa, ua hoʻomaka ka pūnaewele e hoʻoulu i kahi ukana kiʻekiʻe ma MySQL e like me ka ʻikepili hoʻokipa. I kēlā me kēia lā ua ʻoi aku kēia waiwai ma mua o 120% o ka mea maʻamau no kēlā me kēia helu
- Wahi a Yandex. Kiʻi ʻia ka pūnaewele Metrica e 100-200 poʻe i kēlā me kēia lā
ʻO ka mea mua, ua hana ʻia kēia:
- Hoʻomaʻemaʻe ʻia nā papa waihona waihona mai nā ʻōpala i hōʻiliʻili ʻia
- Ua hoʻopau ʻia nā plugins pono ʻole, ua wehe ʻia nā ʻāpana o nā code kahiko
I ka manawa like, makemake wau e huki i kou manaʻo i ka ʻoiaʻiʻo ua hoʻāʻo ʻia nā koho caching (caching plugins), ua hana ʻia nā nānā - akā ʻaʻole i loli ka ukana o 120% mai kahi pūnaewele a hiki ke ulu wale.
He aha ke ʻano o ka ukana ma luna o nā waihona waihona
Aia ma luna ka paena i nīnau ʻia, aia ma lalo iho nā pūnaewele ʻē aʻe i like nā cms like a me ke ʻano like o ke kaʻa, akā e hoʻemi i ka ukana.
ʻIkepili
- Nui nā hoʻāʻo ʻana me nā koho caching data, ua mālama ʻia ka nānā ʻana i nā pule he nui (ʻo ka mea pōmaikaʻi, i kēia manawa ʻaʻole i kākau mai ka mea hoʻokipa iaʻu he ʻino loa wau a e kāpae ʻia)
- Loaʻa ka nānā ʻana a me ka ʻimi ʻana i nā nīnau lohi, a laila ua hoʻololi iki ke ʻano o ka waihona waihona a me ke ʻano papa
- No ka nānā ʻana, ua hoʻohana mua mākou i nā AWStats i kūkulu ʻia (ma ke ala, ua kōkua ia i ka helu ʻana i ka helu IP maikaʻi loa e pili ana i ka nui o ke kaʻa.
- Metric - hāʻawi ka metric i ka ʻike e pili ana i nā kānaka wale nō, ʻaʻole e pili ana i nā bots
- Ua hoʻāʻo ʻia e hoʻohana i nā plugins no WP hiki ke kānana a hoʻopaʻa i nā malihini ma o ka ʻāina o kahi a me nā hui like ʻole
- ʻO kahi ala radical loa i hoʻololi ʻia e pani i ka pūnaewele no kahi lā me ka memo "Ke mālama nei mākou" - ua hana pū ʻia me ka hoʻohana ʻana i ka plugin kaulana. I kēia hihia, manaʻo mākou e hāʻule ka ukana, ʻaʻole naʻe i nā kumu waiwai ʻole, no ka mea, ua hoʻokumu ʻia ka manaʻo WP i nā makau a hoʻomaka nā plugins i kā lākou hana i ka wā e loaʻa ai kahi "hook", a ma mua o ka hiki ʻana o ka "hook", hiki ke noi i ka waihona. ua hana ʻia
Manaʻo
- E helu i nā helu IP e hana nui i nā noi i kahi manawa pōkole.
- E hoʻopaʻa i ka helu o nā hits i ka pūnaewele
- Kāohi i ke komo ʻana i ka pūnaewele ma muli o ka helu o nā hits
- Hoʻopaʻa me ka hoʻohana ʻana i ke komo "Hoʻole mai" i ka faila .htaccess
- ʻAʻole wau i noʻonoʻo i nā koho ʻē aʻe, e like me nā iptables a me nā lula no Nginx, no ka mea ke kākau nei wau e pili ana i ka hoʻokipa
Ua puka mai kahi manaʻo, no laila pono e hoʻokō ʻia, me ka ʻole o kēia...
- Ke hana nei i nā papa e hōʻiliʻili i ka ʻikepili
CREATE TABLE `wp_visiters_bot` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NULL DEFAULT NULL, `browser` VARCHAR(500) NULL DEFAULT NULL, `cnt` INT(11) NULL DEFAULT NULL, `request` TEXT NULL, `input` TEXT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='Кандидаты для блокировки' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=1;CREATE TABLE `wp_visiters_bot_blocked` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NOT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='Список уже заблокированных' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=59;CREATE TABLE `wp_visiters_bot_history` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NULL DEFAULT NULL, `browser` VARCHAR(500) NULL DEFAULT NULL, `cnt` INT(11) NULL DEFAULT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `data_add` DATETIME NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='История всех запросов для дебага' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=1; - E hana mākou i faila kahi e kau ai mākou i ke code. E hoʻopaʻa ʻia ke code i nā papa moho ālai a mālama i kahi mōʻaukala no ka hoʻopau ʻana.
Kōnae waihona no ka hoʻopaʻa ʻana i nā helu IP
<?php if (!defined('ABSPATH')) { return; } global $wpdb; /** * Вернёт конкретный IP адрес посетителя * @return boolean */ function coderun_get_user_ip() { $client_ip = ''; $address_headers = array( 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR', ); foreach ($address_headers as $header) { if (array_key_exists($header, $_SERVER)) { $address_chain = explode(',', $_SERVER[$header]); $client_ip = trim($address_chain[0]); break; } } if (!$client_ip) { return ''; } if ('0.0.0.0' === $client_ip || '::' === $client_ip || $client_ip == 'unknown') { return ''; } return $client_ip; } $ip = esc_sql(coderun_get_user_ip()); // IP адрес посетителя if (empty($ip)) {// Нет IP, ну и идите лесом... header('Content-type: application/json;'); die('Big big bolt....'); } $browser = esc_sql($_SERVER['HTTP_USER_AGENT']); //Данные для анализа браузера $request = esc_sql(wp_json_encode($_REQUEST)); //Последний запрос который был к сайту $input = esc_sql(file_get_contents('php://input')); //Тело запроса, если было $cnt = 1; //Запрос в основную таблицу с временными кондидатами на блокировку $query = <<<EOT INSERT INTO wp_visiters_bot (`ip`,`browser`,`cnt`,`request`,`input`) VALUES ('{$ip}','{$browser}','{$cnt}','{$request}','$input') ON DUPLICATE KEY UPDATE cnt=cnt+1,request=VALUES(request),input=VALUES(input),browser=VALUES(browser) EOT; //Запрос для истории $query2 = <<<EOT INSERT INTO wp_visiters_bot_history (`ip`,`browser`,`cnt`) VALUES ('{$ip}','{$browser}','{$cnt}') ON DUPLICATE KEY UPDATE cnt=cnt+1,browser=VALUES(browser) EOT; $wpdb->query($query); $wpdb->query($query2);ʻO ke kumu o ke code ʻo ia ka loaʻa ʻana o ka helu IP o ka malihini a kākau iā ia i loko o kahi pākaukau. Inā aia ka ip i ka papaʻaina, e hoʻonui ʻia ke kahua cnt (ka helu o nā noi i ka pūnaewele)
- ʻO kēia ka mea weliweli ... I kēia manawa e puhi lākou iaʻu no kaʻu mau hana :)
No ka hoʻopaʻa ʻana i kēlā me kēia noi i ka pūnaewele, hoʻopili mākou i ke code file i ka faila WordPress nui - wp-load.php. ʻAe, hoʻololi mākou i ka faila kernel a ma hope o ka loaʻa ʻana o ka $ wpdb
No laila, i kēia manawa hiki iā mākou ke ʻike i ka manawa pinepine i hōʻailona ʻia ai kēia a i ʻole kēlā IP address i kā mākou papaʻaina a me kahi kīʻaha kofe mākou e nānā ai ma laila i kēlā me kēia 5 mau minuke e hoʻomaopopo i ke kiʻi.
A laila kope wale i ka IP "pōʻino", wehe i ka faila .htaccess a hoʻohui i ka hopena o ka faila.
Order allow,deny
Allow from all
# start_auto_deny_list
Deny from 94.242.55.248
# end_auto_deny_list
ʻO ia, i kēia manawa 94.242.55.248 - ʻaʻole i loaʻa i ka pūnaewele a ʻaʻole hoʻopuka i ka ukana ma ka waihona.
Akā ʻo kēlā me kēia manawa ke kope ʻana me ka lima e like me kēia, ʻaʻole ia he hana pono loa, a ʻo ia hoʻi, ua manaʻo ʻia ke code e lilo i autonomous.
E hoʻohui i kahi faila e hoʻokō ʻia ma CRON i kēlā me kēia 30 mau minuke:
E hoʻololi ana i ke code file .htaccess
<?php
/**
* Файл автоматического задания блокировок по IP адресу
* Должен запрашиваться через CRON
*/
if (empty($_REQUEST['key'])) {
die('Hello');
}
require('wp-load.php');
global $wpdb;
$limit_cnt = 70; //Лимит запросов по которым отбирать
$deny_table = $wpdb->get_results("SELECT * FROM wp_visiters_bot WHERE cnt>{$limit_cnt}");
$new_blocked = [];
$exclude_ip = [
'87.236.16.70'//адрес хостинга
];
foreach ($deny_table as $result) {
if (in_array($result->ip, $exclude_ip)) {
continue;
}
$wpdb->insert('wp_visiters_bot_blocked', ['ip' => $result->ip], ['%s']);
}
$deny_table_blocked = $wpdb->get_results("SELECT * FROM wp_visiters_bot_blocked");
foreach ($deny_table_blocked as $blocked) {
$new_blocked[] = $blocked->ip;
}
//Очистка таблицы
$wpdb->query("DELETE FROM wp_visiters_bot");
//echo '<pre>';print_r($new_blocked);echo '</pre>';
$file = '.htaccess';
$start_searche_tag = 'start_auto_deny_list';
$end_searche_tag = 'end_auto_deny_list';
$handle = @fopen($file, "r");
if ($handle) {
$replace_string = '';//Тест для вставки в файл .htaccess
$target_content = false; //Флаг нужного нам участка кода
while (($buffer = fgets($handle, 4096)) !== false) {
if (stripos($buffer, 'start_auto_deny_list') !== false) {
$target_content = true;
continue;
}
if (stripos($buffer, 'end_auto_deny_list') !== false) {
$target_content = false;
continue;
}
if ($target_content) {
$replace_string .= $buffer;
}
}
if (!feof($handle)) {
echo "Ошибка: fgets() неожиданно потерпел неудачуn";
}
fclose($handle);
}
//Текущий файл .htaccess
$content = file_get_contents($file);
$content = str_replace($replace_string, '', $content);
//Очищаем все блокировки в файле .htaccess
file_put_contents($file, $content);
//Запись новых блокировок
$str = "# {$start_searche_tag}" . PHP_EOL;
foreach ($new_blocked as $key => $value) {
$str .= "Deny from {$value}" . PHP_EOL;
}
file_put_contents($file, str_replace("# {$start_searche_tag}", $str, file_get_contents($file)));
He mea maʻalahi a maʻalahi ka faila file a ʻo kona manaʻo nui e lawe i nā moho no ka pale ʻana a hoʻokomo i nā lula pale i ka faila .htaccess ma waena o nā manaʻo.
# hoʻomaka_auto_deny_list a # end_auto_deny_list
I kēia manawa ua pale ʻia nā IP "pōʻino" e lākou iho, a ʻo ka faila .htaccess e like me kēia:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Order allow,deny
Allow from all
# start_auto_deny_list
Deny from 94.242.55.248
Deny from 207.46.13.122
Deny from 66.249.64.164
Deny from 54.209.162.70
Deny from 40.77.167.86
Deny from 54.146.43.69
Deny from 207.46.13.168
....... ниже другие адреса
# end_auto_deny_list
ʻO ka hopena, ma hope o ka hoʻomaka ʻana o kēia code, hiki iā ʻoe ke ʻike i ka hopena ma ka papa hoʻokipa:
PS: Na ka mea kākau ka mea, ʻoiai ua paʻi au i kahi hapa o ia mea ma kaʻu pūnaewele, ua loaʻa iaʻu kahi mana i hoʻonui ʻia ma Habre.
Source: www.habr.com