Nyob zoo! Nyob rau hauv tsab xov xwm kuv yuav qhia koj li cas cov neeg siv ntawm ib txwm hosting tuaj yeem ntes IP chaw nyob uas tsim kom muaj ntau dhau ntawm lub xaib thiab tom qab ntawd thaiv lawv siv cov cuab yeej hosting, yuav muaj "me ntsis" ntawm php code, ob peb screenshots.
Cov ntaub ntawv nkag:
- Lub vev xaib tsim los ntawm CMS WordPress
- Hosting Beget (qhov no tsis yog ib qho kev tshaj tawm, tab sis tus thawj tswj hwm vaj huam sib luag screenshots yuav yog los ntawm cov chaw muab kev pabcuam tshwj xeeb no)
- Lub vev xaib WordPress tau pib ua qhov chaw thaum ntxov 2000 thiab muaj ntau cov khoom thiab cov ntaub ntawv
- PHP version 7.2
- WP muaj qhov tseeb version
- Rau qee lub sijhawm tam sim no, lub vev xaib pib tsim kom muaj kev thauj khoom siab ntawm MySQL raws li cov ntaub ntawv hosting. Txhua hnub tus nqi no tshaj 120% ntawm cov cai hauv ib tus account
- Raws li Yandex. Metrica site yog mus xyuas los ntawm 100-200 tus neeg ib hnub
Ua ntej tshaj plaws, qhov no tau ua tiav:
- Cov rooj ntaub ntawv tau raug tshem tawm ntawm cov khib nyiab
- Cov plugins tsis tsim nyog tau raug kaw, ntu ntawm cov lej dhau los raug tshem tawm
Nyob rau tib lub sijhawm, kuv xav kos koj cov xim rau qhov tseeb tias caching xaiv (caching plugins) tau sim, kev soj ntsuam tau ua - tab sis cov load ntawm 120% ntawm ib qhov chaw tsis hloov pauv thiab tuaj yeem loj hlob xwb.
Qhov kwv yees li cas ntawm cov ntaub ntawv hosting zoo li
Nyob rau sab saum toj yog qhov chaw nyob rau hauv nqe lus nug, tsuas yog hauv qab no yog lwm qhov chaw uas muaj tib cms thiab kwv yees li tib lub tsheb, tab sis tsim tsawg dua load.
ΠΠ½Π°Π»ΠΈΠ·
- Ntau qhov kev sim tau ua nrog cov ntaub ntawv caching xaiv, kev soj ntsuam tau ua tiav ntau lub lis piam (zoo hmoo, lub sijhawm no lub hosting yeej tsis tau sau ntawv rau kuv tias kuv phem heev thiab yuav raug txiav tawm)
- Muaj kev tsom xam thiab tshawb nrhiav cov lus nug qeeb, tom qab ntawd cov qauv database thiab cov lus tau hloov me ntsis
- Rau kev tsom xam, peb feem ntau siv cov built-in AWStats (los ntawm txoj kev, nws tau pab xam qhov phem IP chaw nyob raws li cov tsheb khiav ceev.
- Metric - lub metric muab cov ntaub ntawv tsuas yog hais txog tib neeg, tsis yog hais txog bots
- Muaj kev sim siv plugins rau WP uas tuaj yeem lim thiab thaiv cov neeg tuaj saib txawm nyob hauv lub tebchaws ntawm qhov chaw thiab ntau qhov sib txuas
- Ib txoj kev radical kiag li tau los ua kom kaw qhov chaw rau ib hnub nrog daim ntawv "Peb tab tom saib xyuas" - qhov no kuj tau ua tiav siv lub npe nrov plugin. Nyob rau hauv cov ntaub ntawv no, peb cia siab tias lub load yuav poob, tab sis tsis mus rau xoom qhov tseem ceeb, txij li thaum WP ideology yog raws li nyob rau hauv hooks thiab plugins pib lawv cov dej num thaum ib tug "hook" tshwm sim, thiab ua ntej lub "hook" tshwm sim, thov mus rau lub database muaj peev xwm. xa ua
Lub tswv yim
- Xam IP chaw nyob uas ua rau ntau qhov kev thov hauv lub sijhawm luv luv.
- Sau tus naj npawb ntawm hits rau ntawm qhov chaw
- Thaiv kev nkag mus rau lub xaib raws li tus naj npawb ntawm hits
- Thaiv siv qhov "Tsis lees paub los ntawm" nkag hauv cov ntaub ntawv .htaccess
- Kuv tsis tau xav txog lwm yam kev xaiv, xws li iptables thiab cov cai rau Nginx, vim kuv tau sau txog hosting
Ib lub tswv yim tau tshwm sim, yog li nws yuav tsum tau ua, zoo li tsis muaj qhov no ...
- Tsim cov ntxhuav los khaws cov ntaub ntawv
CREATE TABLE `wp_visiters_bot` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NULL DEFAULT NULL, `browser` VARCHAR(500) NULL DEFAULT NULL, `cnt` INT(11) NULL DEFAULT NULL, `request` TEXT NULL, `input` TEXT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='ΠΠ°Π½Π΄ΠΈΠ΄Π°ΡΡ Π΄Π»Ρ Π±Π»ΠΎΠΊΠΈΡΠΎΠ²ΠΊΠΈ' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=1;CREATE TABLE `wp_visiters_bot_blocked` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NOT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='Π‘ΠΏΠΈΡΠΎΠΊ ΡΠΆΠ΅ Π·Π°Π±Π»ΠΎΠΊΠΈΡΠΎΠ²Π°Π½Π½ΡΡ ' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=59;CREATE TABLE `wp_visiters_bot_history` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `ip` VARCHAR(300) NULL DEFAULT NULL, `browser` VARCHAR(500) NULL DEFAULT NULL, `cnt` INT(11) NULL DEFAULT NULL, `data_update` DATETIME NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `data_add` DATETIME NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE INDEX `ip` (`ip`) ) COMMENT='ΠΡΡΠΎΡΠΈΡ Π²ΡΠ΅Ρ Π·Π°ΠΏΡΠΎΡΠΎΠ² Π΄Π»Ρ Π΄Π΅Π±Π°Π³Π°' COLLATE='utf8_general_ci' ENGINE=InnoDB AUTO_INCREMENT=1; - Cia peb tsim ib cov ntaub ntawv uas peb yuav tso cai. Cov cai yuav sau rau hauv thaiv cov rooj sib tw thiab khaws keeb kwm rau kev debugging.
Cov ntaub ntawv code rau sau IP chaw nyob
<?php if (!defined('ABSPATH')) { return; } global $wpdb; /** * ΠΠ΅ΡΠ½ΡΡ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΡΠΉ IP Π°Π΄ΡΠ΅Ρ ΠΏΠΎΡΠ΅ΡΠΈΡΠ΅Π»Ρ * @return boolean */ function coderun_get_user_ip() { $client_ip = ''; $address_headers = array( 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR', ); foreach ($address_headers as $header) { if (array_key_exists($header, $_SERVER)) { $address_chain = explode(',', $_SERVER[$header]); $client_ip = trim($address_chain[0]); break; } } if (!$client_ip) { return ''; } if ('0.0.0.0' === $client_ip || '::' === $client_ip || $client_ip == 'unknown') { return ''; } return $client_ip; } $ip = esc_sql(coderun_get_user_ip()); // IP Π°Π΄ΡΠ΅Ρ ΠΏΠΎΡΠ΅ΡΠΈΡΠ΅Π»Ρ if (empty($ip)) {// ΠΠ΅Ρ IP, Π½Ρ ΠΈ ΠΈΠ΄ΠΈΡΠ΅ Π»Π΅ΡΠΎΠΌ... header('Content-type: application/json;'); die('Big big bolt....'); } $browser = esc_sql($_SERVER['HTTP_USER_AGENT']); //ΠΠ°Π½Π½ΡΠ΅ Π΄Π»Ρ Π°Π½Π°Π»ΠΈΠ·Π° Π±ΡΠ°ΡΠ·Π΅ΡΠ° $request = esc_sql(wp_json_encode($_REQUEST)); //ΠΠΎΡΠ»Π΅Π΄Π½ΠΈΠΉ Π·Π°ΠΏΡΠΎΡ ΠΊΠΎΡΠΎΡΡΠΉ Π±ΡΠ» ΠΊ ΡΠ°ΠΉΡΡ $input = esc_sql(file_get_contents('php://input')); //Π’Π΅Π»ΠΎ Π·Π°ΠΏΡΠΎΡΠ°, Π΅ΡΠ»ΠΈ Π±ΡΠ»ΠΎ $cnt = 1; //ΠΠ°ΠΏΡΠΎΡ Π² ΠΎΡΠ½ΠΎΠ²Π½ΡΡ ΡΠ°Π±Π»ΠΈΡΡ Ρ Π²ΡΠ΅ΠΌΠ΅Π½Π½ΡΠΌΠΈ ΠΊΠΎΠ½Π΄ΠΈΠ΄Π°ΡΠ°ΠΌΠΈ Π½Π° Π±Π»ΠΎΠΊΠΈΡΠΎΠ²ΠΊΡ $query = <<<EOT INSERT INTO wp_visiters_bot (`ip`,`browser`,`cnt`,`request`,`input`) VALUES ('{$ip}','{$browser}','{$cnt}','{$request}','$input') ON DUPLICATE KEY UPDATE cnt=cnt+1,request=VALUES(request),input=VALUES(input),browser=VALUES(browser) EOT; //ΠΠ°ΠΏΡΠΎΡ Π΄Π»Ρ ΠΈΡΡΠΎΡΠΈΠΈ $query2 = <<<EOT INSERT INTO wp_visiters_bot_history (`ip`,`browser`,`cnt`) VALUES ('{$ip}','{$browser}','{$cnt}') ON DUPLICATE KEY UPDATE cnt=cnt+1,browser=VALUES(browser) EOT; $wpdb->query($query); $wpdb->query($query2);Lub ntsiab lus ntawm tus lej yog kom tau txais tus qhua tus IP chaw nyob thiab sau rau hauv lub rooj. Yog hais tias tus ip twb nyob rau hauv lub rooj, lub cnt teb yuav nce (tus naj npawb ntawm kev thov rau lub site)
- Tam sim no qhov txaus ntshai ... Tam sim no lawv yuav hlawv kuv rau kuv ua :)
Txhawm rau sau txhua qhov kev thov rau lub xaib, peb txuas cov ntaub ntawv code rau lub ntsiab WordPress cov ntaub ntawv - wp-load.php. Yog lawm, peb hloov cov ntaub ntawv kernel thiab meej tom qab lub ntiaj teb hloov pauv $ wpdb twb muaj lawm
Yog li, tam sim no peb tuaj yeem pom ntau npaum li cas qhov no lossis qhov chaw nyob IP tau cim rau hauv peb lub rooj thiab nrog lub khob kas fes peb saib muaj ib zaug txhua 5 feeb kom nkag siab cov duab
Tom qab ntawd tsuas yog luam tus IP "teeb ββmeem", qhib cov ntaub ntawv .htaccess thiab ntxiv rau qhov kawg ntawm cov ntaub ntawv
Order allow,deny
Allow from all
# start_auto_deny_list
Deny from 94.242.55.248
# end_auto_deny_list
Ntawd yog nws, tam sim no 94.242.55.248 - tsis muaj kev nkag mus rau lub xaib thiab tsis tsim cov khoom thauj ntawm cov ntaub ntawv
Tab sis txhua zaus luam tawm ntawm tes zoo li qhov no tsis yog txoj haujlwm ncaj ncees, thiab dhau li ntawd, cov cai tau npaj los ua tus kheej.
Cia peb ntxiv cov ntaub ntawv uas yuav raug tua ntawm CRON txhua 30 feeb:
Cov ntaub ntawv code hloov kho .htaccess
<?php
/**
* Π€Π°ΠΉΠ» Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ Π·Π°Π΄Π°Π½ΠΈΡ Π±Π»ΠΎΠΊΠΈΡΠΎΠ²ΠΎΠΊ ΠΏΠΎ IP Π°Π΄ΡΠ΅ΡΡ
* ΠΠΎΠ»ΠΆΠ΅Π½ Π·Π°ΠΏΡΠ°ΡΠΈΠ²Π°ΡΡΡΡ ΡΠ΅ΡΠ΅Π· CRON
*/
if (empty($_REQUEST['key'])) {
die('Hello');
}
require('wp-load.php');
global $wpdb;
$limit_cnt = 70; //ΠΠΈΠΌΠΈΡ Π·Π°ΠΏΡΠΎΡΠΎΠ² ΠΏΠΎ ΠΊΠΎΡΠΎΡΡΠΌ ΠΎΡΠ±ΠΈΡΠ°ΡΡ
$deny_table = $wpdb->get_results("SELECT * FROM wp_visiters_bot WHERE cnt>{$limit_cnt}");
$new_blocked = [];
$exclude_ip = [
'87.236.16.70'//Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠΈΠ½Π³Π°
];
foreach ($deny_table as $result) {
if (in_array($result->ip, $exclude_ip)) {
continue;
}
$wpdb->insert('wp_visiters_bot_blocked', ['ip' => $result->ip], ['%s']);
}
$deny_table_blocked = $wpdb->get_results("SELECT * FROM wp_visiters_bot_blocked");
foreach ($deny_table_blocked as $blocked) {
$new_blocked[] = $blocked->ip;
}
//ΠΡΠΈΡΡΠΊΠ° ΡΠ°Π±Π»ΠΈΡΡ
$wpdb->query("DELETE FROM wp_visiters_bot");
//echo '<pre>';print_r($new_blocked);echo '</pre>';
$file = '.htaccess';
$start_searche_tag = 'start_auto_deny_list';
$end_searche_tag = 'end_auto_deny_list';
$handle = @fopen($file, "r");
if ($handle) {
$replace_string = '';//Π’Π΅ΡΡ Π΄Π»Ρ Π²ΡΡΠ°Π²ΠΊΠΈ Π² ΡΠ°ΠΉΠ» .htaccess
$target_content = false; //Π€Π»Π°Π³ Π½ΡΠΆΠ½ΠΎΠ³ΠΎ Π½Π°ΠΌ ΡΡΠ°ΡΡΠΊΠ° ΠΊΠΎΠ΄Π°
while (($buffer = fgets($handle, 4096)) !== false) {
if (stripos($buffer, 'start_auto_deny_list') !== false) {
$target_content = true;
continue;
}
if (stripos($buffer, 'end_auto_deny_list') !== false) {
$target_content = false;
continue;
}
if ($target_content) {
$replace_string .= $buffer;
}
}
if (!feof($handle)) {
echo "ΠΡΠΈΠ±ΠΊΠ°: fgets() Π½Π΅ΠΎΠΆΠΈΠ΄Π°Π½Π½ΠΎ ΠΏΠΎΡΠ΅ΡΠΏΠ΅Π» Π½Π΅ΡΠ΄Π°ΡΡn";
}
fclose($handle);
}
//Π’Π΅ΠΊΡΡΠΈΠΉ ΡΠ°ΠΉΠ» .htaccess
$content = file_get_contents($file);
$content = str_replace($replace_string, '', $content);
//ΠΡΠΈΡΠ°Π΅ΠΌ Π²ΡΠ΅ Π±Π»ΠΎΠΊΠΈΡΠΎΠ²ΠΊΠΈ Π² ΡΠ°ΠΉΠ»Π΅ .htaccess
file_put_contents($file, $content);
//ΠΠ°ΠΏΠΈΡΡ Π½ΠΎΠ²ΡΡ
Π±Π»ΠΎΠΊΠΈΡΠΎΠ²ΠΎΠΊ
$str = "# {$start_searche_tag}" . PHP_EOL;
foreach ($new_blocked as $key => $value) {
$str .= "Deny from {$value}" . PHP_EOL;
}
file_put_contents($file, str_replace("# {$start_searche_tag}", $str, file_get_contents($file)));
Cov ntaub ntawv code yog qhov yooj yim heev thiab tseem ceeb thiab nws lub tswv yim tseem ceeb yog coj cov neeg sib tw rau kev thaiv thiab nkag mus thaiv cov cai hauv .htaccess cov ntaub ntawv ntawm cov lus.
# start_auto_deny_list thiab # end_auto_deny_list
Tam sim no "kev phom sij" IPs raug thaiv los ntawm lawv tus kheej, thiab cov ntaub ntawv .htaccess zoo li no:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Order allow,deny
Allow from all
# start_auto_deny_list
Deny from 94.242.55.248
Deny from 207.46.13.122
Deny from 66.249.64.164
Deny from 54.209.162.70
Deny from 40.77.167.86
Deny from 54.146.43.69
Deny from 207.46.13.168
....... Π½ΠΈΠΆΠ΅ Π΄ΡΡΠ³ΠΈΠ΅ Π°Π΄ΡΠ΅ΡΠ°
# end_auto_deny_list
Yog li ntawd, tom qab cov cai no pib ua haujlwm, koj tuaj yeem pom qhov tshwm sim hauv lub vaj huam sib luag hosting:
PS: Cov ntaub ntawv yog tus sau, txawm hais tias kuv tau tshaj tawm ib feem ntawm nws ntawm kuv lub vev xaib, kuv tau txais cov ntawv nthuav dav ntxiv ntawm Habre.
Tau qhov twg los: www.hab.com