简介
这是个类似Cloudflare的防 cc功能,利用的是五秒盾的原理,经过检测得到 cookie 的浏览器才能正常的访问你的网站了,当然了,面对数以万计的肉鸡,这代码还是无能为力的,所以说做人就要低调,别到处装逼,到时候被打了惨的还是自己,下面分享给需要的同学。
使用教程
新建文件
首先建个 PHP 文件 cc.php 代码如下:
<?php
define(‘SYSTEM_ROOT’, dirname(preg_replace(‘@\\(.*\\(.*$@’, ”, preg_replace(‘@\\(.*\\(.*$@’, ”, __FILE__))) . ‘/’);session_start();date_default_timezone_set(‘Asia/Shanghai’);header(‘Content-Type: text/html; charset=UTF-8’);function getspider($useragent=”){if(CC_Defender==2)return false;if(!$useragent){$useragent = $_SERVER[‘HTTP_USER_AGENT’];}$useragent=strtolower($useragent);if (strpos($useragent, ‘baiduspider’) !== false){return ‘baiduspider’;}if (strpos($useragent, ‘googlebot’) !== false){return ‘googlebot’;}if (strpos($useragent, ‘soso’) !== false){return ‘soso’;}if (strpos($useragent, ‘bing’) !== false){return ‘bing’;}if (strpos($useragent, ‘yahoo’) !== false){return ‘yahoo’;}if (strpos($useragent, ‘sohu-search’) !== false){return ‘Sohubot’;}if (strpos($useragent, ‘sogou’) !== false){return ‘sogou’;}if (strpos($useragent, ‘youdaobot’) !== false){return ‘YoudaoBot’;}if (strpos($useragent, ‘yodaobot’) !== false){return ‘YodaoBot’;}if (strpos($useragent, ‘robozilla’) !== false){return ‘Robozilla’;}if (strpos($useragent, ‘msnbot’) !== false){return ‘msnbot’;}if (strpos($useragent, ‘lycos’) !== false){return ‘Lycos’;}if (strpos($useragent, ‘ia_archiver’) !== false || strpos($useragent, ‘iaarchiver’) !== false){return ‘alexa’;}if (strpos($useragent, ‘archive.org_bot’) !== false){return ‘Archive’;}if (strpos($useragent, ‘robozilla’) !== false){return ‘Robozilla’;}if (strpos($useragent, ‘sitebot’) !== false){return ‘SiteBot’;}if (strpos($useragent, ‘mj12bot’) !== false){return ‘MJ12bot’;}if (strpos($useragent, ‘gosospider’) !== false){return ‘gosospider’;}if (strpos($useragent, ‘gigabot’) !== false){return ‘Gigabot’;}if (strpos($useragent, ‘yrspider’) !== false){return ‘YRSpider’;}if (strpos($useragent, ‘gigabot’) !== false){return ‘Gigabot’;}if (strpos($useragent, ‘jikespider’) !== false){return ‘jikespider’;}if (strpos($useragent, ‘addsugarspiderbot’) !== false){return ‘AddSugarSpiderBot’;/*非常少*/}if (strpos($useragent, ‘testspider’) !== false){return ‘TestSpider’;}if (strpos($useragent, ‘etaospider’) !== false){return ‘EtaoSpider’;}if (strpos($useragent, ‘wangidspider’) !== false){return ‘WangIDSpider’;}if (strpos($useragent, ‘foxspider’) !== false){return ‘FoxSpider’;}if (strpos($useragent, ‘docomo’) !== false){return ‘DoCoMo’;}if (strpos($useragent, ‘yandexbot’) !== false){return ‘YandexBot’;}if (strpos($useragent, ‘ezooms’) !== false){return ‘Ezooms’;/*个人*/}if (strpos($useragent, ‘sinaweibobot’) !== false){return ‘SinaWeiboBot’;}if (strpos($useragent, ‘catchbot’) !== false){return ‘CatchBot’;}if (strpos($useragent, ‘surveybot’) !== false){return ‘SurveyBot’;}if (strpos($useragent, ‘dotbot’) !== false){return ‘DotBot’;}if (strpos($useragent, ‘purebot’) !== false){return ‘Purebot’;}if (strpos($useragent, ‘ccbot’) !== false){return ‘CCBot’;}if (strpos($useragent, ‘mlbot’) !== false){return ‘MLBot’;}if (strpos($useragent, ‘adsbot-google’) !== false){return ‘AdsBot-Google’;}if (strpos($useragent, ‘ahrefsbot’) !== false){return ‘AhrefsBot’;}if (strpos($useragent, ‘spbot’) !== false){return ‘spbot’;}if (strpos($useragent, ‘augustbot’) !== false){return ‘AugustBot’;}return false;}if($_GET[‘rand’] && $_SESSION[‘rand_session’]!=$_GET[‘rand’]){@header(‘Content-Type: text/html; charset=UTF-8’);exit(‘<b>浏览器不支持 COOKIE 或者不正常访问!</b>’);}if(!$_SESSION[‘rand_session’] && $nosecu!=true){if(!getspider()){$rand_session=md5(uniqid().rand(1,1000));$_SESSION[‘rand_session’]=$rand_session;exit(“<!DOCTYPE HTML><html><head><meta charset=\”UTF-8\”/><meta name=\”viewport\” content=\”width=device-width, initial-scale=1, maximum-scale=1\” /><title>In inspection…</title><script> var i = 5;var intervalid;intervalid = setInterval(\”fun()\”, 1000);function fun() {if (i == 0) {window.location.href = \”?{$_SERVER[‘QUERY_STRING’]}&rand={$rand_session}\”;clearInterval(intervalid);}document.getElementById(\”mes\”).innerHTML = i;i–;}</script><style>html, body {width: 100%; height: 100%; margin: 0; padding: 0;}body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}h1 {font-size: 1.5em; color: #404040; text-align: center;}p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}#spinner {margin: 0 auto 30px auto; display: block;}.attribution {margin-top: 20px;}</style></head><body><table width=\”100%\” height=\”100%\” cellpadding=\”20\”><tr><td align=\”center\” valign=\”middle\”><noscript><h2>请打开浏览器的 javascript,然后刷新浏览器</h2></noscript><h1><span data-translate=\”checking_browser\”>浏览器安全检查中…</span></h1><p data-translate=\”process_is_automatic\”></p><p data-translate=\”allow_5_secs\”>还剩 <span id=\”mes\”>5</span> 秒</p></div></div></td></tr>
</table></body></html>”);}}
WordPress 上传到主题/template/cc.php ;
2023/06/15 更新 php8 适配
<?php
define(‘SYSTEM_ROOT’, dirname(preg_replace(‘/\\(.*\\(.*$/’, ”, preg_replace(‘/\\(.*\\(.*$/’, ”, __FILE__))) . ‘/’);session_start();date_default_timezone_set(‘Asia/Shanghai’);header(‘Content-Type: text/html; charset=UTF-8’);const CC_Defender = 0;function getspider($useragent=”){if(CC_Defender==2) return false;if(!$useragent){$useragent = $_SERVER[‘HTTP_USER_AGENT’];}$useragent=strtolower($useragent);if (strpos($useragent, ‘baiduspider’) !== false){return ‘baiduspider’;}if (strpos($useragent, ‘googlebot’) !== false){return ‘googlebot’;}if (strpos($useragent, ‘soso’) !== false){return ‘soso’;}if (strpos($useragent, ‘bing’) !== false){return ‘bing’;}if (strpos($useragent, ‘yahoo’) !== false){return ‘yahoo’;}if (strpos($useragent, ‘sohu-search’) !== false){return ‘Sohubot’;}if (strpos($useragent, ‘sogou’) !== false){return ‘sogou’;}if (strpos($useragent, ‘youdaobot’) !== false){return ‘YoudaoBot’;}if (strpos($useragent, ‘yodaobot’) !== false){return ‘YodaoBot’;}if (strpos($useragent, ‘robozilla’) !== false){return ‘Robozilla’;}if (strpos($useragent, ‘msnbot’) !== false){return ‘msnbot’;}if (strpos($useragent, ‘lycos’) !== false){return ‘Lycos’;}if (strpos($useragent, ‘ia_archiver’) !== false || strpos($useragent, ‘iaarchiver’) !== false){return ‘alexa’;}if (strpos($useragent, ‘archive.org_bot’) !== false){return ‘Archive’;}if (strpos($useragent, ‘robozilla’) !== false){return ‘Robozilla’;}if (strpos($useragent, ‘sitebot’) !== false){return ‘SiteBot’;}if (strpos($useragent, ‘mj12bot’) !== false){return ‘MJ12bot’;}if (strpos($useragent, ‘gosospider’) !== false){return ‘gosospider’;}if (strpos($useragent, ‘gigabot’) !== false){return ‘Gigabot’;}if (strpos($useragent, ‘yrspider’) !== false){return ‘YRSpider’;}if (strpos($useragent, ‘gigabot’) !== false){return ‘Gigabot’;}if (strpos($useragent, ‘jikespider’) !== false){return ‘jikespider’;}if (strpos($useragent, ‘addsugarspiderbot’) !== false){return ‘AddSugarSpiderBot’;/*非常少*/}if (strpos($useragent, ‘testspider’) !== false){return ‘TestSpider’;}if (strpos($useragent, ‘etaospider’) !== false){return ‘EtaoSpider’;}if (strpos($useragent, ‘wangidspider’) !== false){return ‘WangIDSpider’;}if (strpos($useragent, ‘foxspider’) !== false){return ‘FoxSpider’;}if (strpos($useragent, ‘docomo’) !== false){return ‘DoCoMo’;}if (strpos($useragent, ‘yandexbot’) !== false){return ‘YandexBot’;}if (strpos($useragent, ‘ezooms’) !== false){return ‘Ezooms’;/*个人*/}if (strpos($useragent, ‘sinaweibobot’) !== false){return ‘SinaWeiboBot’;}if (strpos($useragent, ‘catchbot’) !== false){return ‘CatchBot’;}if (strpos($useragent, ‘surveybot’) !== false){return ‘SurveyBot’;}if (strpos($useragent, ‘dotbot’) !== false){return ‘DotBot’;}if (strpos($useragent, ‘purebot’) !== false){return ‘Purebot’;}if (strpos($useragent, ‘ccbot’) !== false){return ‘CCBot’;}if (strpos($useragent, ‘mlbot’) !== false){return ‘MLBot’;}if (strpos($useragent, ‘adsbot-google’) !== false){return ‘AdsBot-Google’;}if (strpos($useragent, ‘ahrefsbot’) !== false){return ‘AhrefsBot’;}if (strpos($useragent, ‘spbot’) !== false){return ‘spbot’;}if (strpos($useragent, ‘augustbot’) !== false){return ‘AugustBot’;}return false;}$nosecu = true; // 给 $nosecu 变量赋值以避免未定义的变量 Notice。if(isset($_GET[‘rand’]) && isset($_SESSION[‘rand_session’]) && $_SESSION[‘rand_session’]!==$_GET[‘rand’]){@header(‘Content-Type: text/html; charset=UTF-8’);exit(‘<b>浏览器不支持 COOKIE 或者不正常访问!</b>’);}if(!isset($_SESSION[‘rand_session’]) && !$nosecu){if(!getspider()){$rand_session=md5(uniqid().rand(1,1000));$_SESSION[‘rand_session’]=$rand_session;exit(“<!DOCTYPE HTML><html><head><meta charset=\”UTF-8\”/><meta name=\”viewport\” content=\”width=device-width, initial-scale=1, maximum-scale=1\” /><title>In inspection…</title><script>var i = 5;var intervalid;intervalid = setInterval(function () {if (i == 0) {window.location.href = \”?{$_SERVER[‘QUERY_STRING’]}&rand={$rand_session}\”;clearInterval(intervalid);}document.getElementById(\”mes\”).innerHTML = i–;}, 1000);</script><style>html, body {width: 100%; height: 100%; margin: 0; padding: 0;}body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}h1 {font-size: 1.5em; color: #404040; text-align: center;}p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}#spinner {margin: 0 auto 30px auto; display: block;}.attribution {margin-top: 20px;}</style></head><body><table width=\”100%\” height=\”100%\” cellpadding=\”20\”><tr><td align=\”center\” valign=\”middle\”><noscript><h2>请打开浏览器的 JavaScript,然后刷新浏览器</h2></noscript><h1><span data-translate=\”checking_browser\”>浏览器安全检查中…</span></h1><p data-translate=\”process_is_automatic\”></p><p data-translate=\”allow_5_secs\”>还剩 <span id=\”mes\”>5</span> 秒</p></td></tr></table></body></html>”);}
}
调用代码
PHP 通用调用,在头部或主要文件内文件加入:
<?php include ‘cc.php’; ?>
WordPress 调用,主题/header.php 第一行添加代码:
<?php get_template_part( ‘template/cc’ ); ?>
建议
可以把代码调用至 404 错误页,对于单 IP 刷新 CC 不存在页面有很好的防御效果!
首次访问网站检测浏览器 cookie 通过才能正常的访问你的网站,搜索引擎蜘蛛已经过滤,不影响收录,还有未加上的可以自己补充。平时没攻击的时候建议不要开启,影响网站体验,配合《Nginx lua waf 简单防御 CC 攻击》效果更佳。
补充
使用方法
2019/07/02 新增脚本运用,根据系统负载来开启/关闭5 秒盾,新建 check_5.sh:
#!/bin/bash
# author: yunloc# website: https://yunloc.comif [ ! -f “status.txt” ];thenecho “” > status.txtelsestatus=$(cat status.txt)finow=$(date +%s)time=$(date +%s -r status.txt)load=$(cat /proc/loadavg | colrm 5)echo “当前负载:$load”newtime=`expr $now – $time`if [[ $load <1.2 ]] && [[ $status -eq 1 ]] && [[ $newtime >600 ]]thencResult=$(/bin/cp /home/wwwroot/yunloc.com/wp-content/themes/begin/header_5_on.php /home/wwwroot/yunloc.com/wp-content/themes/begin/header.php)echo $cResultecho “负载低于 1.2,当前已开盾超过 10 分钟($newtime 秒),尝试关盾”echo 0 > status.txtelif [[ $load <1.2 ]]thenecho “负载低于 1.2,不做任何改变,$newtime 秒”exitelsecResult=$(/bin/cp /home/wwwroot/yunloc.com/wp-content/themes/begin/header_5_off.php /home/wwwroot/yunloc.com/wp-content/themes/begin/header.php)echo $cResultecho “负载高于 1.2,开启防御规则”echo 1 > status.txt
fi
设置定时任务,每 1 分钟检查一次:
*/1 * * * * /root/check_5.sh
新建 2 个文件:
/home/wwwroot/yunloc.com/wp-content/themes/begin/pheader_5_off.php
(首行加入WordPress调用代码)开启防御后把文件写入 header.php;
/home/wwwroot/yunloc.com/wp-content/themes/begin/header_5_on.php
(原版 header.php 拷贝)关闭防御后把文件写入 header.php;
原理
当系统负载达到 1.2 后自动开启,小于 1.2 后 600 秒关闭。
关于负载一般可以简单的设置为你的核心数*1.2 比如你 CPU 是双核的,可以设置为 2.4。
声明:
1.本网站资源来源于网络收集,如有侵权,请联系站长进行删除处理。请发送邮件至:chensi2024@foxmail.com,我们将第一时间处理!
2.资源所需价格并非资源售卖价格,是收集、整理、编辑详情以及本站运营的适当补贴,并且本站不提供任何免费技术支持 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需。
3.所有资源仅限于参考和学习,版权归原作者所有,更多请阅读网站声明。
4.如下载链接失效,请在当前页留言或私信管理员,24小时必处理结束!
5.本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解。
6.本站提供的资源仅限用于学习交流和研究目的。不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负,我们不保证内容的长久可用性,通过使用本站内容随之而来的风险以及产生法律纠纷与本站无关,您必须在下载后的24个小时之内,从您的电脑/手机中彻底删除。
1.本网站资源来源于网络收集,如有侵权,请联系站长进行删除处理。请发送邮件至:chensi2024@foxmail.com,我们将第一时间处理!
2.资源所需价格并非资源售卖价格,是收集、整理、编辑详情以及本站运营的适当补贴,并且本站不提供任何免费技术支持 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需。
3.所有资源仅限于参考和学习,版权归原作者所有,更多请阅读网站声明。
4.如下载链接失效,请在当前页留言或私信管理员,24小时必处理结束!
5.本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解。
6.本站提供的资源仅限用于学习交流和研究目的。不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负,我们不保证内容的长久可用性,通过使用本站内容随之而来的风险以及产生法律纠纷与本站无关,您必须在下载后的24个小时之内,从您的电脑/手机中彻底删除。
