Prevent PHP script from being flooded

by

You can use memcache to do this ..

Simple Demo Script 

$memcache = new Memcache ();
$memcache->connect ( 'localhost', 11211 );
$runtime = $memcache->get ( 'floodControl' );

if ((time () - $runtime) < 2) {
    die ( "Die! Die! Die!" );
} 

else {
    echo "Welcome";
    $memcache->set ( "floodControl", time () );
}

This is just a sample code .. there are also other thing to consider such as

A. Better IP address detection (Proxy , Tor )

B. Current Action

C. Maximum execution per min etc …

D. Ban User after max flood etc

EDIT 1 – Improved Version

Usage 

$flood = new FloodDetection();
$flood->check();

echo "Welcome" ;

Class

class FloodDetection {
    const HOST = "localhost";
    const PORT = 11211;
    private $memcache;
    private $ipAddress;

    private $timeLimitUser = array (
            "DEFAULT" => 2,
            "CHAT" => 3,
            "LOGIN" => 4 
    );
    private $timeLimitProcess = array (
            "DEFAULT" => 0.1,
            "CHAT" => 1.5,
            "LOGIN" => 0.1 
    );

    function __construct() {
        $this->memcache = new Memcache ();
        $this->memcache->connect ( self::HOST, self::PORT );
    }

    function addUserlimit($key, $time) {
        $this->timeLimitUser [$key] = $time;
    }

    function addProcesslimit($key, $time) {
        $this->timeLimitProcess [$key] = $time;
    }

    public function quickIP() {
        return (empty ( $_SERVER ['HTTP_CLIENT_IP'] ) ? (empty ( $_SERVER ['HTTP_X_FORWARDED_FOR'] ) ? $_SERVER ['REMOTE_ADDR'] : $_SERVER ['HTTP_X_FORWARDED_FOR']) : $_SERVER ['HTTP_CLIENT_IP']);
    }

    public function check($action = "DEFAULT") {
        $ip = $this->quickIP ();
        $ipKey = "flood" . $action . sha1 ( $ip );

        $runtime = $this->memcache->get ( 'floodControl' );
        $iptime = $this->memcache->get ( $ipKey );

        $limitUser = isset ( $this->timeLimitUser [$action] ) ? $this->timeLimitUser [$action] : $this->timeLimitUser ['DEFAULT'];
        $limitProcess = isset ( $this->timeLimitProcess [$action] ) ? $this->timeLimitProcess [$action] : $this->timeLimitProcess ['DEFAULT'];

        if ((microtime ( true ) - $iptime) < $limitUser) {
            print ("Die! Die! Die! $ip") ;
            exit ();
        }

        // Limit All request
        if ((microtime ( true ) - $runtime) < $limitProcess) {
            print ("All of you Die! Die! Die! $ip") ;
            exit ();
        }

        $this->memcache->set ( "floodControl", microtime ( true ) );
        $this->memcache->set ( $ipKey, microtime ( true ) );
    }

}

More Related Contents:

  1. Limit execution time of an function or command PHP
  2. How to limit items from for loop?
  3. LIMIT keyword on MySQL with prepared statement [duplicate]
  4. Pagination using MySQL LIMIT, OFFSET
  5. Does sleep time count for execution time limit?
  6. Parametrized PDO query and `LIMIT` clause – not working [duplicate]
  7. Does php execution stop after a user leaves the page?
  8. Error while using PDO prepared statements and LIMIT in query [duplicate]
  9. PHP: Limit foreach() statement? [closed]
  10. How can I select rows in MySQL starting at a given row number?
  11. How to limit the elements created by explode()
  12. PHP/MySQL Pagination
  13. PHP mail() issue
  14. How to use this code my wordpress theme
  15. How to check if an email address exists without sending an email?
  16. What is stdClass in PHP?
  17. How to make PDF file downloadable in HTML link?
  18. Count number of values in array with a given value
  19. Safely catch a ‘Allowed memory size exhausted’ error in PHP
  20. How do I install Composer PHP packages without Composer?
  21. Add ‘Watermark’ to images with php [closed]
  22. Traits in PHP – any real world examples/best practices? [closed]
  23. How to get system environment variables into PHP while running CLI & Apache2Handler?
  24. Convert exponential to a whole number in PHP [duplicate]
  25. Run a ffmpeg process in the background
  26. Enabling $_GET in codeigniter
  27. PDO: MySQL server has gone away
  28. When to pass-by-reference in PHP
  29. Change array key without changing order
  30. Google API How to connect to receive values from spreadsheet

Leave a Comment