PHP五秒盾那些事


0x00 引言

部署五秒盾可以有效的应对CC攻击,但CF的五秒盾并不适合国内使用,好在五秒盾的原理很简单,本质上就是验证cookies来区分正常用户和爬虫,网上也有很多现成的源码可以使用

要注意的是PHP五秒盾也会消耗服务器资源,只能在被攻击时减少服务器消耗的资源应对小规模的攻击

0x02 WordPress

<?php
define('SYSTEM_ROOT', dirname(preg_replace('@\\(.*\\(.*$@', '', preg_replace('@\\(.*\\(.*$@', '', __FILE__))) . '/');
session_start();
date_default_timezone_set('Asia/Shanghai');
header('Content-Type: text/html; charset=UTF-8');
function getspider($useragent=''){
    if(CC_Defender==2)return false;
    if(!$useragent){$useragent = $_SERVER['HTTP_USER_AGENT'];}
$useragent=strtolower($useragent);
    if (strpos($useragent, 'baiduspider') !== false){return 'baiduspider';}
    if (strpos($useragent, 'googlebot') !== false){return 'googlebot';}
    if (strpos($useragent, 'soso') !== false){return 'soso';}
    if (strpos($useragent, 'bing') !== false){return 'bing';}
    if (strpos($useragent, 'yahoo') !== false){return 'yahoo';}
    if (strpos($useragent, 'sohu-search') !== false){return 'Sohubot';}
    if (strpos($useragent, 'sogou') !== false){return 'sogou';}
    if (strpos($useragent, 'youdaobot') !== false){return 'YoudaoBot';}
    if (strpos($useragent, 'yodaobot') !== false){return 'YodaoBot';}
    if (strpos($useragent, 'robozilla') !== false){return 'Robozilla';}
    if (strpos($useragent, 'msnbot') !== false){return 'msnbot';}
    if (strpos($useragent, 'lycos') !== false){return 'Lycos';}
    if (strpos($useragent, 'ia_archiver') !== false || strpos($useragent, 'iaarchiver') !== false){return 'alexa';}
    if (strpos($useragent, 'archive.org_bot') !== false){return 'Archive';} 
    if (strpos($useragent, 'robozilla') !== false){return 'Robozilla';} 
    if (strpos($useragent, 'sitebot') !== false){return 'SiteBot';} 
    if (strpos($useragent, 'mj12bot') !== false){return 'MJ12bot';} 
    if (strpos($useragent, 'gosospider') !== false){return 'gosospider';} 
    if (strpos($useragent, 'gigabot') !== false){return 'Gigabot';} 
    if (strpos($useragent, 'yrspider') !== false){return 'YRSpider';} 
    if (strpos($useragent, 'gigabot') !== false){return 'Gigabot';} 
    if (strpos($useragent, 'jikespider') !== false){return 'jikespider';} 
    if (strpos($useragent, 'addsugarspiderbot') !== false){return 'AddSugarSpiderBot';/*非常少*/} 
    if (strpos($useragent, 'testspider') !== false){return 'TestSpider';} 
    if (strpos($useragent, 'etaospider') !== false){return 'EtaoSpider';} 
    if (strpos($useragent, 'wangidspider') !== false){return 'WangIDSpider';} 
    if (strpos($useragent, 'foxspider') !== false){return 'FoxSpider';} 
    if (strpos($useragent, 'docomo') !== false){return 'DoCoMo';} 
    if (strpos($useragent, 'yandexbot') !== false){return 'YandexBot';} 
    if (strpos($useragent, 'ezooms') !== false){return 'Ezooms';/*个人*/} 
    if (strpos($useragent, 'sinaweibobot') !== false){return 'SinaWeiboBot';} 
    if (strpos($useragent, 'catchbot') !== false){return 'CatchBot';} 
    if (strpos($useragent, 'surveybot') !== false){return 'SurveyBot';} 
    if (strpos($useragent, 'dotbot') !== false){return 'DotBot';} 
    if (strpos($useragent, 'purebot') !== false){return 'Purebot';} 
    if (strpos($useragent, 'ccbot') !== false){return 'CCBot';} 
    if (strpos($useragent, 'mlbot') !== false){return 'MLBot';} 
    if (strpos($useragent, 'adsbot-google') !== false){return 'AdsBot-Google';}
    if (strpos($useragent, 'ahrefsbot') !== false){return 'AhrefsBot';}
    if (strpos($useragent, 'spbot') !== false){return 'spbot';}
    if (strpos($useragent, 'augustbot') !== false){return 'AugustBot';}
    return false;
}

if($_GET['rand'] && $_SESSION['rand_session']!=$_GET['rand']){
    @header('Content-Type: text/html; charset=UTF-8');
exit('<b>浏览器不支持 COOKIE 或者不正常访问!</b>');
}
if(!$_SESSION['rand_session'] && $nosecu!=true){
    if(!getspider()){
        $rand_session=md5(uniqid().rand(1,1000));
    $_SESSION['rand_session']=$rand_session;
        exit("<!DOCTYPE HTML>
        <html>
        <head>
        <meta charset=\"UTF-8\"/>
        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1\" />

        <title>安全检查中...</title>
     <script> var i = 5; 
  var intervalid; 
  intervalid = setInterval(\"fun()\", 1000); 
function fun() { 
if (i == 0) { 
window.location.href = \"?{$_SERVER['QUERY_STRING']}&rand={$rand_session}\"; 
clearInterval(intervalid); 
} 
document.getElementById(\"mes\").innerHTML = i; 
i--; 
} 
</script> 
<style>
    html, body {width: 100%; height: 100%; margin: 0; padding: 0;}
    body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}
    h1 {font-size: 1.5em; color: #404040; text-align: center;}
    p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}
    #spinner {margin: 0 auto 30px auto; display: block;}
    .attribution {margin-top: 20px;}
  </style>
  </head>
<body>
  <table width=\"100%\" height=\"100%\" cellpadding=\"20\">
    <tr>
      <td align=\"center\" valign=\"middle\">
    <noscript><h2>请打开浏览器的 javascript,然后刷新浏览器</h2></noscript>
  <h1><span data-translate=\"checking_browser\">浏览器安全检查中...</span></h1>
    <p data-translate=\"process_is_automatic\"></p>
    <p data-translate=\"allow_5_secs\">还剩 <span id=\"mes\">5</span> 秒</p>
  </div>
</div>
  </td>
    </tr>
</table></body></html>");}}

这是网上流传最广的PHP五秒盾代码,在区别正常用户和爬虫的同时还能有效过滤一些搜索引擎爬虫保证SEO 不仅可以使用以下的代码进行PHP通用调用

<?php include 'cc.php'; ?>

如果你使用的模板是WordPress,还可以在主题/header.php 第一行添加以下代码进行调用

<?php get_template_part( 'template/cc' ); ?>

为了防止影响正常用户的体验,还可以选择根据系统负载来判断是否开启,通过计划任务定时执行脚本来实现 新建check.sh并使用计划任务一分钟执行一次

check.sh:
#!/bin/bash
# author: yunloc
# website: https://yunloc.com

if [ ! -f "status.txt" ];then
echo "" > status.txt
else
status=$(cat status.txt)
fi
now=$(date +%s)
time=$(date +%s -r status.txt)
load=$(cat /proc/loadavg | colrm 5)
echo "当前负载:$load"
newtime=`expr $now - $time`
if [[ $load <1.2 ]] && [[ $status -eq 1 ]] && [[ $newtime >600 ]]  
then
cResult=$(/bin/cp /home/wwwroot/yunloc.com/wp-content/themes/begin/header_5_on.php /home/wwwroot/yunloc.com/wp-content/themes/begin/header.php)
echo $cResult
echo "负载低于 1.2,当前已开盾超过 10 分钟($newtime 秒),尝试关盾"
echo 0 > status.txt
elif [[ $load <1.2 ]]
then
echo "负载低于 1.2,不做任何改变,$newtime 秒"
exit
else
cResult=$(/bin/cp /home/wwwroot/yunloc.com/wp-content/themes/begin/header_5_off.php /home/wwwroot/yunloc.com/wp-content/themes/begin/header.php)
echo $cResult
echo "负载高于 1.2,开启防御规则"
echo 1 > status.txt
fi

再新建两个文件

  • wp-content/themes/begin/pheader_5_off.php 首行加入WordPress调用代码
  • wp-content/themes/begin/header_5_on.php 原版 header.php

原理是系统负载达到 1.2 后自动开启,小于 1.2 后 600 秒关闭

关于负载一般可以简单的设置为你的核心数*1.2 比如你 CPU 是双核的,可以设置为 2.4

0x03 Typecho

<?php
error_reporting(0);
define('SYSTEM_ROOT', dirname(preg_replace('@\\(.*\\(.*$@', '', preg_replace('@\\(.*\\(.*$@', '', __FILE__))) . '/');
session_start();
$seconds = '3';//时间段/秒
$refresh = '5';//刷新次数
$cur_time = time();
if(isset($_SESSION['last_time'])){
 $_SESSION['refresh_times'] += 1;
}else{
 $_SESSION['refresh_times'] = 1;
 $_SESSION['last_time'] = $cur_time;
}
if($cur_time - $_SESSION['last_time'] < $seconds){
 if($_SESSION['refresh_times'] >= $refresh){
  header(sprintf('Location:%s', 'http://127.0.0.1'));
  exit('Access Denied');
 }
}else{
 $_SESSION['refresh_times'] = 0;
 $_SESSION['last_time'] = $cur_time;
}
date_default_timezone_set('Asia/Shanghai');
header('Content-Type: text/html; charset=UTF-8');
function getspider($useragent=''){
    if(CC_Defender==2)return false;
    if(!$useragent){$useragent = $_SERVER['HTTP_USER_AGENT'];}
$useragent=strtolower($useragent);
    if (strpos($useragent, 'baiduspider') !== false){return 'baiduspider';}
    if (strpos($useragent, 'googlebot') !== false){return 'googlebot';}
    if (strpos($useragent, 'soso') !== false){return 'soso';}
    if (strpos($useragent, 'bing') !== false){return 'bing';}
    if (strpos($useragent, 'yahoo') !== false){return 'yahoo';}
    if (strpos($useragent, 'sohu-search') !== false){return 'Sohubot';}
    if (strpos($useragent, 'sogou') !== false){return 'sogou';}
    if (strpos($useragent, 'youdaobot') !== false){return 'YoudaoBot';}
    if (strpos($useragent, 'yodaobot') !== false){return 'YodaoBot';}
    if (strpos($useragent, 'robozilla') !== false){return 'Robozilla';}
    if (strpos($useragent, 'msnbot') !== false){return 'msnbot';}
    if (strpos($useragent, 'lycos') !== false){return 'Lycos';}
    if (strpos($useragent, 'ia_archiver') !== false || strpos($useragent, 'iaarchiver') !== false){return 'alexa';}
    if (strpos($useragent, 'archive.org_bot') !== false){return 'Archive';} 
    if (strpos($useragent, 'robozilla') !== false){return 'Robozilla';} 
    if (strpos($useragent, 'sitebot') !== false){return 'SiteBot';} 
    if (strpos($useragent, 'mj12bot') !== false){return 'MJ12bot';} 
    if (strpos($useragent, 'gosospider') !== false){return 'gosospider';} 
    if (strpos($useragent, 'gigabot') !== false){return 'Gigabot';} 
    if (strpos($useragent, 'yrspider') !== false){return 'YRSpider';} 
    if (strpos($useragent, 'gigabot') !== false){return 'Gigabot';} 
    if (strpos($useragent, 'jikespider') !== false){return 'jikespider';} 
    if (strpos($useragent, 'addsugarspiderbot') !== false){return 'AddSugarSpiderBot';/*非常少*/} 
    if (strpos($useragent, 'testspider') !== false){return 'TestSpider';} 
    if (strpos($useragent, 'etaospider') !== false){return 'EtaoSpider';} 
    if (strpos($useragent, 'wangidspider') !== false){return 'WangIDSpider';} 
    if (strpos($useragent, 'foxspider') !== false){return 'FoxSpider';} 
    if (strpos($useragent, 'docomo') !== false){return 'DoCoMo';} 
    if (strpos($useragent, 'yandexbot') !== false){return 'YandexBot';} 
    if (strpos($useragent, 'ezooms') !== false){return 'Ezooms';/*个人*/} 
    if (strpos($useragent, 'sinaweibobot') !== false){return 'SinaWeiboBot';} 
    if (strpos($useragent, 'catchbot') !== false){return 'CatchBot';} 
    if (strpos($useragent, 'surveybot') !== false){return 'SurveyBot';} 
    if (strpos($useragent, 'dotbot') !== false){return 'DotBot';} 
    if (strpos($useragent, 'purebot') !== false){return 'Purebot';} 
    if (strpos($useragent, 'ccbot') !== false){return 'CCBot';} 
    if (strpos($useragent, 'mlbot') !== false){return 'MLBot';} 
    if (strpos($useragent, 'adsbot-google') !== false){return 'AdsBot-Google';}
    if (strpos($useragent, 'ahrefsbot') !== false){return 'AhrefsBot';}
    if (strpos($useragent, 'spbot') !== false){return 'spbot';}
    if (strpos($useragent, 'augustbot') !== false){return 'AugustBot';}
    return false;
}

if($_GET['rand'] && $_SESSION['rand_session']!=$_GET['rand']){
    @header('Content-Type: text/html; charset=UTF-8');
exit('<b>浏览器不支持COOKIE或者不正常访问!</b>');
}
if(!$_SESSION['rand_session'] && $nosecu!=true){
    if(!getspider()){
        $rand_session=md5(uniqid().rand(1,1000));
    $_SESSION['rand_session']=$rand_session;
        exit("<!DOCTYPE HTML>
        <html>
        <head>
        <meta charset=\"UTF-8\"/>
        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1\" />

        <title>安全检查中...</title>
     <script> var i = 5; 
  var intervalid; 
  intervalid = setInterval(\"fun()\", 1000); 
function fun() { 
if (i == 0) { 
window.location.href = \"?{$_SERVER['QUERY_STRING']}&rand={$rand_session}\"; 
clearInterval(intervalid); 
} 
document.getElementById(\"mes\").innerHTML = i; 
i--; 
} 
</script> 
<style>
    html, body {width: 100%; height: 100%; margin: 0; padding: 0;}
    body {background-color: #ffffff; font-family: Helvetica, Arial, sans-serif; font-size: 100%;}
    h1 {font-size: 1.5em; color: #404040; text-align: center;}
    p {font-size: 1em; color: #404040; text-align: center; margin: 10px 0 0 0;}
    #spinner {margin: 0 auto 30px auto; display: block;}
    .attribution {margin-top: 20px;}
  </style>
  </head>
<body>
  <table width=\"100%\" height=\"100%\" cellpadding=\"20\">
    <tr>
      <td align=\"center\" valign=\"middle\">
    <noscript><h2>请打开浏览器的javascript,然后刷新浏览器</h2></noscript>
  <h1><span data-translate=\"checking_browser\">浏览器安全检查中...</span></h1>
    <p data-translate=\"process_is_automatic\"></p>
    <p data-translate=\"allow_5_secs\">还剩 <span id=\"mes\">5</span> 秒</p>
  </div>
</div>
  </td>
    </tr>
</table></body></html>");}}

由不暇在原来代码的基础上增加了对访问频率的识别跳转并可以手动开关

部署需要在usr/themes/主题/functions.php的themeConfig方法内,增加如下代码

$CC= new Typecho_Widget_Helper_Form_Element_Radio('CC',array('1' => _t('关闭五秒盾'),'2' => _t('开启五秒盾')),'1',_t('PHP五秒盾'),_t("开启后对恶意访客进行拦截,在遭受流量攻击后有一定的防御效果,为了用户体验正常情况请关闭。"));
$form->addInput($CC);

即可在控制台-外观-设置外观处看见控制选项

接着在usr/themes/主题/header.php首行添加以下代码

<?php if ($this->options->CC == '2'): ?>
<?php include 'cc.php'; ?>
<?php endif; ?>

即可设置完成

0x04 参考链接

typecho引入php五秒盾,实现自由配置

#教程# WordPress - 5秒盾防CC(PHP通用代码)

声明:空指针的小站|版权所有,违者必究|如未注明,均为原创|本网站采用BY-NC-SA协议进行授权

转载:转载请注明原文链接 - PHP五秒盾那些事


Debug the world