黑客常常在访问你的页面时,不断的在检查你的网站是否有漏洞,其中不免有人会在浏览器里敲入STRING来判断有无SQL注入漏洞,我想了一个办法就是封住他的IP,第一次你可以访问,但是你做了不好的事,呵呵,不让他访问.
function getip() {
if (isset($_SERVER)) {
if (isset($_SERVER[HTTP_X_FORWARDED_FOR])) {
$realip = $_SERVER[HTTP_X_FORWARDED_FOR];
} elseif (isset($_SERVER[HTTP_CLIENT_IP])) {
$realip = $_SERVER[HTTP_CLIENT_IP];
} else {
$realip = $_SERVER[REMOTE_ADDR];
}
} else {
if (getenv("HTTP_X_FORWARDED_FOR")) {
$realip = getenv( "HTTP_X_FORWARDED_FOR");
} elseif (getenv("HTTP_CLIENT_IP")) {
$realip = getenv("HTTP_CLIENT_IP");
} else {
$realip = getenv("REMOTE_ADDR");
}
}
return $realip;
}
function banip(){
$banip=@file('banip.txt');
if(!$banip) return ;
if(in_array(getip(),$banip)){
header('HTTP/1.1 404 Not Found');
?>
HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
404 <WBR>Not <WBR>Found
Not Found
The requested URL echo dirname($_SERVER["scrīpt_NAME"]);?> was not found on this server.
Web Server at echo $_SERVER["SERVER_NAME"];?> Port echo $_SERVER["SERVER_PORT"];?>
die();
}
}
banip();
echo '可以访问';
?>
同级目录放个banip.txt
譬如
127.0.0.1
192.168.0.1
