Notifications
Clear all
BugOverflow
1
Posty
1
Users
0
Reactions
793
Widok
0
14/09/2022 9:42 am
Topic starter
abuse protect, try limit, throttle download
1 Answer
0
14/09/2022 9:42 am
Topic starter
Simple abuse (bruteforce) preventer in php.
description
- User can trigger this script 5 times until lock counter start
- Using SESSION, not cookies
- If delay will exceed last value (25+sec) script is goint to countdown this value until fresh start
how to use?
if(!check_user_password()){ abuse_preventer(); };
code
<?php //muszak.eu abuse preventer 1.0 abuse_preventer(); function abuse_preventer() { if (!isset($_SESSION)) session_start(); $usage = array(2, 3, 5, 6, 7, 10, 15, 20, 25); // seconds to wait after each request $freeHits = 5; if (getVal('free_hits') <= $freeHits) { setVal('free_hits', getVal('free_hits') + 1); return; } if (getVal('use_last')) { $usageCounter = $usage[getVal('use_count', 0)]; $nextin = getVal('use_last') + $usageCounter; if ($nextin >= time()) { if (!getVal('use_locked')) { $counter = getVal('use_count') + 1; setVal('use_count', $counter); setVal('use_locked', false); } if (getVal('use_count') > sizeof($usage) - 1) { setVal('use_count', sizeof($usage) - 1); setVal('use_locked', true); } echo 'Poczekaj ' . ($nextin - time()) . ' sekund. … '; die(); } else { setVal('use_count', 0); setVal('use_locked', false); setVal('free_hits', 0); } } else { setVal('use_count', 0); } if (!getVal('use_locked')) { setVal('use_last', time()); } } function getVal($keyName, $default = null) { return $_SESSION[$keyName] ?? $default; } function setVal($keyName, $value) { if (!isset($_SESSION)) session_start(); return $_SESSION[$keyName] = $value; }