数据库代码如下:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[wd_secure_ip_address](
[wt_ip] [nvarchar](50) NOT NULL,
[wt_addtime] [datetime] NOT NULL,
[wt_isBlack] [int] NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[wd_secure_ip_address] ADD CONSTRAINT [DF_wd_ip_address_wt_time] DEFAULT (getdate()) FOR [wt_addtime]
GO
ALTER TABLE [dbo].[wd_secure_ip_address] ADD CONSTRAINT [DF_wd_secure_ip_address_wt_state] DEFAULT ((0)) FOR [wt_isBlack]
GO
安全代码写入char.asp文件里
代码如下
'*****************提交安全过滤(包含留言和演示站)**************
'SecureBlackTime = 被拉黑的时间段,单位为分钟
'SecureIntoTime = 数据插入频率的黑名单
'具体用法: 直接call,例如:call SubSecureCheck(40,10) ,意思是限制40分钟访问访问
'SecureIntoTime=分钟为单位
'SecureIntoTime=秒为单位
'1分钟插入3条的,自动拉黑;拉黑后执行全局的拉黑限制,例如40分钟后才允许再发
'SecureIntoNumber: 默认值为3,既3条;
'SecureIntoAllTimeValue:默认值为60,既60秒;合起来为,60秒内插入了3条记录。
function SubSecureCheck(SecureBlackTimeValue,SecureIntoTimeValue,SecureDomain,SecureIntoNumber,SecureIntoAllTimeValue)
if isnumeric(SecureBlackTimeValue) = false then
response.Write("拉黑的时间设置错误,请设置数字值,例如:40,时间单位分钟,单位不用带进去。")
exit function
end if
if isnumeric(SecureIntoTimeValue) = false then
response.Write("插入数据库的时间的设置错误,请设置数字值,例如:10,时间单位秒,单位不用带进去。")
exit function
end if
if isnull(SecureDomain) = false or len(SecureDomain) =0 then
SecureDomain = Request.ServerVariables("SERVER_NAME")
SecureDomain = lcase(SecureDomain)
if SecureDomain= "" then
response.Write("Secure Domain erro~")
exit function
end if
end if
if isnull(SecureIntoNumber) = false or len(SecureIntoNumber) =0 then
SecureIntoNumber =3 '默认值3条
end if
if isnull(SecureIntoAllTimeValue) = false or len(SecureIntoAllTimeValue) =0 then
SecureIntoAllTimeValue =60 '默认值60秒
end if
'获取IP
dim wt_sub_IP
wt_sub_IP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If wt_sub_IP = "" Then
wt_sub_IP = Request.ServerVariables("REMOTE_ADDR")
end if
If wt_sub_IP = "" Then
response.Write("IP erro~")
response.End()
end if
'检查IP是否在黑名单里
dim rsBlackIp,backIPEndTime
SecureBlackTimeValue = "-"&SecureBlackTimeValue
SecureBlackTimeValue = cint(SecureBlackTimeValue)
backIPEndTime = DateAdd("n", SecureBlackTimeValue,Now)
' response.Write "<br>backIPendTime:"&backIPendTime
' response.Write "<br>"
set rsBlackIp=server.CreateObject("adodb.recordset")
rsBlackIp.open "select wt_ip from wd_secure_ip_address where wt_ip='"&trim(wt_sub_IP)&"' and wt_addtime >='"&backIPEndTime&"' and wt_isBlack=1 ",conn,1,1
if not rsBlackIp.eof and not rsBlackIp.bof then
response.Write("IP in Black~")
response.End()
end if
rsBlackIp.close
set rsBlackIp=nothing
'判断来路是不是官方的
dim wt_sub_filename
if Request.ServerVariables("HTTP_REFERER")<>"" then
wt_sub_filename=Request.ServerVariables("HTTP_REFERER")
else
wt_sub_filename="获取来路失败!"
response.End()
end if
'response.Write wt_sub_filename
If wt_sub_filename = "" or StrComp(wt_sub_filename,"56sys.com") <>1 then '判断是不是官网提交的,获取文件名为空
'加入黑名单
conn.execute("insert into wd_secure_ip_address(wt_ip,wt_addtime,wt_isBlack) values('"&wt_sub_IP&"','"&now()&"','1' )")
response.Write("Blacl IP ~")
response.End()
end if
'IP频率判断,然后拉黑
dim rsSecureInto,SecureIntoTime
SecureIntoTimeValue = "-"&SecureIntoTimeValue
SecureIntoTimeValue = cint(SecureIntoTimeValue)
' response.Write "<br>"
SecureIntoTime = DateAdd("s",SecureIntoTimeValue,Now)
' response.Write "<br>now:"&now()
' response.Write "<br>"
' response.Write "select * from wd_secure_ip_address where wt_ip='"&trim(wt_sub_IP)&"' and wt_addtime <='"&SecureIntoTime&"' "
' response.Write "<br>"
'response.end
'判断上次提交数据是否超过10秒,超过则提示不能提交。
set rsSecureInto=server.CreateObject("adodb.recordset")
rsSecureInto.open "select wt_ip from wd_secure_ip_address where wt_ip='"&trim(wt_sub_IP)&"' and wt_addtime >='"&SecureIntoTime&"'",conn,1,1
if not rsSecureInto.eof and not rsSecureInto.bof then
response.Write "您手速太快了,请慢点再操作!"
response.End()
end if
rsSecureInto.close
set rsSecureInto=nothing
'1分钟插入3条的,拉黑
dim SecureIntoAllTimeValueNewTime
SecureIntoAllTimeValue = "-"&SecureIntoAllTimeValue
SecureIntoAllTimeValue = cint(SecureIntoAllTimeValue)
' SecureBlackTime = "-"&SecureBlackTime
' SecureBlackTime = cint(SecureBlackTime)
SecureIntoAllTimeValueNewTime = DateAdd("s",SecureIntoAllTimeValue,Now)
' response.Write "<br>now:"&SecureIntoAllTimeValueNewTime
' response.Write "<br>"
set rsSecureInto=server.CreateObject("adodb.recordset")
' response.Write "select count(*) as no from wd_secure_ip_address where wt_ip='"&trim(wt_sub_IP)&"' and wt_addtime >='"&SecureIntoAllTimeValueNewTime&"' "
' response.End()
rsSecureInto.open "select count(*) as no from wd_secure_ip_address where wt_ip='"&trim(wt_sub_IP)&"' and wt_addtime >='"&SecureIntoAllTimeValueNewTime&"' ",conn,1,1
if not rsSecureInto.eof and not rsSecureInto.bof then
if cint(trim(rsSecureInto("no"))) >=SecureIntoNumber then
response.Write "您提交太频繁了,我都看不下去了,拉黑!"
conn.execute("insert into wd_secure_ip_address(wt_ip,wt_addtime,wt_isBlack) values('"&wt_sub_IP&"','"&now()&"','1')")
response.Write("Black IP ~")
response.End()
end if
end if
rsSecureInto.close
set rsSecureInto=nothing
'记录IP
conn.execute("insert into wd_secure_ip_address(wt_ip,wt_addtime,wt_isBlack) values('"&wt_sub_IP&"','"&now()&"','0')")
response.Write("<br>into IP ~")
'过期过多的IP删除,48小时外的IP
conn.execute("delete from wd_secure_ip_address where wt_addtime < ('"&DateAdd("d",-2,Now)&"')")
response.Write("Delete IP ~")
' response.End()
end function
'*****************提交安全过滤(包含留言和演示站)**************结束
调用:call SubSecureCheck(40,10,"56sys.com",3,60)
最新评论