我有一个网站可以产生良好的流量,我发现其他网站隐藏了我的网站,我有如何使用PHP检测它的问题,所以我可以阻止它。
首先
我已将echo $_SERVER['HTTP_HOST']或echo $_SERVER['SERVER_NAME']添加到我的代码中,当我访问此隐藏式网站时,结果是正确的。它显示了隐藏mywebsite.com的网站名称(cloakingwebsite.com)
所以我现在在cloakingwebsite.com(不是我的域名),在mywebsite.com(我的域名)上添加了此代码
if($_SERVER['HTTP_HOST'] == "cloakingwebsite.com" || $_SERVER['SERVER_NAME'] == "cloakingwebsite.com"){
echo "you are on cloakingwebsite.com";
}
else if($_SERVER['HTTP_HOST'] == "mywebsite.com" || $_SERVER['SERVER_NAME'] == "mywebsite.com"){
echo "you are on mywebsite.com";
}
我得到你在mywebsite.com
结论:
如果我使用 $ _ SERVER ['HTTP_HOST'] 或 $ _ SERVER ['SERVER_NAME'] echo 或打印< / strong>结果是正确的,但如果我将它们与 if 和 else 语句一起使用,结果就不对了。
我对虚拟或真实的ip和SERVER_NAME或HTTP_HOST知之甚少,但这对我来说似乎是一个安全问题。
我在google上搜索我的网站的所有用户都会找到这个隐藏真实内容的网站,并且他们通过这个网站登录我的网站,因为它还管理着Cookie和一切。 据我所知,这些网站可能会让我的所有用户登录信息。 我搜索了所有互联网的解决方案,这是javascript。 我做到了,但现在他们变得聪明,他们过滤并删除所有的JavaScript代码。
所以我唯一的选择就是 $ _ SERVER ['HTTP_HOST'] 或 $ _ SERVER ['SERVER_NAME'] 女巫未被检测到。
我在NGINX上运行PHP 7.1
请问任何解决方案?
myWebsite.com HEADERS
[USER] => www-data
[HOME] => /var/www
[HTTP_CF_CONNECTING_IP] => 3a02:3f0e:5260:664:75fb:bb5a:f2a6:1ea3
[HTTP_COOKIE] => __cfduid=d7711ced6c319ac0aa615de5f64160b561509570260;
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,it;q=0.6,ro;q=0.4
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
[HTTP_CF_VISITOR] => {"scheme":"https"}
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_CF_RAY] => 3b8d9bf459da7ea0-BUD
[HTTP_X_FORWARDED_FOR] => 3a02:2f0e:3260:664:75fb:bb5a:f2a6:1ea3
[HTTP_CF_IPCOUNTRY] => RO
[HTTP_ACCEPT_ENCODING] => gzip
[HTTP_CONNECTION] => Keep-Alive
[HTTP_HOST] => mywebsite.com
[REDIRECT_STATUS] => 200
[SERVER_NAME] => mywebsite.com
[SERVER_PORT] => 80
[SERVER_ADDR] => ******hiden.ip
[REMOTE_PORT] => 34741
[REMOTE_ADDR] => ****hiden.ip
[SERVER_SOFTWARE] => nginx/1.13.6
[GATEWAY_INTERFACE] => CGI/1.1
[REQUEST_SCHEME] => http
[SERVER_PROTOCOL] => HTTP/1.1
[DOCUMENT_ROOT] => /var/www
[DOCUMENT_URI] => /index.php
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[CONTENT_LENGTH] =>
[CONTENT_TYPE] =>
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[SCRIPT_FILENAME] => /var/www/index.php
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1509882770.658
[REQUEST_TIME] => 1509882770
cloakingWbsite.com HEADERS
[USER] => www-data
[HOME] => /var/www
[HTTP_CF_CONNECTING_IP] => 3a01:3f8:171:2a4c:0:0:0:2
[HTTP_COOKIE] => __cfduid=dcad0dcc3004b494316f306212dc195911509878400;
[HTTP_REFERER] =>
[HTTP_ACCEPT] => */*
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
[HTTP_CF_VISITOR] => {"scheme":"https"}
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_CF_RAY] => 3b8f5486a8196349-FRA
[HTTP_X_FORWARDED_FOR] => 2a01:4f8:171:3a4c:0:0:0:2
[HTTP_CF_IPCOUNTRY] => DE
[HTTP_ACCEPT_ENCODING] => gzip
[HTTP_CONNECTION] => Keep-Alive
[HTTP_HOST] => proxywebsite.com
[REDIRECT_STATUS] => 200
[SERVER_NAME] => cloakingwebsite.com
[SERVER_PORT] => 80
[SERVER_ADDR] => ***hidden.ip
[REMOTE_PORT] => 14485
[REMOTE_ADDR] => ***hidden.ip
[SERVER_SOFTWARE] => nginx/1.13.6
[GATEWAY_INTERFACE] => CGI/1.1
[REQUEST_SCHEME] => http
[SERVER_PROTOCOL] => HTTP/1.1
[DOCUMENT_ROOT] => /var/www
[DOCUMENT_URI] => /index.php
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[CONTENT_LENGTH] =>
[CONTENT_TYPE] =>
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[SCRIPT_FILENAME] => /var/www/index.php
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1509879844.936
[REQUEST_TIME] => 1509879844
答案 0 :(得分:0)
如果他们真正代理您的网站,则需要确定他们正在使用的服务器的IP地址并阻止它们。如果您阻止他们访问您的网站,他们就无法充当代理。
因此,您应该查看Apache,Nginx或您正在运行的任何Web服务器,检查日志文件,查找来自同一IP的大量请求,研究此问题,直到您确信它为止& #39;是那些提出这些要求的人。
然后在防火墙级别或使用CloudFlare等服务阻止它们。请注意,使用像CloudFlare这样的服务可以帮助您避免这种麻烦,因为它们将能够为您监控非人流量。他们的服务是免费的。 https://www.cloudflare.com/security/