I have he following anti flood protection for my php website:
<?php
if (!isset($_SESSION)) {
session_start();
}
// anti flood protection
if ($_SESSION['last_session_request'] > time() - 2){
// users will be redirected to this page if it makes requests faster than 2 seconds
echo "Stay out!";
exit;
}
$_SESSION['last_session_request'] = time();
?>
It works fine because the website becomes stable after I added (15 days ago), but has a problem. To understand de problem you can go to the website attacked (http://www.lamejortoros.com/) and you will see:
If you are in the main page or click in one of the articles it navigates well.
BUT
If you go to Cronicas, Contactenos or Miembros section it shows: Stay out!
I want to understand why it happens and if is possible how to solve it?
Thanks.
Do the following steps:
What happens is that you are hitting your website twice. First it hits a 301 redirect, then the actual page. Causing it to count as 2 visits, thus failing. You can solve it by increasing the number of visits you assume it is a bot.
Imo you are doing it wrong. Anti DDOS protection should be on server level not script level. I can have cookies disabled and you hit your website as many times as I want without issues. Additionally bots do not store cookies so everytime they have a new session.