$now) { // HAR SO‘ROVDA blokni yana 3 soniyaga uzaytiramiz file_put_contents($file, $lastTime . '|' . $count . '|' . ($now + 3)); http_response_code(404); exit; } /* 1 soniya ichidagi so‘rovlarni sanaymiz */ if ($now - $lastTime <= 1) { $count++; } else { $count = 1; } /* Limit oshsa → blokni ishga tushiramiz */ if ($count > 2) { file_put_contents($file, $now . '|' . $count . '|' . ($now + 3)); http_response_code(404); exit; } /* Normal holatni saqlaymiz */ file_put_contents($file, $now . '|' . $count . '|0'); $CONFIG = [ // Profil rasmini shu yerga qo'ying (https://... yoki data:image/...) 'profile_image' => 'https://saidakbar.info/avatar.jpg', 'profile_name' => "SaidAkbar Bahodirov", 'profile_bio' => "Middle darajadagi dasturchi. Barqaror va xavfsiz web loyihalar ishlab chiqishda tajribaga ega, kod sifati va samaradorligiga e’tibor qaratadi.", 'main_project' => [ 'title' => 'Asosiy Loyiha - LOCK | SMM', 'image' => 'https://saidakbar.info/asosiy.jpg', 'status' => 'Faol holatda • Global monitoring • 99.9% barqarorlik • Yuqori yuklamaga tayyor', 'purpose' => 'LOCK | SMM platformasini global miqyosdagi eng kuchli va ishonchli SMM provider darajasiga olib chiqish. Millionlab foydalanuvchilarga tezkor, barqaror va xavfsiz xizmatlar taqdim etish, zamonaviy texnologiyalar orqali bozor yetakchisiga aylanish.' ], // Loyihalar ro'yxati - 6 ta bo'lishi kerak (kiritilmasa placeholders bo'ladi) 'projects' => [ [ 'title' => 'LOCK | SMM', 'image' => 'https://saidakbar.info/asosiy.jpg', 'desc' => "Ushbu loyiha smm provider loyihasi bo'lib siz bu loyiha yordamida smm xizmatlaridan foydalanishingiz mumkin!", 'url' => 'https://t.me/lock_smm' ], [ 'title' => 'TONIX BOT', 'image' => 'https://saidakbar.info/loyiha2.jpg', 'desc' => "bu Telegram orqali Toncoin ni xavfsiz, tez va qulay tarzda sotib olish hamda sotish imkonini beruvchi savdo botidir!", 'url' => 'https://t.me/t0nixbot' ], [ 'title' => 'MY Movie', 'image' => 'https://saidakbar.info/loyiha3.jpg', 'desc' => "Ushbu loyiha kino yo'nalishi bilan yaratilgan va siz bu bot orqali bemalol istalgan kinoni tomosha qilishingiz mumkin!", 'url' => 'https://t.me/MyMovi_eBot' ], [ 'title' => 'Bot yaratish xizmati!', 'image' => 'https://saidakbar.info/loyiha4.jpg', 'desc' => "Ushbu loyiha foydalanuvchilar uchun maxsus taklif asosida ishga tushgan va siz bemalol kanal bilan tanishib chiqishingiz mumkin!", 'url' => 'https://t.me/MyBotCreator' ], [ 'title' => 'My Premium', 'image' => 'https://saidakbar.info/loyiha5.jpg', 'desc' => "Ushbu loyihada biz sizga tezkor, arzon va sifatli telegram premium olib berish xizmatini taklif qilamiz!", 'url' => 'https://t.me/MY_Premiumm' ], [ 'title' => 'LOCKSMM.COM', 'image' => 'https://saidakbar.info/loyiha6.png', 'desc' => "Eng yaxshi va eng arzon narxda sifatli smm xizmatlarini taklif qiluvchi smm provider!", 'url' => 'https://locksmm.com' ], ], // Til opsiyalari 'languages' => ['uz'=>'O\'zbek','ru'=>'Русский','en'=>'English'], ]; ######################### # Xavfsizlik & RateLimit # ######################### // 1) Xavfsizlik sarlavhalari header_remove('X-Powered-By'); // PHP versiyasini yashirish header('X-Frame-Options: DENY'); header('X-Content-Type-Options: nosniff'); header('Referrer-Policy: no-referrer-when-downgrade'); header('Permissions-Policy: geolocation=(), microphone=(), camera=()'); header('Content-Security-Policy: default-src \'self\' https: data:; script-src \'self\' \'unsafe-inline\' https:; style-src \'self\' \'unsafe-inline\' https:; img-src \'self\' data: https:; connect-src \'self\' https:; frame-ancestors \'none\'; base-uri \'self\';'); if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { header('Strict-Transport-Security: max-age=63072000; includeSubDomains; preload'); } // 2) Error handling ini_set('display_errors', 0); set_error_handler(function(){}); set_exception_handler(function($e){ http_response_code(500); echo "Server error"; exit; }); // 3) Simple IP rate-limiter + block (SQLite token bucket) // Limit siyosati: capacity = 120 tokens, refill_rate = 1 token per second, // har so'rov 1 token iste'mol qiladi. Agar token qolmasa, IP 5 daqiqaga bloklanadi. session_start(); $dbfile = __DIR__ . '/rate_limit.sqlite'; try { $db = new PDO('sqlite:' . $dbfile); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->exec("CREATE TABLE IF NOT EXISTS ip_bucket ( ip TEXT PRIMARY KEY, tokens REAL, last_ts INTEGER, blocked_until INTEGER )"); } catch (Exception $e) { // Agar DB ishlamasa, davom etamiz lekin rate-limit bo'lmaydi $db = null; } // Helper: get real IP (oddiy) function get_ip() { if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) return $_SERVER['HTTP_CF_CONNECTING_IP']; if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); return trim($parts[0]); } return $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } $ip = get_ip(); $now = time(); $capacity = 120.0; $refill_rate = 1.0; // tokens per second $block_duration = 300; // 5 minutes $cost_per_request = 1.0; if ($db) { try { $stmt = $db->prepare("SELECT tokens, last_ts, blocked_until FROM ip_bucket WHERE ip = :ip"); $stmt->execute([':ip'=>$ip]); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (!$row) { $tokens = $capacity - $cost_per_request; $last = $now; $blocked_until = 0; $ins = $db->prepare("INSERT INTO ip_bucket (ip, tokens, last_ts, blocked_until) VALUES (:ip, :t, :l, :b)"); $ins->execute([':ip'=>$ip, ':t'=>$tokens, ':l'=>$last, ':b'=>$blocked_until]); } else { $tokens = (float)$row['tokens']; $last = (int)$row['last_ts']; $blocked_until = (int)$row['blocked_until']; if ($blocked_until > $now) { // IP bloklangan http_response_code(429); header('Retry-After: ' . ($blocked_until - $now)); echo "

429 Too Many Requests

Siz vaqtinchalik bloklangansiz. Iltimos " . ($blocked_until - $now) . " soniya kuting.

"; exit; } // refill $delta = max(0, $now - $last); $tokens = min($capacity, $tokens + $delta * $refill_rate); if ($tokens < $cost_per_request) { // blokla $blocked_until = $now + $block_duration; $upd = $db->prepare("UPDATE ip_bucket SET tokens = :t, last_ts = :l, blocked_until = :b WHERE ip = :ip"); $upd->execute([':t'=>$tokens, ':l'=>$now, ':b'=>$blocked_until, ':ip'=>$ip]); http_response_code(429); header('Retry-After: ' . $block_duration); echo "

429 Too Many Requests

Siz vaqtincha bloklandingiz (5 daqiqa). Iltimos keyinroq qayta urinib ko‘ring.

"; exit; } else { $tokens -= $cost_per_request; $upd = $db->prepare("UPDATE ip_bucket SET tokens = :t, last_ts = :l WHERE ip = :ip"); $upd->execute([':t'=>$tokens, ':l'=>$now, ':ip'=>$ip]); } } } catch (Exception $e) { // DB xatosi bilan davom etamiz (yirik texnik muammo bo'lmasa) } } // 4) CSRF token (agar formlar qo'shsangiz ishlatish uchun) if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(16)); } $CSRF_TOKEN = $_SESSION['csrf_token']; // 5) Kichik sanitizatsiya funksiyalari function e($s){ return htmlspecialchars((string)$s, ENT_QUOTES|ENT_SUBSTITUTE, 'UTF-8'); } function url_safe($s){ // oddiy URL validatsiya if (filter_var($s, FILTER_VALIDATE_URL)) return $s; return '#'; } // End of backend security part. Frontend quyida. ?> <?php echo e($CONFIG['profile_name']); ?>

Assalomu alaykum!

Portfolio va loyihalar paneli
Monitoring:
CPU 5% • RAM 3%
Ushbu rasm asosiy loyiha rasmi hisoblanadi!

Maqsad