Shulou(Shulou.com)06/03 Report--

PHP SMS Captcha anti-brush mechanism is what, for this problem, this article describes the corresponding analysis and answer in detail, hoping to help more want to solve this problem of small partners to find a simpler and easier way.

9. PHP SMS Captcha anti-brush mechanism

Time limit: 60 seconds before sending again

From the time the Captcha is sent, the front end (client) counts down for 60 seconds, during which time the user cannot submit multiple requests to send information. Although this method is commonly used, it is not very useful. People with better technology can bypass this restriction and send SMS Captcha directly.

2, mobile phone number limit: the same mobile phone number, within 24 hours can not exceed 5

When using the same mobile phone number for registration or other operations of sending SMS Captcha, the system can restrict this mobile phone number, for example, only 5 SMS Captcha can be sent within 24 hours, and an error will be reported if the limit is exceeded (for example, the system is busy, please try again later). However, this can only avoid manual text messaging, and this method is helpless for machines that use different mobile phone numbers to swipe text messages in batches.

3. SMS Captcha Limit: Send the same Captcha within 30 minutes

There is also a method on the Internet that says: within 30 minutes, all requests and SMS Captcha sent are the same Captcha. The SMS interface is requested for the first time, and then the SMS Captcha result is cached. If it is requested again within 30 minutes, the cached content will be returned directly. For this method, it is not clear that SMS interface will not charge a fee for sending cached information, if you are interested, you can find out.

4. Front and back end verification: submit Token parameter verification

This method is relatively few people said, personally feel that this method is worth a try. When the front end (client) requests to send a short message, it submits a Token parameter to the server at the same time, and the server verifies the Token parameter. After the verification passes, it sends a short message to the user's mobile phone to the interface requesting to send a short message.

5. Uniqueness restriction: WeChat products limit the number of requests from the same WeChat ID user

If it is a WeChat product, it can be identified by WeChat ID, and then the user of the same WeChat ID can only send a certain amount of short messages within 24 hours.

6, product flow restrictions: step by step

For example, in the use scenario of registered SMS Captcha, we divide the registration step into two steps. After the user inputs the mobile phone number and sets the password, the next step is to enter the verification step of Captcha.

7. Graphic Captcha restriction: request the interface after the graphic verification passes

After the user inputs the graphic Captcha and passes it, he requests the SMS interface to obtain the Captcha. In order to have a better user experience, it can also be designed that the graphic Captcha does not need to be input at first, and the graphic Captcha needs to be input only after the operation reaches a certain amount. Please design according to the specific scenario.

IP and Cookie restrictions: limit the maximum number of the same IP/Cookie information

Using cookies or IP, it is possible to simply identify the same user and then restrict the same user (e.g., only 20 SMS messages can be sent within 24 hours). However, cookies can be cleaned, IP can be emulated, and IP can also appear in the case of the same IP in the local area network, so when using this method, it should be considered on a case-by-case basis.

We should also do a good job of SMS early warning mechanism, that is, when the use of SMS reaches a certain amount, send early warning information to the administrator, the administrator can immediately monitor and protect the interface of SMS.

About PHP SMS Captcha anti-brush mechanism is what kind of question answer to share here, I hope the above content can have some help to everyone, if you still have a lot of doubts not solved, you can pay attention to the industry information channel to learn more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.