Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "how to prevent the attack of underground industry". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

There are many types of attacks on the underground industry, such as irrigation and text messages. The underground industry will find the target through the crawler and the target website through the keyword.

The ability of underground industry to imitate human operation

Attacks on underground industries can well simulate human operations, rather than simple scripts. Probably use software such as selenium, control the browser to operate, and there is almost no difference between human access. Even drag CAPTCHA with behavioral verification can be simulated.

Reference: cracking the extreme verification code

Automatic CAPTCHA recognition

Due to the development of artificial intelligence, the verification code of machine recognition of characters, numbers and Chinese characters even exceeds that of human beings. For some CAPTCHA codes that are difficult for humans to recognize, machines have a higher recognition rate. It doesn't matter whether it's adhesion, overlap, distortion, hollow words, anti-color words, complex backgrounds, and interference lines. It doesn't matter if you don't have such advanced identification technology, there are ready-made services on the Internet, and it costs less than a penny to identify a CAPTCHA.

CAPTCHA recognition platform: Super Eagle

If there is really no machine recognition, there is a big trick: manual CAPTCHA recognition. The cost is only a few cents.

IP Agent

Since the CAPTCHA can't stop it, limit IP. To young to simple . Any IP agency claims to have millions or even tens of millions of IPs. A request for an IP is not a problem if you want to. Restricting IP is just a way to prevent a gentleman but not a villain.

Code receiving platform

The mobile phone verification code does not work well, it is all received automatically. There is also an automatic code receiving platform, probably how many mobile phone numbers are not a problem.

How to guard against the third party verification code

General CAPTCHA codes have basically existed, so there are a large number of third-party CAPTCHA codes, such as extreme verification, NetEase Cloud Shield, Tencent Cloud CAPTCHA, Digital Technology and so on.

CAPTCHA is the most critical means to prevent automatic attacks. Because the graphic verification code is cracked, the concept of behavior verification code is put forward, which is not only to check the final verification data submitted by the customer server, but also to check the behavior of the user in the browser. For example, drag CAPTCHA to verify the drag process, if it is dragged at a uniform speed, it is determined to be a robot. It is claimed that by learning from big data, you can recognize how to drag a real person, not a robot. And judge the danger of the user by IP address and other information.

The actual effect is still unknown, but some people have passed the verification by imitating human dragging. Due to a large number of IP agents, it is not feasible to judge the danger of users by their IP addresses.

In addition to dragging the CAPTCHA, you can also choose the CAPTCHA. Mainly use Chinese characters plus coordinates. But Super Eagle can easily recognize Chinese characters and their coordinates. Its effectiveness is also questionable.

Foreign websites mainly use picture recognition. For example, find out all the pictures of ships. Such a CAPTCHA is very expensive and requires a large number of pictures to be collected. It can only be done by a third-party professional CAPTCHA company.

Filter virtual number range

The mobile phone number may be the only thing that has a little meaning. After all, an ID card can only handle five numbers. However, the virtual number range of the virtual operator must be prohibited.

IP restriction

Limit is better than no limit, otherwise even the IP agent will be exempted.

Illegal character filtering

Underground industry irrigation is mainly for advertising, filtering keywords is necessary.

Kill move

SMS uplink verification. Allowing users to send text messages to the designated platform can greatly increase the attack cost. However, it is very unfriendly to users, and most users reject their own texting unless they have to.

Turing test

Just answer the question. Set up a question bank, and it is best to increase it every day. The question bank is best related to the theme of the site, or questions that can be answered by others but cannot be answered by the machine. Be careful to avoid machines using search engines to answer questions.

This is the end of the content of "how to guard against attacks in the underground industry". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.