In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/02 Report--
This article introduces the relevant knowledge of "how to prevent the attack of underground industry". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!
There are many types of attacks on the underground industry, such as irrigation and text messages. The underground industry will find the target through the crawler and the target website through the keyword.
The ability of underground industry to imitate human operation
Attacks on underground industries can well simulate human operations, rather than simple scripts. Probably use software such as selenium, control the browser to operate, and there is almost no difference between human access. Even drag CAPTCHA with behavioral verification can be simulated.
Reference: cracking the extreme verification code
Automatic CAPTCHA recognition
Due to the development of artificial intelligence, the verification code of machine recognition of characters, numbers and Chinese characters even exceeds that of human beings. For some CAPTCHA codes that are difficult for humans to recognize, machines have a higher recognition rate. It doesn't matter whether it's adhesion, overlap, distortion, hollow words, anti-color words, complex backgrounds, and interference lines. It doesn't matter if you don't have such advanced identification technology, there are ready-made services on the Internet, and it costs less than a penny to identify a CAPTCHA.
CAPTCHA recognition platform: Super Eagle
If there is really no machine recognition, there is a big trick: manual CAPTCHA recognition. The cost is only a few cents.
IP Agent
Since the CAPTCHA can't stop it, limit IP. To young to simple . Any IP agency claims to have millions or even tens of millions of IPs. A request for an IP is not a problem if you want to. Restricting IP is just a way to prevent a gentleman but not a villain.
Code receiving platform
The mobile phone verification code does not work well, it is all received automatically. There is also an automatic code receiving platform, probably how many mobile phone numbers are not a problem.
How to guard against the third party verification code
General CAPTCHA codes have basically existed, so there are a large number of third-party CAPTCHA codes, such as extreme verification, NetEase Cloud Shield, Tencent Cloud CAPTCHA, Digital Technology and so on.
CAPTCHA is the most critical means to prevent automatic attacks. Because the graphic verification code is cracked, the concept of behavior verification code is put forward, which is not only to check the final verification data submitted by the customer server, but also to check the behavior of the user in the browser. For example, drag CAPTCHA to verify the drag process, if it is dragged at a uniform speed, it is determined to be a robot. It is claimed that by learning from big data, you can recognize how to drag a real person, not a robot. And judge the danger of the user by IP address and other information.
The actual effect is still unknown, but some people have passed the verification by imitating human dragging. Due to a large number of IP agents, it is not feasible to judge the danger of users by their IP addresses.
In addition to dragging the CAPTCHA, you can also choose the CAPTCHA. Mainly use Chinese characters plus coordinates. But Super Eagle can easily recognize Chinese characters and their coordinates. Its effectiveness is also questionable.
Foreign websites mainly use picture recognition. For example, find out all the pictures of ships. Such a CAPTCHA is very expensive and requires a large number of pictures to be collected. It can only be done by a third-party professional CAPTCHA company.
Filter virtual number range
The mobile phone number may be the only thing that has a little meaning. After all, an ID card can only handle five numbers. However, the virtual number range of the virtual operator must be prohibited.
IP restriction
Limit is better than no limit, otherwise even the IP agent will be exempted.
Illegal character filtering
Underground industry irrigation is mainly for advertising, filtering keywords is necessary.
Kill move
SMS uplink verification. Allowing users to send text messages to the designated platform can greatly increase the attack cost. However, it is very unfriendly to users, and most users reject their own texting unless they have to.
Turing test
Just answer the question. Set up a question bank, and it is best to increase it every day. The question bank is best related to the theme of the site, or questions that can be answered by others but cannot be answered by the machine. Be careful to avoid machines using search engines to answer questions.
This is the end of the content of "how to guard against attacks in the underground industry". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 229
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.