DWQA QuestionsCategory: ServerWhen the PHP website registers, the SMS interface is used to simulate the post request to swipe the SMS. How to solve this problem?
She said she likes waves asked 4 weeks ago

When the PHP website registers, the SMS interface is used to simulate the post request to swipe the SMS. How to solve this problem?

Windoze replied 4 weeks ago

It’s not too much trouble to add a verification code.

7 Answers
Best Answer
brzhang answered 4 weeks ago

There are two things I know:
1. Add csrf_token to the page, and the CI framework of PHP will replace it.
2. Access frequency limit (the same as IP limit, the same as number limit), etc.

Yian answered 4 weeks ago

Instead, a token is required to send a message. For example, add a picture verification code.

Flying dragon answered 4 weeks ago

Add a limit. You can only send it once a minute, up to 50 times a day. This is also the practice of most websites.
csrf_tokenIt can’t be broken. I can use the software to visit the page generating token first.

Huang Zhe answered 4 weeks ago

A request a token, valid value once, set expiration time. I do the same now. Token verification failure and missing are all illegal submissions. If it’s more safe, please refer to the above friends. Are very common means, listen to other friends.

shsixun answered 4 weeks ago

1. Add token at the front end (graph validation)
2. Set the request interval of 60-100 seconds for the same number.
3. Set the number of requests for consent number in a day (6-8)
The above three steps can block most robots,
Finally, HTTPS transmission can be considered
In addition, we recommend a short message API for developers:http://www.shsixun.com