When the PHP website registers, the SMS interface is used to simulate the post request to swipe the SMS. How to solve this problem?
It’s not too much trouble to add a verification code.
There are two things I know:
1. Add csrf_token to the page, and the CI framework of PHP will replace it.
2. Access frequency limit (the same as IP limit, the same as number limit), etc.
Instead, a token is required to send a message. For example, add a picture verification code.
Add a limit. You can only send it once a minute, up to 50 times a day. This is also the practice of most websites.
csrf_tokenIt can’t be broken. I can use the software to visit the page generating token first.
A request a token, valid value once, set expiration time. I do the same now. Token verification failure and missing are all illegal submissions. If it’s more safe, please refer to the above friends. Are very common means, listen to other friends.
1. Add token at the front end (graph validation)
2. Set the request interval of 60-100 seconds for the same number.
3. Set the number of requests for consent number in a day (6-8)
The above three steps can block most robots,
Finally, HTTPS transmission can be considered
In addition, we recommend a short message API for developers:http://www.shsixun.com