关于php验证码的破解。解决方案 -PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

关于php验证码的破解。解决方案

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 01:36 PM

colorcurlimageval

关于php验证码的破解。
网站防爆最好是加验证码了。
市场上的验证码一般有几花样，
英文+数字、中文与JS的，
还有很少见的中国移动识图验证码。
这种看似很威武，实际上感觉也不太好，答案就固定有8个了。
做数字是否存在判断后，答案就能锁定4个了。靠蒙的话，蒙对的机率还是挺大的。

最后是加些干扰点、干扰线。再扭曲字体等。

php通常是用GD库生成图片+SESSION来实现认证，
当突破验证码这关之后，可以模拟请求获sessionID，
用获得sessionID取得验证码分析之后再模拟注册登录验证。

验证码被破后基本是畅通无阻了。然后就爆力效验账号密码，滥发信息之类云云了……

在明白过程后就好防备了，所以说涉及到几个问题。
一、要加强验证码难度，一些位置固定字符形态不变的是很容易识别的了。
二、要SESSION做适当配置。SESSION效验后及时清掉，禁止URL传值设置等...
三、适当做些时间与次数限制。

下面是百度的验证码BZ6E，应该有来路判断的提交几次就挂了，伪一下才行。
有些难度，每个字符都连接一起加干扰线加少许扭曲，跟淘宝的差不多，不过淘宝没干扰线。
大家讨论下看看怎么破，应该还是有人破的了。贴吧上还是经常有人爆吧的。　

好了，先扯这么多。

PHP code

<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

-->
$image_name = 'baidu.jpg';
$image = "http://tieba.baidu.com/cgi-bin/genimg?0013286908280168B65F46CEDCD48CF9D46DF47A64587DA42FC48BF1CF8D47BD0D0BC2EE39911C9918D5CF46E79CF94FFA71BC0DC14DAE59197F42F24B4455C205062670A2977101F1A661F7F4716A8BC2C21D586F886CA300E0D42874D6365A1216622D9740163479D1DD416DAE5D70C09EA834F6B9EC307A29CDAF8D0C78FE159402800B113F6039195E5D683695532E4E2FFD8563D732AD19EDFB147B7569B617BDFBE487CE77AE49E75D83BA56B7038971E2081F647A&t=0.7108543934300542";    


$curl = curl_init(); 
curl_setopt($curl, CURLOPT_URL, $image); 
curl_setopt($curl, CURLOPT_REFERER, 'http://tieba.baidu.com/f?kw=baidu'); 
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); 
$result = curl_exec($curl); 
curl_close($curl); 
file_put_contents($image_name, $result);


$size = getimagesize($image_name);
$im = imagecreatefromjpeg($image_name);
imagejpeg($im, 'baidu.jpg',100);
$width = $size[0];
$height = $size[1];


for($x = 1; $x $val)
{
    foreach ($val as $k=>$v)
        $col[$key] .= $v $val)
    if(array_sum($val) $val)
{
    $val = trim($val);
    if(empty($val)) unset($col[$key]);
}

echo '<pre class="brush:php;toolbar:false">';
print_r($col);

------解决方案--------------------
好帖.不过看过那个中极验证破解的文章,不太理解哦...
------解决方案--------------------
啥意思讨论如何破解百度的验证码？很久以前，我记得那个时候百度的验证码是可以根据某个特征逆出来的，后来给修复了。

你说经常有人爆吧，那是因为人肉ddos.当我发动1000个人一起攻击的时候，如果程序和硬件跟不上是完全无法阻挡的，所以单单从程序上来说绕过验证码我觉得可能性不大。别小看了百度的程序员。至于识别出验证码，那是老生常谈的问题了，识别关键是识别率,类似像淘宝这样的当你的验证多少次输入失败后就直接封你ip多长时间，你的识别率要是不高的话，那就是浮云啊.
------解决方案--------------------
二值化不好，通常在处理过程就会丢失一些精度，要求验证码变化比较简单的，还需用数据库去比对能搞出来

非OCR的方法，我觉得用数据模拟覆盖，达XX%以上就认为找出一个字，这么来可能更好一些。直接无视干扰

个人用这种方法，试过开源的部分程序，效果还可以，比率30%――90%以上都有

当然，开源的程序，用的字体、变形方式都是清楚的，，，非开源的只能靠自己发现啦，hoho~~~~~
------解决方案--------------------
图像识别（OCR）是广泛的技术，算法巨多
目前OCR技术可谓炉火纯青了

不过若用于识别验证码，未免也太不道德了

和谐社会是需要大家来创建的

------解决方案--------------------
高手都来了所
------解决方案--------------------
被爆过的路过
菜鸟的我还没找到一个终极的解决办法，想想还是用时间限制+ip&&次数来做点抵挡了
------解决方案--------------------
我一般用粘合的方式 +字符变形底纹细小的字母（就是增加噪点）
一般不被爆！~
------解决方案--------------------
坦白的说,干这个基本是浪费时间.....

我现在一般都推荐用recaptcha,实际上很多大网站都在用,破破看?

还有,现在的另一个趋势是干脆不用验证,而是通过统计方法来识别垃圾,
比如
http://disqus.com/welcome/

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Performance Tuning for High Traffic WebsitesMay 14, 2025 am 12:13 AM

ThesecrettokeepingaPHP-poweredwebsiterunningsmoothlyunderheavyloadinvolvesseveralkeystrategies:1)ImplementopcodecachingwithOPcachetoreducescriptexecutiontime,2)UsedatabasequerycachingwithRedistolessendatabaseload,3)LeverageCDNslikeCloudflareforservin

Dependency Injection in PHP: Code Examples for BeginnersMay 14, 2025 am 12:08 AM

You should care about DependencyInjection(DI) because it makes your code clearer and easier to maintain. 1) DI makes it more modular by decoupling classes, 2) improves the convenience of testing and code flexibility, 3) Use DI containers to manage complex dependencies, but pay attention to performance impact and circular dependencies, 4) The best practice is to rely on abstract interfaces to achieve loose coupling.

PHP Performance: is it possible to optimize the application?May 14, 2025 am 12:04 AM

Yes,optimizingaPHPapplicationispossibleandessential.1)ImplementcachingusingAPCutoreducedatabaseload.2)Optimizedatabaseswithindexing,efficientqueries,andconnectionpooling.3)Enhancecodewithbuilt-infunctions,avoidingglobalvariables,andusingopcodecaching

PHP Performance Optimization: The Ultimate GuideMay 14, 2025 am 12:02 AM

ThekeystrategiestosignificantlyboostPHPapplicationperformanceare:1)UseopcodecachinglikeOPcachetoreduceexecutiontime,2)Optimizedatabaseinteractionswithpreparedstatementsandproperindexing,3)ConfigurewebserverslikeNginxwithPHP-FPMforbetterperformance,4)

PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AM

APHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.

Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AM

Select DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.

PHP performance optimization strategies.May 13, 2025 am 12:06 AM

PHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi

PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AM

PHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055612 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),