Home > Article > Backend Development > How to prevent your website from being bombarded by registration machines
How to prevent your website from being bombarded by registration machines
- WBOYOriginal
- 2016-09-19 09:16:281555browse
The current protection is mobile phone verification code and token verification. The registration machine registers all empty numbers, but I can receive the verification code. I also registered the same IP once an hour. Is there any other way to prevent it?
Reply content:The current protection is mobile phone verification code and token verification. The registration machine registers all empty numbers, but I can receive the verification code. I also registered the same IP once an hour. Is there any other way to prevent it?
I am not very good at Chinese and can’t understand the questions!
I wrote one for a friend before. They used a verification code generation program that they found online. I guess too many people used it and they didn’t prevent it. I personally prefer JS to solve problems. After finally using this solution, there were no more problems.
TokenCode, prevent robots from simulating submission method registration
TokenCode uses demo script
<code><?php
#=====================================================================
#= Copyright (c) 2015 猫七(QQ:77068320) =
#= All rights reserverd. =
#=====================================================================
#= TokenCode 防模拟提交程序 类(PHP版本) =
#= 使用说明:http://www.miaoqiyuan.cn/products/tokencode/last.zip =
#= 演示地址:http://www.miaoqiyuan.cn/products/tokencode/ =
#= 使用说明:http://www.miaoqiyuan.cn/p/tokencode =
#= 邮箱地址:mqycn@126.com QQ:77068320 1301425789 =
#=====================================================================
class TokenCode {
public $value, $code ;
public $OperationList;
public function __construct() {
$resultValue = $this -> RandomKey($this -> RandomIntger());
$resultCode = "'" . $resultValue . "'";
$this -> OperationList = Array("+", "-" ,"*");
for( $i = 0 ; $i < $this -> RandomIntger() + 3; $i++){
$op = $this -> RandOperation();
switch($op){
case "+":
case "-":
$random = $this -> RandEquations();
$resultValue .= $random["value"];
$resultCode .= "+(" . $random["code"] . ")";
break;
default:
$random = $this -> RandomKey($this -> RandomIntger());
$resultValue .= $random;
$resultCode .= "+'" . $random . "'";
break;
}
}
$rnd1 = $this -> RandomIntger();
$rnd2 = $this -> RandomIntger() + 8;
$this -> value = substr($resultValue, $rnd1, $rnd2);
$this -> code = "(" . $resultCode . ").substring(" . $rnd1 . "," . ($rnd1 + $rnd2) . ")";
}
private function RandEquations(){
$va = $str = $this -> RandomLong();
$this -> OperationList = Array("+", "-" ,"*");
for( $i = 0 ; $i < $this -> RandomIntger(); $i++){
$op = $this -> RandOperation();
$vb = $this -> RandomLong();
switch($op){
case "+":
$va += $vb;
$str .= "+" . $vb;
break;
case "-":
$va -= $vb;
$str .= "-" . $vb;
break;
case "*":
$va *= $vb;
$str = "(" . $str . ")*" . $vb;
break;
}
}
return Array(
"code" => $str,
"value" => $va
);
}
private function RandOperation(){
return $this -> OperationList[rand() % count($this -> OperationList)];
}
private function RandomIntger(){
return (int)substr(rand(), 1, 1) + 1;
}
private function RandomLong(){
return (int)substr(rand(), 1, 3) + 1;
}
private function RandomKey($len = 10){
return substr(md5(rand()), 1, $len + 5);
}
}
?>
</code>
Calling method:
<code><?php
require("TokenCode.php");
$token = new TokenCode();
$tokenValue = $token -> value ;
$tokenCode = $token -> code ;
//代码段
$_SESSION["_TOKENCODE"] = $token -> value ;
//代码段
echo '<script type="text/javascript">_TOKENCODE=' . $token -> code . ';</script>';
?></code>
After saving the session, go to the verification page to verify the submitted code and verification results. There are very few program changes, and you only need to change the js.
<code>#AJAX方式
$.post("/", {mob : $("#mob").val() , token : _TOKENCODE }, function(){ } );
#URL方式
$("#send").click(function(){
if(this.href.indexOf('&token=')==-1){
this.href+='&token=' + _TOKENCODE
};
});</code>
IP restriction plus high strength verification code
Did you register with a virtual number?
The registration machine registered all empty numbers, but I can receive the verification code
Can the poster explain, what kind of registration machine is this and what kind of mobile phone number is it?
The method I thought of
Method 1. Add another layer of verification when registering, such as: 12306 picture selection, Taobao's sliding module + background pictureMethod 2. Add biometric detection, such as face recognition, lip movement detection, biometric The user is actually created only after the test passes,
Domestic WeBank has used liveness detection technology in its app, but this technology is currently mainly used in scenarios with relatively high security requirements, and is only used as a means of auxiliary verification and cannot be 100% relied on. All in all the effect is pretty good.
Enter verification code or add IP restrictions, the same IP cannot be registered continuously
Change the way to get the verification code.
Use voice to get the verification code. After filling in the mobile phone number on the web page, use the calling platform to make a voice call to the owner of the phone.