php限制恶意提交
现在在完善网站的评论系统, 由于设计时是不想让用户输入验证码的, 但是最近一段时间发现被恶意用户恶意刷评论,我刚开始也是做了限制,例如用户必须登录才能发表评论(前期是可以匿名评论的),关键词过滤,IP地址过滤,垃圾评论检测, 但是现在有的恶意用户,为了刷那每天的50分,注册了几百个账号(目前检查出来的,已经禁止这部分用户了),然后用每个账号循环着发表内容(由于发现这些账号都在同一IP地址上,所以已经禁用了这个IP,但是只能管一时,过了几天IP地址换了,又大批量的开始发了),搞的小弟头疼啊。
<code>大家有没有对于恶意提交比较的建议,跪求指点迷津...</code>
回复内容:
现在在完善网站的评论系统, 由于设计时是不想让用户输入验证码的, 但是最近一段时间发现被恶意用户恶意刷评论,我刚开始也是做了限制,例如用户必须登录才能发表评论(前期是可以匿名评论的),关键词过滤,IP地址过滤,垃圾评论检测, 但是现在有的恶意用户,为了刷那每天的50分,注册了几百个账号(目前检查出来的,已经禁止这部分用户了),然后用每个账号循环着发表内容(由于发现这些账号都在同一IP地址上,所以已经禁用了这个IP,但是只能管一时,过了几天IP地址换了,又大批量的开始发了),搞的小弟头疼啊。
<code>大家有没有对于恶意提交比较的建议,跪求指点迷津...</code>
根据我多年的防刷经验,图片验证码仍然是性价比最高的防刷手段。
即使通过注册账号来防刷,机器人自动注册大量小号,然后你又需要在注册那边防刷,实际上是同一个问题。
如果可以不用自己的账号,而是使用第三方账号系统的话,会好一些,比如只允许新浪微博或者微信账号验证之后再提交,这样的话,账号防刷的问题实际上是抛给了新浪或者微信来解决。
回到图片验证码的解决方式上,问题的核心在用户友好性上,这里是存在改进余地的。
比如,根据IP段,如果这个IP段之前没有做过任何提交或提交次数小于n,允许无图片校验码直接提交,如果这个IP段之前产生过n次提交,就必须要图片验证码。
IP段的提交次数可以放到缓存计数器内,如果超过m秒,这个缓存就失效。
如果你的用户都是分散在不同的IP段上,实际上大量的用户是不会被图片验证码打扰到的。
这个方案无法抵抗持有大量代理的刷子,你只能通过减少n,增加m的方式来减少无效数据的产生。
可以试试极验验证
注册门槛提高,可以用手机号做验证,或者提交的时候用验证码等方式
在提交评论时,可以设置时间间隔
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
CakePHP Project Configuration
Sep 10, 2024 pm 05:25 PM
In this chapter, we will understand the Environment Variables, General Configuration, Database Configuration and Email Configuration in CakePHP.
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
CakePHP Date and Time
Sep 10, 2024 pm 05:27 PM
To work with date and time in cakephp4, we are going to make use of the available FrozenTime class.
CakePHP File upload
Sep 10, 2024 pm 05:27 PM
To work on file upload we are going to use the form helper. Here, is an example for file upload.
CakePHP Routing
Sep 10, 2024 pm 05:25 PM
In this chapter, we are going to learn the following topics related to routing ?
Discuss CakePHP
Sep 10, 2024 pm 05:28 PM
CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu
CakePHP Working with Database
Sep 10, 2024 pm 05:25 PM
Working with database in CakePHP is very easy. We will understand the CRUD (Create, Read, Update, Delete) operations in this chapter.
CakePHP Creating Validators
Sep 10, 2024 pm 05:26 PM
Validator can be created by adding the following two lines in the controller.
