Home > Backend Development > PHP Tutorial > How to prevent your website from being bombarded by registration machines

How to prevent your website from being bombarded by registration machines

WBOY
Release: 2016-09-19 09:16:28
Original
1584 people have browsed it

The current protection is mobile phone verification code and token verification. The registration machine registers all empty numbers, but I can receive the verification code. I also registered the same IP once an hour. Is there any other way to prevent it?

Reply content:

The current protection is mobile phone verification code and token verification. The registration machine registers all empty numbers, but I can receive the verification code. I also registered the same IP once an hour. Is there any other way to prevent it?

I am not very good at Chinese and can’t understand the questions!

I wrote one for a friend before. They used a verification code generation program that they found online. I guess too many people used it and they didn’t prevent it. I personally prefer JS to solve problems. After finally using this solution, there were no more problems.

TokenCode, prevent robots from simulating submission method registration

TokenCode uses demo script

<code><?php
    #=====================================================================
    #=                 Copyright (c) 2015 猫七(QQ:77068320)              =
    #=                      All rights reserverd.                        =
    #=====================================================================
    #=           TokenCode 防模拟提交程序 类(PHP版本)                    =
    #=  使用说明:http://www.miaoqiyuan.cn/products/tokencode/last.zip   =
    #=  演示地址:http://www.miaoqiyuan.cn/products/tokencode/           =
    #=  使用说明:http://www.miaoqiyuan.cn/p/tokencode                   =
    #=  邮箱地址:mqycn@126.com   QQ:77068320 1301425789                =
    #=====================================================================
     
    class TokenCode {
        public $value, $code ;
        public $OperationList;
        public function __construct() {
            $resultValue = $this -> RandomKey($this -> RandomIntger());
            $resultCode = "'" . $resultValue . "'";
            $this -> OperationList = Array("+", "-" ,"*");
             
            for( $i = 0 ; $i < $this -> RandomIntger() + 3; $i++){
                $op =  $this -> RandOperation();
                switch($op){
                    case "+":
                    case "-":
                        $random = $this -> RandEquations();
                        $resultValue .= $random["value"];
                        $resultCode .= "+(" . $random["code"] . ")";
                        break;
                    default:
                        $random = $this -> RandomKey($this -> RandomIntger());
                        $resultValue .= $random;
                        $resultCode .= "+'" . $random . "'";
                        break;
                }
            }
             
            $rnd1 = $this -> RandomIntger();
            $rnd2 = $this -> RandomIntger() + 8;
            $this -> value = substr($resultValue, $rnd1, $rnd2);
            $this -> code = "(" . $resultCode . ").substring(" . $rnd1 . "," . ($rnd1 + $rnd2) . ")";
        }
         
        private function RandEquations(){
            $va = $str = $this -> RandomLong();
            $this -> OperationList = Array("+", "-" ,"*");
             
            for( $i = 0 ; $i < $this -> RandomIntger(); $i++){
                $op =  $this -> RandOperation();
                $vb = $this -> RandomLong();
                switch($op){
                    case "+":
                        $va += $vb;
                        $str .= "+" . $vb;
                        break;
                    case "-":
                        $va -= $vb;
                        $str .= "-" . $vb;
                        break;
                    case "*":
                        $va *= $vb;
                        $str = "(" . $str . ")*" . $vb;
                        break;
                }
            }
            return Array(
                "code" => $str,
                "value" => $va
            );
        }
         
        private function RandOperation(){
            return $this -> OperationList[rand() % count($this -> OperationList)];
        }
         
        private function RandomIntger(){
            return (int)substr(rand(), 1, 1) + 1;
        }
         
        private function RandomLong(){
            return (int)substr(rand(), 1, 3) + 1;
        }
         
        private function RandomKey($len = 10){
            return substr(md5(rand()), 1, $len + 5);
        }
         
    }
?>
</code>
Copy after login

Calling method:
<code><?php
    require("TokenCode.php");
    $token = new TokenCode();
    $tokenValue = $token -> value ;
    $tokenCode = $token -> code ;
         
    //代码段
        $_SESSION["_TOKENCODE"] = $token -> value ;
         
    //代码段
    echo '<script type="text/javascript">_TOKENCODE=' . $token -> code . ';</script>';
?></code>
Copy after login

After saving the session, go to the verification page to verify the submitted code and verification results. There are very few program changes, and you only need to change the js.

<code>#AJAX方式
$.post("/", {mob : $("#mob").val() , token : _TOKENCODE }, function(){ } );
 
#URL方式
$("#send").click(function(){
    if(this.href.indexOf('&token=')==-1){
        this.href+='&token=' + _TOKENCODE
    };
});</code>
Copy after login

IP restriction plus high strength verification code

Did you register with a virtual number?

The registration machine registered all empty numbers, but I can receive the verification code

Can the poster explain, what kind of registration machine is this and what kind of mobile phone number is it?

The method I thought of

Method 1. Add another layer of verification when registering, such as: 12306 picture selection, Taobao's sliding module + background picture

Method 2. Add biometric detection, such as face recognition, lip movement detection, biometric The user is actually created only after the test passes,

Domestic WeBank has used liveness detection technology in its app, but this technology is currently mainly used in scenarios with relatively high security requirements, and is only used as a means of auxiliary verification and cannot be 100% relied on. All in all the effect is pretty good.

Enter verification code or add IP restrictions, the same IP cannot be registered continuously

Change the way to get the verification code.

Use voice to get the verification code. After filling in the mobile phone number on the web page, use the calling platform to make a voice call to the owner of the phone.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template