php - The SMS interface of the website was crawled, affecting website performance

Question

The SMS sending interface of the website has been repeatedly called by people, which seriously affects the running performance of the app. I shut down the website first, but the interface is still being called, and the performance problem is still unresolved. Please ask for solution ideas
Environment: windows server 2008 + apache + php + mysql

PHP中文网 · Answer

There are several solution ideas, I will briefly introduce them respectively.
The first method is to check the access.log log and take a look at the interface access status. If an IP is used dozens of times within a minute, it must be brushed. You can do some rate limiting or blocking on this IP, such as this IP When accessing again, you can allow him to access within a certain period of time according to custom rules, or simply blacklist directly, and the network layer directly denies all access.
The second idea is to record the access IP, the maximum number of visits per minute and the access time. When the user accesses the interface and submits it successfully, the relevant information is placed in Memcache or Redis, and a comparison is made. If it expires, submit it again and it has not expired. Don't submit it.
The third idea is to use a reverse proxy to call the interface internally, and then restrict access at the proxy layer. In fact, it is not much different from the first idea.

The above is my personal thinking and may not be the best solution. Everyone is welcome to criticize and correct me.

曾经蜡笔没有小新 · Answer

You need to verify the graphic verification code before sending a text message, and the graphic verification code must also be verified on the backend

PHP中文网 · Answer

The SMS interface must be restricted. Verification code restrictions, IP restrictions, and mobile phone number restrictions. Otherwise, tens of thousands of dollars can be spent every day