A series of risk analysis for overseas enterprises--Does the website require a verification code?

Enterprise 2023-10-03 14:59:53 views: null

Recently I have received several users from discuz who want to install verification codes for their overseas websites. However, the discuz overseas server also needs to resolve the DNS of the installation center to the overseas server. Therefore, the disadvantage of building a website based on discuz is it's here.

And we also discussed a question: Do overseas websites need to use sliding verification codes?

After a fierce "three hundred rounds of battle", we came to the conclusion: it must be .

There are three reasons:

  1. Prevent malicious behavior: Foreign geeks are much more arrogant than domestic ones. They engage in various malicious attacks, ticket fraud, credential stuffing, brute force password cracking, etc.

  2. Protect data and content: crawlers are particularly popular abroad, and various cracking tools are open source

  3. Dealing with spam and spam accounts: By requiring users to manually complete sliding verification, meaningless registration and spam posting can be effectively reduced. Especially for content websites, such as forums.

Therefore, if you want to build a foreign website or app, it is necessary to protect it well. The simple, easy-to-use and cheap dynamic verification code is the first choice.

Today I will teach you how to install verification codes on your overseas websites.

1. Front-end

01 Find the corresponding supplier.

You can find it on discuz (if you build a website based on discuz, then you only have this option), or use Jiexian, or other services that provide free services. Let’s take abtCaptcha of a small company AiSecruis as an example (I won’t post the link, you can just choose the appropriate one, and you can communicate together if necessary: ​​overseas communication ).

02 Confirm your website

Environmental prerequisites : Compatible with IE8+, Chrome, Firefox and other mainstream browsers.

03 Activate service

Activate atbCAPTCHA service: create Applcation, obtain apiServer, appld, appSecret;

image.png

Script usage:

<script src="https://cdn.aisecurius.com/ctu-group/captcha-ui/v5/index.js" crossorigin="anonymous" id="as-captcha-script"></script>

NOTE:  The atbCAPTCHA script is updated frequently, be sure to use resources on the CDN to obtain the latest security updates. Don't use a replica on your own server.

04Initialization _

Below is a valina JavaScript, React and Vue demo.

1) JavaScript example

Assuming <div id="demo"></div>there is a on the page, atbCAPTCHA can be initialized as follows.

var myCaptcha = as.Captcha(document.getElementById('demo'), {
  appId: 'your appId', // appId, Obtaining from the console "Application Management" or "Application Configuration" module,
  apiServer: 'https://cap.aisecurius.com',
  // apiServer, The domain name address is obtained in the top left corner of the console page -> atbCAPTCHA -> "Application Management" page. It is a must to fill in it completely, including https://.
  success: function (token) {
    console.log('token:', token)
    // The atbCAPTCHA token is obtained for back-end verification. Note that if the obtained token is a string starting with sl, it is a downgraded token generated by the front-end network blocked. Please check the front-end network and apiServer address.
  }
})

After initialization, the abtCAPTCHA component will be inserted into the <div id="demo"></div>.

2) React example

Assuming there is <div id="demo"></div>abtCAPTCHA on the page, it can be initialized as follows:

// class component use componentDidMount
useEffect(() => {
  as.Captcha(document.getElementById('demo'), {
    appId: 'appId',
    apiServer: 'https://xxx.xxx.com',
    success: function (token) {
      console.log('token:', token)
    }
  });
}, [])

After initialization, the atbCAPTCHA component will be inserted into the <div id="demo"></div>.

3) Vue example

Assuming there is <div ref="demo"></div>abtCAPTCHA on the page, it can be initialized as follows:

mounted() {
  as.Captcha(this.$refs.demo, {
    appId: 'appId',
    apiServer: 'https://xxx.xxx.com',
    success: function (token) {
      console.log('token:', token)
    }
  });
}

After initialization, the atbCAPTCHA component will be inserted into the <div ref="demo"></div>.

4) Appearance and size

atbCAPTCHA comes in four styles:

  • embed  (default). In this style, the width defaults to  300px, which can be adjusted through the parameters during initialization  width . The height is  200px, and the height cannot be adjusted.
  • inline  . This style occupies a smaller area. The default width is  300px, which can be adjusted through the parameters during initialization  width . The height is  40px, and the height cannot be adjusted.
  • popup  . This style of verification code is invisible by default.  .show() After calling the method, it will be displayed in the form of a floating layer with a width of  300pxand a height of 200px
  • oneclick  trigger type, this style occupies a smaller area, the default width is  300px, which can be adjusted through the parameters during initialization  width , the height is  40px, the height cannot be adjusted

05 Methods

atbCAPTCHA instances have the following methods:

reload() : Reload the current atbCAPTCHA

Notice! Please do not call reload() in the success callback, because the success callback will be called repeatedly when sensorless verification is enabled.

example:

myCaptcha.reload()

show() : Display the current atbCAPTCHA

If the current atbCAPTCHA is displayed, the verification code with "style" as "popup" is hidden by default. Access users need to call the show() method according to the page logic to display and hide the current atbCAPTCHA.

example:

myCaptcha.show()

hide() : hide the current verification code

example:

myCaptcha.hide()

06 Event

abtCAPTCHA can be used to listen for events via:

myCaptcha.on('ready', function () {
  console.log('captcha is ready!')
})

myCaptcha.on('verifySuccess', function (security_code) {
  console.log('security_code is: ' + security_code)
})

myCaptcha.on('hide', function () {
  console.log('The verification code control is hidden. ')
})

The specific styles and languages ​​can also be customized according to your own needs.

2. Backend

01 Java version

Download the SDK for Java7 and above.

Maven dependencies

<dependency>
  <groupId>com.aisecurius</groupId>
  <artifactId>ctu-security-sdk</artifactId>
  <version>3.0</version>
</dependency>

/** The initialization parameters are appid and appSecret 
 * The appid is consistent with the appid of the frontend, and the appid can be disclosed 
 * The appSecret is the secret key, please do not disclose it 
 * The token can be obtained after the verification is completed at the frontend and sent to the backend with the your Form/XHR request. The token is valid for two minutes 
 **/
String appId = "appId";
String appSecret = "appSecret";
CaptchaClient captchaClient = new CaptchaClient(appId,appSecret);
CaptchaResponse response = captchaClient.verifyToken(token);
System.out.println(response.getCaptchaStatus());
// A fault-tolerant mechanism is designed in the SDK, response.getResult() will be returned true if there is an exception in the network
if (response.getResult()) {
    /** The token verification passes, to continue other processes **/
} else {
    /** If the token verification fails, you can directly block the request or continue to pop up the CAPTCHA **/
}

02 PHP version

Download PHP version SDK:   Click to download

include ("CaptchaClient.php");
/** The initialization parameters are appid and appSecret 
 * The appid is consistent with the appid of the frontend, and the appid can be disclosed 
 * The appSecret is the secret key, please do not disclose it 
 * The token can be obtained after the verification is completed at the frontend and sent to the backend with the your Form/XHR request. The token is valid for two minutes 
 **/
$appId = "appId";
$appSecret = "appSecret";
$client = new CaptchaClient($appId,$appSecret);
$client->setTimeOut(2);      // Set the timeout, 2 seconds by default; 
$response = $client->verifyToken(token);  // ; The token refers to the value passed from the frontend, that is, the token issued after the verification code is successfully verified
echo $response->serverStatus;
// A fault-tolerant mechanism is designed in the SDK, response.getResult() will be returned true if there is an exception in the network
if($response->result){
    echo "true";
    /** the token verification passes, to continue other processes **/
}else{
    echo "false";
    /** Verification failed **/
}

03 Python version

Python version SDK download:   click to download

from CaptchaClient import CaptchaClient

if __name__ == '__main__':
    APP_ID = '12610axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    APP_SECRET = 'a3e56cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    captchaClient = CaptchaClient(APP_ID, APP_SECRET)
    captchaClient.setTimeOut(2)
    # Set the timeout, 2 seconds by default
    response = captchaClient.checkToken("token")
    print response['serverStatus']
    # A fault-tolerant mechanism is designed in the SDK, response.getResult() will be returned true if there is an exception in the network
    print response['result']
    if response['result']:
        # the token verification passes, to continue other processes; 
        pass
    else:
        # If the verification fails, you can directly block the request or continue to pop up the CAPTCHA 
        pass

04 Golang SDK

SDK download address

// Version Go 1.13 

import "./captcha-client"

/** The initialization parameters are appid and appSecret 
 * The appid is consistent with the appid of the frontend, and the appid can be disclosed 
 * The appSecret is the secret key, please do not disclose it 
 * The token can be obtained after the verification is completed at the frontend and sent to the backend with the your Form/XHR request. The token is valid for two minutes 
 **/
appId := "appId"
appSecret := "appSecret"
captchaClient := captcha_client.NewCaptchaClient(appId, appSecret)
//captchaClient.SetTimeout(2000)
// Set the timeout, in milliseconds, 2 seconds by default 
captchaResponse := captchaClient.VerifyToken(token)
// A fault-tolerant mechanism is designed in the SDK, response.getResult() will be returned true if there is an exception in the network
//fmt.Println(captchaResponse.Ip)
if captchaResponse.Result {
    /* The verification passes, to continue other processes  */
} else {
    /* If the verification fails, you can directly block the request or continue to pop up the CAPTCHA  */
}

Conclusion

It is not easy for a company to go overseas, or in other words, it is not easy to set up an overseas website. Everyone must take good precautions in the early stage, otherwise it will be easy to be hacked directly.

Guess you like

Origin blog.csdn.net/dingxiang234/article/details/131698390
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com