SMS verification code for now people, certainly no stranger to also know when registration or software platform has to fill in the verification code requirements, as well as a graphic before completing verification before you can obtain a verification code, as well as business-to-first there is still time to obtain secondary verification code restrictions.
What is the purpose of malicious SMS *** is? *** malicious SMS currently on the market only two purposes:
*** The first is specific phone number. *** Internet use short messaging interface more insecure, and the cycle call interface to send short messages to mobile phone numbers so that the phone number frequently receive text messages, followed by malicious brush cost verification code SMS target site . *** After the discovery of unprotected SMS interface *** verification code will list a phone number regularly get messages based on. During ***, *** we will continue to change the IP address, and you can brush tens or even higher SMS charges. *** The company will be also received complaints from users at the same time the cost of losing, and the company's image will be damaged.
*** vulnerable to the scene
*** scenario is most commonly user registration page, login page or text message quick line voting page. In this case, the message is not normally performed by the user interfaces associated with verification. Reflections on the use of several anti-*** strategies
Some anti-*** strategies can play a role to some extent, but they have different effects on the user experience. In actual use, you need to consider the actual situation and use the following strategy combines.
-CYMG4-J~8O-YH6AY-ZZP_4
Set the interval to send text messages
Repeat the same set of digital transmission time interval is usually set to 60-120 seconds. The method can prevent malicious *** short message interface to a certain extent, harmful to the user experience. However, it is impossible to prevent change the phone number for *** ***, and low-level protection.
SMS mobile phone number to obtain a verification code restrictions
Restrict specific phone number to get the maximum number of SMS verification code in a specific period of time. With this strategy, product design process, there are several points worthy of serious consideration.
Carefully defined limit. According to the actual situation of the business, and even necessary to take into account future business development, setting the appropriate cap to avoid user complaints due to problems receiving codes.
Carefully define the lockout period. It may be 24 hours, and may be 12 hours, for 6 hours. We need to be defined according to business conditions.
IP restrictions
Sets the maximum transmission capacity of a single IP address over a period of time. This approach can be a good defensive *** single IP address, but there are two significant disadvantages: For frequent change of IP address *** *** This method works poorly
For example, in some places using a unified wireless network, many users are connected to the same wireless network, and the IP address is likely to soon reach the limit, so the user is connected to a wireless network can not receive a verification code usually.