There are several solution ideas, I will briefly introduce them respectively. The first method is to check the access.log log and take a look at the interface access status. If an IP is used dozens of times within a minute, it must be brushed. You can do some rate limiting or blocking on this IP, such as this IP When accessing again, you can allow him to access within a certain period of time according to custom rules, or simply blacklist directly, and the network layer directly denies all access. The second idea is to record the access IP, the maximum number of visits per minute and the access time. When the user accesses the interface and submits it successfully, the relevant information is placed in Memcache or Redis, and a comparison is made. If it expires, submit it again and it has not expired. Don't submit it. The third idea is to use a reverse proxy to call the interface internally, and then restrict access at the proxy layer. In fact, it is not much different from the first idea.
The above is my personal thinking and may not be the best solution. Everyone is welcome to criticize and correct me.
The SMS interface must be restricted. Verification code restrictions, IP restrictions, and mobile phone number restrictions. Otherwise, tens of thousands of dollars can be spent every day
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
There are several solution ideas, I will briefly introduce them respectively.
The first method is to check the access.log log and take a look at the interface access status. If an IP is used dozens of times within a minute, it must be brushed. You can do some rate limiting or blocking on this IP, such as this IP When accessing again, you can allow him to access within a certain period of time according to custom rules, or simply blacklist directly, and the network layer directly denies all access.
The second idea is to record the access IP, the maximum number of visits per minute and the access time. When the user accesses the interface and submits it successfully, the relevant information is placed in Memcache or Redis, and a comparison is made. If it expires, submit it again and it has not expired. Don't submit it.
The third idea is to use a reverse proxy to call the interface internally, and then restrict access at the proxy layer. In fact, it is not much different from the first idea.
The above is my personal thinking and may not be the best solution. Everyone is welcome to criticize and correct me.
You need to verify the graphic verification code before sending a text message, and the graphic verification code must also be verified on the backend
The SMS interface must be restricted. Verification code restrictions, IP restrictions, and mobile phone number restrictions. Otherwise, tens of thousands of dollars can be spent every day
1. The server controls the number of times each mobile phone number is sent per day, for example, it can only send 3 times per day
2. Every time the server sends a text message, you must fill in the verification code
The website SMS interface under mark was crawled, which affected the website performance