How to prevent SMS interface from being maliciously called (brushed)

problem description


the environmental background of the problems and what methods you have tried

  sessionid    sessionId  sessionId:IPIPIP

has any classmate ever solved the problem in this area? Can you give a set of interception plans or general ideas? Thank you very much.

Mar.29,2021

Tencent's new waterproof wall app, learn about
https://007.qq.com/
is still free


this problem also occurs in our project. For SMS verification code login, users can log in by entering their mobile phone number and SMS verification code.
if you don't have this user, register it and log in directly.
our solution is to get a token before calling the SMS verification API. Token has a time limit and is bound to mobile phone numbers and device numbers. When the token expires, you must retrieve it before you can call the SMS API. The API for sending SMS messages must carry a valid token before it can be called. So as long as you make sure that the token access and encryption mechanisms are not cracked.
just in case, you need to add mechanisms such as ip blacklist, number limit, configuration of graphic CAPTCHA, and so on.


1 what if the self-developed verification code is cracked?

1 
2
3
4

2 what if all the graphic CAPTCHA codes are cracked?

[](http://www.newxtc.com) :
1  AI"" "" "" 
2 
3 SAAS10M"" 

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1ea916c-47ce3.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1ea916c-47ce3.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?