Prevent malicious call of SMS interface

Some time ago, the company's SMS interface was maliciously called, which had a certain impact on the company's business and cost. In order to stop the loss as soon as possible, we have come up with the following scheme to improve the short message module to prevent the short message from being stolen.

Tokens are generated by timestamps, which guarantee the validity of tokens within 5 minutes. The token is generated in advance on the form page through the back-end interface, and the user does not need to update the token within 5 minutes.

Advantages: the short message interface must carry token to access, and the call needs authentication.

Disadvantages: In order to be compatible with the user experience, the token must have a certain validity period, and the user does not need to manually refresh the page in a short time to update the token.

Advantages: Combined with token authentication in the first method, most malicious calls can be filtered out.

Disadvantages: hackers can use meat machines and random mobile phone numbers to bypass restrictions.

Through graphic verification code and man-machine verification, the threshold is raised at the behavior end of sending short messages to prevent automatic calling. The ip restriction of the second method can prevent the attacker from ignoring the man-machine check and bringing extra burden to the server by executing a large number of requests.

Advantages: put an end to automatic calling.

Disadvantages: the probability of automatic cracking of graphic verification code is high, and man-machine verification needs a certain cost.