How to prevent SMS verification code interface from being maliciously attacked?

I. Scenes or websites that are vulnerable to malicious use

Online polling station (mobile phone number is required for verification)

User online registration page (including SMS verification function)

Mobile phone short message dynamic password login

Second, the way to maliciously click the SMS verification code

There are two main ways for users to maliciously click on the verification code of SMS. One way is frequent manual clicks; One is continuous clicking through software, which is much more harmful in terms of harmfulness.

Third, the means to prevent users from maliciously clicking the verification code of mobile phone short messages.

How to prevent SMS interface verification code from being maliciously clicked? Users maliciously click on the SMS verification code, which will not only increase the company's operating costs, but also have a very bad impact on the company's image (generally, SMS messages will bear the company's signature), so we should guard against this behavior. At present, the means of prevention mainly include the following aspects:

SMS sending interval setting-Set the time interval for repeated sending of the same number, which is generally set to 60- 120 seconds.

IP limit-according to your own business characteristics, set the maximum number of each IP sent every day.

Mobile phone number limit-according to the business characteristics, set the maximum number of each mobile phone number sent every day.

Process restriction-SMS verification and user name and password setting are two steps. After the user successfully sets the user name and password, the next step will be SMS verification, and the verification can only be carried out after the successful receipt is obtained in the first step.

Binding pattern verification code-Binding pattern verification code with mobile phone verification code can effectively prevent malicious software from registering.