About mobile phone SMS interface optimization

Project: currently need to support mobile phone number registration, the process is as follows:

1) User input mobile phone number

2) Click Get Phone Check code

3) After receiving the SMS, fill in the Verification code. Complete Registration

There is a problem in the project in the early design problems, resulting in the SMS interface is malicious call.

Adjustment scheme:

Network offering scenarios:

Recommended Docking Method:
1. Process qualification--SMS verification and user name password settings are divided into two steps, the user registered a successful user
Password, the next step is to verify your SMS. Recommended
2. Binding pattern Check code--The Graphics check code and mobile phone verification code to bind, this can be more effective to prevent
Malicious software click. Recommended

Non-recommended docking method:
3. SMS Send interval Settings--Set the time interval of repeated sending of the same number, usually set to 60-120 seconds;
(This method is valid for manual clicks, but not for SMS bombers because the SMS bomber is multithreaded.) ）
4.IP Limit-Set the maximum number of sends per day for each IP according to your business characteristics (for manual,
But some SMS Bombers support replacing proxy IPs)
5. Mobile phone number limit--according to the business characteristics, set the maximum daily transmission volume per mobile phone number; (This method pin
Valid for manual click, but not valid for SMS bomber, one number issued 100, with 20 numbers issued 5 of the same nature,
are wasting 100 of messages)
Currently we recommend the first to second method for docking interface. Of course, using 122 methods does not rule out being attacked.
Possible, so you can consider the combination of conditions 1-5. Avoid unnecessary waste of text messages.

Iteye Solutions:
1. Click to send SMS verification code, the first pop up to a common verification code, entered correctly, only to send to the phone
Verification Code
2. User authentication is required, which can be limited by user.

The registration page of the official website of the hammer technology