Intelligent verification code for anti-spam irrigation

Source: Internet
Author: User
Recently, the system often encounters spam attacks from advertising machines. Many people think of the method is to enhance the difficulty of verification code, or do some questions and answers to prevent. However, in the prevention of advertising machine, the use of normal users and experience also caused great difficulties. Here is an idea for an intelligent verification code.

That is: After a short period of successful use of the verification Code, the Verification Code usage frequency record +1. The next generation in a short time will automatically increase the length and difficulty. The ultimate pervert verification code is distorted Chinese.

The approximate code is as follows:
Set up a C_iphistory data table to record the frequency of verification code usage.
CREATE TABLE IF not EXISTS ' c_iphistory ' (  ' id ' int (one) not null auto_increment,  ' IP ' varchar (255) ' is not null,  ' Num ' int (one) not null,  ' lastdateline ' int (one) not NULL,  PRIMARY key (' id '),  UNIQUE key ' IP ' (' IP ')) engine=myi SAM  DEFAULT charset=utf8 comment= ' IP correspondence number with verification code ';


Generate Verification Code section:
$freq = 60;//Defines the frequency of the flood attack//checks whether $tmp = Db::r ("select * from C_iphistory where ip= ' $_g[ip] '"); $len = 2; $type = 0;if ($tmp &am p;& $tmp [' num '] > 0) {$num = $tmp [' num ']; $timeout = ts-$tmp [' lastdateline ']; $num-= Floor ($timeout/$freq);//Flood means The number of drop levels if ($num < 0) $num = 0; $len + = $num;} if ($len > 3) {//multiply difficulty, length 2-5 bit $type = Floor ($len/4), if ($type > 8) {$type = 8; $len-= 34;} else{$len = $len% 4; $len + = 2;}} else{$len + = 2;} $secode = S::rrand ($len, $type);//use $secode to generate images and record them in the Verification Code library for verification. function Section ****************************///** * random number @zairwolf * */function rrand ($len, $type = 7) {//1 -Number//2-lower char//4-upper char//8-chinesemt_srand ((double) microtime () * 1000000); switch ($type) {case 0: $cha rlist = ' 012 '; break;case 1: $charlist = ' 0123456789 '; Break;case 2: $charlist = ' abcdefghijklmnopqrstuvwxyz '; Break;case 3: $charlist = ' 0123456789abcdefghijklmnopqrstuvwxyz '; break;case 4: $charlist = ' abcdefghijklmnopqrstuvwxyz '; break;case 5: $charlist = ' 0123456789ABcdefghijklmnopqrstuvwxyz '; Break;case 6: $charlist = ' abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz '; Case 7: $charlist = ' 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ '; break;case 8://use Chinese global $ Ccharlist;if (! $Ccharlist) $Ccharlist = file_get_contents ("Lib/disturbtxt.lib"); $str = ", if ($type = = 8) {$max = strlen ($Ccharlist)/3-1;for ($i = 0; $i < $len; $i + +) $str. = substr ($Ccharlist, Mt_ra nd (0, $max) * 3, 3);} else {$max = strlen ($charlist)-1;for ($i = 0; $i < $len; $i + +) $str. = $charlist [Mt_rand (0, $max)];} return $STR;}


Verification Code Verification Section
After verifying that the code check is correct, do the following $freq = 60;//define the frequency of the flood attack//Check whether the $tmp = Db::r ("select * from C_iphistory where ip= ' $ip '"), if (! $tmp) { $s = array (' IP ' = = $ip, ' num ' = 1, ' lastdateline ' = ' TS, ');d b::i ("INSERT into C_iphistory set". Sqlcol ($s));} else{//update flood attack record $timeout = ts-$tmp [' Lastdateline '];if ($timeout > $freq) {//More than 1 per cent ago, already recorded-$num = $tmp [' num ']-1;if ($ num < 0) $num = 0; $s = array (' num ' = $num, ' lastdateline ' = ' = TS ');d b::q ("Update c_iphistory set". Sqlcol ($s). "Wher e id= ' $tmp [id] ');} else{$num = $tmp [' num '] + 1; $s = array (' num ' = $num, ' lastdateline ' = TS,);d b::q ("Update c_iphistory set". Sqlcol ($s ). "Where id= ' $tmp [id] '");}}


Ideas for reference. TS is time (). In several other places, it is estimated that everyone can read it.


Reply to discussion (solution)

This post was last edited by phpnewnew on 2013-02-06 14:31:09

Not to verify the code at the moment and not carefully see but ideas and sharing the spirit of praise first ...

Thanks for sharing. The collection.

Good idea. studied.

Just contact PHP, the code can not understand. My question is: how much pressure will it have on the server to use the database?

The idea is good, and now Baidu, Sina Weibo are doing so.

But in practice can not record this value in MySQL, or the light of this library and write library operation is too.
You can use the hash table in the memory database to store this value, hash key can be used session_id.

It feels a little big. Is it stored in an array?

The idea is good, and now Baidu, Sina Weibo are doing so.

But in practice can not record this value in MySQL, or the light of this library and write library operation is too.
You can use the hash table in the memory database to store this value, hash key can be used session_id.

n What is a memory database?? It's on the memory, isn't it??

Good idea. !

Good ideas, collection, and realize it is not so easy to say. Good idea, thank you.

It reminds me of those verification codes.

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.