PHP Limits Malicious commits

Now in the review system to improve the site, because the design is not to let users enter the verification code, but the recent period of time found by malicious users malicious brush comments, I have just started to do a limit, such as users must log in to post comments (early can be anonymous comment), keyword filtering, IP address filtering, spam review detection, But now some malicious users, in order to brush that 50 points per day, registered hundreds of accounts (currently checked out, has banned this part of the user), and then use each account loop to publish content (because these accounts are found in the same IP address, so has been disabled this IP, but only for a moment, After a few days the IP address changed, and a large number of the beginning of the hair, make the little brother headache ah.

大家有没有对于恶意提交比较的建议，跪求指点迷津...

Reply content:

Now in the review system to improve the site, because the design is not to let users enter the verification code, but the recent period of time found by malicious users malicious brush comments, I have just started to do a limit, such as users must log in to post comments (early can be anonymous comment), keyword filtering, IP address filtering, spam review detection, But now some malicious users, in order to brush that 50 points per day, registered hundreds of accounts (currently checked out, has banned this part of the user), and then use each account loop to publish content (because these accounts are found in the same IP address, so has been disabled this IP, but only for a moment, After a few days the IP address changed, and a large number of the beginning of the hair, make the little brother headache ah.

大家有没有对于恶意提交比较的建议，跪求指点迷津...

According to my years of anti-brush experience, the picture verification code is still the most cost-effective anti-brush means.

Even by registering an account to prevent brush, the robot automatically registers a large number of trumpet, then you need to register that border brush, is actually the same problem.

If you can use the third-party account system without your own account, it will be better, such as only allow Sina Weibo or account verification after the submission, so that the issue of anti-brush account is actually thrown to Sina or to solve.

Back to the resolution of the image verification code, the core of the problem is user-friendliness, where there is room for improvement.

For example, according to the IP segment, if the IP segment has not done any commit or commit less than N, allow no picture check code to submit directly, if the IP segment before the generation of N commits, it is necessary to have a picture verification code.

The number of commits to the IP segment can be placed in the cache counter, and if it exceeds m seconds, the cache is invalidated.

If your users are scattered over different IP segments, in fact a large number of users will not be disturbed by the picture verification code.

This scheme cannot resist a brush that holds a large number of agents, and you can only reduce the generation of invalid data by reducing n and increasing m.

You can try the verification of the pole test

Registration threshold increase, can be used to verify the number of mobile phone, or submit the use of verification code and other means

When submitting a comment, you can set a time interval

