Php restricts malicious submission

Currently, we are improving the website's comment system. Because we didn't want users to enter verification codes during design, we recently found that malicious users have malicious comments. I also made some restrictions at the beginning, for example, users must log on to post comments (anonymous comments can be made in the early stage), keyword filtering, IP... currently, we are improving the website's comment system. Because we didn't want users to enter verification codes during design, we recently found that malicious users have malicious comments. I also made some restrictions at the beginning, for example, users must log on to post comments (anonymous comments can be made in the early stage), keyword filtering, IP address filtering, and spam comments detection. However, some malicious users are currently paying 50 points for each day, you have registered hundreds of Accounts (which have already been checked out), and then use each account to repeatedly publish content (because these accounts are all on the same IP address, so this IP address has been disabled, but it can only be used for a while. After a few days, the IP address has changed and a large number of requests have started.

Do you have any suggestions for malicious comparison...

Reply content:

Currently, we are improving the website's comment system. Because we didn't want users to enter verification codes during design, we recently found that malicious users have malicious comments. I also made some restrictions at the beginning, for example, users must log on to post comments (anonymous comments can be made in the early stage), keyword filtering, IP address filtering, and spam comments detection. However, some malicious users are currently paying 50 points for each day, you have registered hundreds of Accounts (which have already been checked out), and then use each account to repeatedly publish content (because these accounts are all on the same IP address, so this IP address has been disabled, but it can only be used for a while. After a few days, the IP address has changed and a large number of requests have started.

Do you have any suggestions for malicious comparison...

Based on my years of experience in anti-click farming, the image verification code is still the most cost-effective anti-click farming method.

Even if you register an account to protect against fake traffic, the robot automatically registers a large number of fake accounts, and then you need to register the fake money at the border. This is actually the same problem.

If you can use a third-party account system instead of your own account, it will be better. For example, you can only submit the system after Sina Weibo or account verification. In this case, the problem of account anti-refresh is actually thrown to Sina or solved.

Back to the solution of the image verification code, the core of the problem lies in user friendliness. There is room for improvement.

For example, based on the IP segment, if the IP segment has not been submitted or the number of submissions is less than n, you can directly submit the IP segment without an image verification code. If the IP segment has been submitted n times before, the image verification code is required.

The IP segment submission times can be placed in the cache counter. If it exceeds m seconds, the cache will become invalid.

If your users are scattered across different IP segments, a large number of users will not be disturbed by image verification codes.

This solution cannot resist the use of a large number of proxies. You can only reduce the number of unused data by reducing n and increasing m.

Try an excellent verification.

The registration threshold is increased. You can use the mobile phone number for verification or the verification code when submitting the application.

You can set the time interval when submitting a comment.