The security of SMS service interface is a particular concern when developing or connecting SMS interfaces. Some hackers may attack the SMS service interface, steal the verification messages and cause capital losses for the purpose of malicious competition or SMS bombing. So how to prevent the SMS interface from being called maliciously? This article introduces some simple and practical methods for you. # SMS firewall #

➤ Avoid it

1. Set the sending interval

You can set the interval for sending verification codes to prevent frequent sending of verification codes to non-application users. The interval for sending SMS messages is generally set to 60s, 100s, or 120s. Generally speaking, 60s is the most common.

2. Add a graphic verification code

Adding a graphic verification code before sending a verification code increases the cost and difficulty of hacker attacks. For real users, graphic verification operation is very simple, for hackers, but also to increase the function of picture recognition, the difficulty of cracking relatively improved. The graphic verification code has various forms such as text, letters and sliding puzzle. You are advised to select the one with relatively high user experience.

3. Limit the number of times that the same number and IP address can be sent

By limiting the number of SMS messages sent from the same mobile phone number and IP address, hackers can avoid using a fixed mobile phone number and network to swipe the interface. Generally, the same number will set a limit of 5-10 times. When the number reaches the limit, it is useless to click resend. The principle of limiting IP addresses is similar to limiting mobile phone numbers. However, many users sharing wifi may use the same IP address. Limiting IP addresses may have a high rate of misfire and affect real user experience.

4. Add an SMS firewall

Access the SMS firewall interface before sending the SMS verification code to prevent hackers from using various attack methods to swipe the SMS interface. The SMS firewall analyzes and predicts whether the request is normal by sending the mobile phone number, IP address, and device fingerprint of the verification code request. And abnormal user request interception, real-time monitoring of each SMS verification code request. Not only can ensure good user experience, but also can accurately identify and respond to hacker attacks. Therefore, it is recommended to use this method.

➤ Considerations

1. Combination: the blocking effect of a single method on hackers is limited, and some hackers can still find a way to crack it. Therefore, it is recommended to combine two or three methods at the same time. If you choose the fourth option, you do not need to consider 1 and 3, and can use 2 and 4 together.

2. Advance implementation: It is best to implement protection schemes at the same time as the SMS service interface. Otherwise, some measures may not be immediately implemented due to the impact of application version release after problems occur, resulting in certain capital losses.

3. Consider user experience: In addition to SMS firewall, other methods will restrict or increase user operations. When designing protection solutions, enterprises should also consider the actual user experience.

➤ summary

Here are four simple ways to avoid the SMS service interface being called, as well as precautions to be taken in practice. Limiting the frequency of sending SMS messages, limiting the number of sending SMS messages from the same phone number and IP address, adding graphic verification codes, and adding SMS firewalls can make it more difficult for hackers to attack interfaces. In actual interface defense, the combination can greatly reduce the risk of enterprise interfaces being attacked. However, it is important to ensure the experience of real users. It is recommended that the defense solution be implemented at the same time when the SMS interface is connected to avoid the loss caused by the failure to release new application versions immediately after being attacked.


That’s the end of this article. Thank you for watching

Author: Sweet taro taste cat,