How to protect yourself from budget drain when sending SMS?

O

Oleg Trubin2016-06-22 17:10:33

PHP

Oleg Trubin, 2016-06-22 17:10:33

Hello.
I am writing a small service that uses sending a password via SMS.
Technologies: php+js
Scenario:
Someone took somewhere a database of, say, 100,000 phone numbers, and using, for example, zennoposter in combination with a proxy + anti-captcha, set this whole thing on my service.
How can you protect yourself from budget drain by such an attacker?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander Aksentiev, 2016-06-22
@Sanasol

Check by IP.
If proxy - check for spam lists of the presence of IP in them.
Log analysis search for common signs: ip (subnet), useragent, something else.
What is sending a password via SMS in general? Can it somehow be removed deeper or after registration / authorization through a social network?
In general, anything.
In the end - if the poster is zenno, then the script is exactly the same.
You can set timers for actions/time on the site.
If the user does such actions with N intervals, it means a bot.
To do this, you need to collect statistics of spammers again.

S

Sanes, 2016-06-22
@Sanes

Do a check before sending. Lots of clever captcha options.