V
V
vacoo2018-09-02 03:09:47
User identification
vacoo, 2018-09-02 03:09:47

How to protect yourself from wasting money by an attacker during SMS authorization?

I want to make authorization via SMS for my service. But there is such a situation that competitors are wasting all the money by sending sms from right to left with a code. And regular users can't register. I can’t block by IP because in my city everyone is connected to one provider where the number of IPs is limited. What are the ways to protect yourself from this?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
U
Uncle Seryozha, 2018-09-03
@Protos

The only thing you can limit is the prohibition of sending SMS to the number of an already registered account, making delays. But each attempt of an attacker to enter under an existing number will send SMS to the account owner and very soon it will not bother you, but users. Connect ESIA. Accordingly, a botnet for $ 10 or a simple burp suit will cause you a lot of problems due to crafting packages, or multiple registration and subsequent sending of SMS from bots. Unless, of course, someone is interested in you. And so start from the site:
https://www.owasp.org/index.php/Authentication_Che...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question