How to make sure bots won't create many users on my app?
Question
I have an android app that communicates with a server. The app when run for the first time will send a post request to /user/register_device and then the server will create a new user with random id and random key and returns the response
{
"status": "success",
"data": {
"uid": "sfasdfas2487329rhsdifasor092u403p8412jelfjsakl;dfajs09204u12341",
"ukey": "fs04932u401923u4jweofksa;ldfajs9-24-341243fasdfasdffdsafasfasfsafrweqrqgq4234fdsfasdfa34123"
}
}
But now if an attacker makes a script that just send post requests to /user/register_device in a loop, he can create many users in the server. This will soon fill up the table with invalid users. So how to stop this?
Should I restrict the number of requests coming from an IP? Or should i add a secret_key into the android app and make app send this key too when registering_device? Are there any other methods to stop this?
1 answers
solution1
0 2015-03-29 14:32:38
Restricting by IP address may affect the functionality since many organisations use NAT scheme to hide internal IP addresses.
my suggestions 1. Use Captcha 2. Double opt-in. When someone signs up through a subscribe form an email is immediately sent to the address they provided. 3. create a unique key per user based on MAC address if the key appears again you should ignore it. 4. Put a checkbox "I'm human" http://uxmovement.com/forms/captchas-vs-spambots-why-the-slider-captcha-wins/ 5. Use SMS for verication
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.