CN108089849B - Method for preventing cheating program from being rapidly submitted - Google Patents

Method for preventing cheating program from being rapidly submitted Download PDF

Info

Publication number
CN108089849B
CN108089849B CN201711377653.1A CN201711377653A CN108089849B CN 108089849 B CN108089849 B CN 108089849B CN 201711377653 A CN201711377653 A CN 201711377653A CN 108089849 B CN108089849 B CN 108089849B
Authority
CN
China
Prior art keywords
answer
value
submitted
calculation
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711377653.1A
Other languages
Chinese (zh)
Other versions
CN108089849A (en
Inventor
张伟荣
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201711377653.1A priority Critical patent/CN108089849B/en
Publication of CN108089849A publication Critical patent/CN108089849A/en
Application granted granted Critical
Publication of CN108089849B publication Critical patent/CN108089849B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/20Software design
    • G06F8/22Procedural
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis

Abstract

The invention relates to the technical field of website development, in particular to a method for preventing cheating programs from being rapidly submitted. The method comprises the steps that a server generates a random number as a salt value and stores the salt value in a session, a page carries out hash calculation on the salt value on an answer through a script, and the answer starts from 0 until the obtained hash value meets the requirement; when the form is submitted, the answer is submitted together; and checking whether the answer meets the requirements at the server side so as to identify whether cheating behaviors exist. The invention solves the problems that the common form page is easy to be cracked by a cheating program and can be rapidly and repeatedly submitted with junk advertisement information in a short time.

Description

Method for preventing cheating program from being rapidly submitted
Technical Field
The invention relates to the technical field of website development, in particular to a method for preventing cheating programs from being rapidly submitted.
Background
Currently, the website form submission page usually adopts verification codes and measures for limiting the submission time interval of a single IP to prevent a cheated program from submitting spam repeatedly and quickly. However, with the technical progress, the verification code is easy to be identified and cracked, the verification code which is difficult to be identified influences the user experience, and the IP limitation is easy to be automatically replaced and cracked by the cheating program.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a method for preventing a cheating program from being rapidly submitted, and solve the problems that the user experience is influenced and the cheating program is easy to crack by the existing verification code and IP limiting mode.
The technical scheme for solving the technical problems is as follows:
the method comprises the steps that a server generates a random number as a salt value and stores the salt value in a session, a page carries out hash calculation on an answer through a script, and the answer starts from 0 until the obtained hash value meets the requirement; when the form is submitted, the answer is submitted together; and checking whether the answer meets the requirements at the server side so as to identify whether cheating behaviors exist.
The method comprises the following steps:
step one, when a form page is initialized, a server generates a random number and stores the random number in the form page
session [ "contention" ];
step two, the front-end page performs Hash calculation of a salt value in the script by using the generated random number to obtain a Hash value of an answer, and the answer starts from 0 until the calculated Hash value meets the requirement;
step three, when the user submits the form, the answer is used as a parameter value and submitted to the server side, if the calculation is not completed at the moment, the user is prompted to submit too fast, and the calculation is waited to be completed;
and step four, the server side uses the received answer parameter value, takes the value of the session [ "request" ] as a salt value, calculates a Hash value, and checks whether the answer is correct, thereby judging whether cheating behaviors exist.
If the answer check is correct, the cheating behavior is determined to be absent.
The invention has the beneficial effects that: calculating a Hash value on the page by using the generated salt value to obtain a specified result; although a certain amount of time is consumed, the user does not perceive and influence the user experience because the form filling is performed simultaneously with the user. The defense measures of the invention are different from the verification codes, and the common cheating program is difficult to crack. Even if the cheating program calculates and submits the Hash value according to the requirement, certain time is consumed; thereby preventing the spamming program from rapidly submitting spam. The method can be matched with the traditional verification code, IP limitation and other measures, and greatly limits the action of cheating programs.
Drawings
The invention is further described below with reference to the accompanying drawings:
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
As shown in fig. 1, the present invention employs the following steps:
step one, when a form page is initialized, a server generates a 4-bit random positive integer and stores the integer in a session [ "query" ];
Random rd=new Random();
int question=rd.Next(1000,9999);
session["question"]=question;
step two, the front-end page uses the generated random number as a salt value in the script to calculate the Hash value of an answer, the answer starts from 0, and the characters are '1111' until the first 4 characters of the Hash value are obtained through calculation;
Figure BDA0001514995900000031
step three, when the user submits the form, the answer is used as a parameter value and submitted to the server side, if the calculation is not completed at the moment, the user is prompted to submit too fast, and the calculation is waited to be completed;
and step four, the server side uses the received answer parameter value, takes the value of the session [ "request" ] as a salt value, calculates a Hash value, and checks whether the answer is correct, thereby judging whether cheating behaviors exist.
Figure BDA0001514995900000032

Claims (2)

1. A method for preventing a cheating program from being quickly committed, comprising: the method comprises the steps that a server generates a random number as a salt value and stores the salt value in session, a page carries out Hash calculation on an answer through a script, the answer starts from 0 until 4 characters before the Hash value obtained through calculation are 1111%; when the form is submitted, the answer is submitted together; and checking whether the answer meets the requirements at the server side so as to identify whether cheating behaviors exist.
2. The method of claim 1, wherein: the method comprises the following steps:
step one, when a form page is initialized, a server generates a random number and stores the random number in a session [ "query" ];
step two, the front-end page performs Hash calculation of a salt value in the script by using the generated random number to obtain a Hash value of an answer, wherein the answer starts from 0 until 4 characters before the calculated Hash value are '1111';
step three, when the user submits the form, the answer is used as a parameter value and submitted to the server side, if the calculation is not completed at the moment, the user is prompted to submit too fast, and the calculation is waited to be completed;
and step four, the server side uses the received answer parameter value, takes the value of the session [ "request" ] as a salt value, calculates a Hash value, and checks whether the answer is correct, thereby judging whether cheating behaviors exist.
CN201711377653.1A 2017-12-19 2017-12-19 Method for preventing cheating program from being rapidly submitted Active CN108089849B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711377653.1A CN108089849B (en) 2017-12-19 2017-12-19 Method for preventing cheating program from being rapidly submitted

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711377653.1A CN108089849B (en) 2017-12-19 2017-12-19 Method for preventing cheating program from being rapidly submitted

Publications (2)

Publication Number Publication Date
CN108089849A CN108089849A (en) 2018-05-29
CN108089849B true CN108089849B (en) 2021-04-27

Family

ID=62177290

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711377653.1A Active CN108089849B (en) 2017-12-19 2017-12-19 Method for preventing cheating program from being rapidly submitted

Country Status (1)

Country Link
CN (1) CN108089849B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102469091A (en) * 2010-11-18 2012-05-23 金蝶软件(中国)有限公司 Method for processing verification codes of pages, device and terminal
CN104035923A (en) * 2013-03-04 2014-09-10 阿里巴巴集团控股有限公司 Data inquiry method and device
CN104881479A (en) * 2015-06-03 2015-09-02 北京京东尚科信息技术有限公司 Method and device for limiting minimum operating interval of users
CN106713336A (en) * 2017-01-03 2017-05-24 厦门法信公证云科技有限公司 Electronic data safekeeping system and method based on double and asymmetric encryption technology
CN107016035A (en) * 2016-12-27 2017-08-04 阿里巴巴集团控股有限公司 form data processing method and server
CN107172121A (en) * 2017-03-29 2017-09-15 努比亚技术有限公司 A kind of devices and methods therefor for preventing Data duplication from submitting

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8181246B2 (en) * 2007-06-20 2012-05-15 Imperva, Inc. System and method for preventing web frauds committed using client-scripting attacks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102469091A (en) * 2010-11-18 2012-05-23 金蝶软件(中国)有限公司 Method for processing verification codes of pages, device and terminal
CN104035923A (en) * 2013-03-04 2014-09-10 阿里巴巴集团控股有限公司 Data inquiry method and device
CN104881479A (en) * 2015-06-03 2015-09-02 北京京东尚科信息技术有限公司 Method and device for limiting minimum operating interval of users
CN107016035A (en) * 2016-12-27 2017-08-04 阿里巴巴集团控股有限公司 form data processing method and server
CN106713336A (en) * 2017-01-03 2017-05-24 厦门法信公证云科技有限公司 Electronic data safekeeping system and method based on double and asymmetric encryption technology
CN107172121A (en) * 2017-03-29 2017-09-15 努比亚技术有限公司 A kind of devices and methods therefor for preventing Data duplication from submitting

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
JS限制客户频繁提交表单;活水源头LOVE;《https://www.cnblogs.com/shuiyuanlove/p/3412248.html》;20131107;全文 *
防止表单重复提交的校验;Sharker_;《https://blog.csdn.net/elsery/article/details/50143555》;20151202;全文 *
高级表单验证-针对多次提交表单(转);cqwf95925;《https://blog.csdn.net/cqwf95925/article/details/100267345》;20070701;全文 *

Also Published As

Publication number Publication date
CN108089849A (en) 2018-05-29

Similar Documents

Publication Publication Date Title
CN105306733B (en) Third party login based on cell phone application binds cell-phone number method
CN108011863B (en) Method and device for identifying brute force cracking
WO2016131365A1 (en) Information processing method, client, server and computer readable storage medium
CN102546770B (en) Unified account management method and third-party account management system
WO2015135305A1 (en) Method and device for verifying authenticity of a terminal
CA2770265A1 (en) Individualized time-to-live for reputation scores of computer files
JP2012527179A5 (en)
CN111241517A (en) Method and device for constructing biological characteristic verification question-answer library
CN104917756A (en) Login authentication method for network games
CN105491010A (en) Cross validation method and system for verification codes
EP3298531A1 (en) Brute force attack prevention system
CN109886810B (en) Crowdsourcing transaction method and system, readable storage medium and terminal
CN105162604A (en) Feature image identification based verification method and system, and verification server
CN108089849B (en) Method for preventing cheating program from being rapidly submitted
CN105429754A (en) Management method and system of national standard electronic seal
CN1980128A (en) Method and system for identifying internet user
CN110460617A (en) Machine examines examination system and Related product
SG11201810205XA (en) Method and device for preventing server from being attacked
CN109688109B (en) Verification method and device of verification code based on client information identification
CN107623664B (en) Password input method and device
RU2016130455A (en) METHOD AND SYSTEM FOR DETERMINING WHETHER THE USER IS A HUMAN
US20230370846A1 (en) Method and apparatus for detecting arbitrary account password reset logic vulnerability, and medium
WO2015018311A1 (en) Method and apparatus for verifying captcha
CN104348613A (en) User verification method, apparatus and system
CN105681344A (en) Verification code recognition system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 523808 19th floor, Cloud Computing Center, Chinese Academy of Sciences, No.1 Kehui Road, Songshanhu high tech Industrial Development Zone, Dongguan City, Guangdong Province

Applicant after: G-CLOUD TECHNOLOGY Co.,Ltd.

Address before: 523808 No. 14 Building, Songke Garden, Songshan Lake Science and Technology Industrial Park, Dongguan City, Guangdong Province

Applicant before: G-CLOUD TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant