CN108089849B - Method for preventing cheating program from being rapidly submitted - Google Patents
Method for preventing cheating program from being rapidly submitted Download PDFInfo
- Publication number
- CN108089849B CN108089849B CN201711377653.1A CN201711377653A CN108089849B CN 108089849 B CN108089849 B CN 108089849B CN 201711377653 A CN201711377653 A CN 201711377653A CN 108089849 B CN108089849 B CN 108089849B
- Authority
- CN
- China
- Prior art keywords
- answer
- value
- submitted
- calculation
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
- G06F8/22—Procedural
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
Abstract
The invention relates to the technical field of website development, in particular to a method for preventing cheating programs from being rapidly submitted. The method comprises the steps that a server generates a random number as a salt value and stores the salt value in a session, a page carries out hash calculation on the salt value on an answer through a script, and the answer starts from 0 until the obtained hash value meets the requirement; when the form is submitted, the answer is submitted together; and checking whether the answer meets the requirements at the server side so as to identify whether cheating behaviors exist. The invention solves the problems that the common form page is easy to be cracked by a cheating program and can be rapidly and repeatedly submitted with junk advertisement information in a short time.
Description
Technical Field
The invention relates to the technical field of website development, in particular to a method for preventing cheating programs from being rapidly submitted.
Background
Currently, the website form submission page usually adopts verification codes and measures for limiting the submission time interval of a single IP to prevent a cheated program from submitting spam repeatedly and quickly. However, with the technical progress, the verification code is easy to be identified and cracked, the verification code which is difficult to be identified influences the user experience, and the IP limitation is easy to be automatically replaced and cracked by the cheating program.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a method for preventing a cheating program from being rapidly submitted, and solve the problems that the user experience is influenced and the cheating program is easy to crack by the existing verification code and IP limiting mode.
The technical scheme for solving the technical problems is as follows:
the method comprises the steps that a server generates a random number as a salt value and stores the salt value in a session, a page carries out hash calculation on an answer through a script, and the answer starts from 0 until the obtained hash value meets the requirement; when the form is submitted, the answer is submitted together; and checking whether the answer meets the requirements at the server side so as to identify whether cheating behaviors exist.
The method comprises the following steps:
step one, when a form page is initialized, a server generates a random number and stores the random number in the form page
session [ "contention" ];
step two, the front-end page performs Hash calculation of a salt value in the script by using the generated random number to obtain a Hash value of an answer, and the answer starts from 0 until the calculated Hash value meets the requirement;
step three, when the user submits the form, the answer is used as a parameter value and submitted to the server side, if the calculation is not completed at the moment, the user is prompted to submit too fast, and the calculation is waited to be completed;
and step four, the server side uses the received answer parameter value, takes the value of the session [ "request" ] as a salt value, calculates a Hash value, and checks whether the answer is correct, thereby judging whether cheating behaviors exist.
If the answer check is correct, the cheating behavior is determined to be absent.
The invention has the beneficial effects that: calculating a Hash value on the page by using the generated salt value to obtain a specified result; although a certain amount of time is consumed, the user does not perceive and influence the user experience because the form filling is performed simultaneously with the user. The defense measures of the invention are different from the verification codes, and the common cheating program is difficult to crack. Even if the cheating program calculates and submits the Hash value according to the requirement, certain time is consumed; thereby preventing the spamming program from rapidly submitting spam. The method can be matched with the traditional verification code, IP limitation and other measures, and greatly limits the action of cheating programs.
Drawings
The invention is further described below with reference to the accompanying drawings:
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
As shown in fig. 1, the present invention employs the following steps:
step one, when a form page is initialized, a server generates a 4-bit random positive integer and stores the integer in a session [ "query" ];
Random rd=new Random();
int question=rd.Next(1000,9999);
session["question"]=question;
step two, the front-end page uses the generated random number as a salt value in the script to calculate the Hash value of an answer, the answer starts from 0, and the characters are '1111' until the first 4 characters of the Hash value are obtained through calculation;
step three, when the user submits the form, the answer is used as a parameter value and submitted to the server side, if the calculation is not completed at the moment, the user is prompted to submit too fast, and the calculation is waited to be completed;
and step four, the server side uses the received answer parameter value, takes the value of the session [ "request" ] as a salt value, calculates a Hash value, and checks whether the answer is correct, thereby judging whether cheating behaviors exist.
Claims (2)
1. A method for preventing a cheating program from being quickly committed, comprising: the method comprises the steps that a server generates a random number as a salt value and stores the salt value in session, a page carries out Hash calculation on an answer through a script, the answer starts from 0 until 4 characters before the Hash value obtained through calculation are 1111%; when the form is submitted, the answer is submitted together; and checking whether the answer meets the requirements at the server side so as to identify whether cheating behaviors exist.
2. The method of claim 1, wherein: the method comprises the following steps:
step one, when a form page is initialized, a server generates a random number and stores the random number in a session [ "query" ];
step two, the front-end page performs Hash calculation of a salt value in the script by using the generated random number to obtain a Hash value of an answer, wherein the answer starts from 0 until 4 characters before the calculated Hash value are '1111';
step three, when the user submits the form, the answer is used as a parameter value and submitted to the server side, if the calculation is not completed at the moment, the user is prompted to submit too fast, and the calculation is waited to be completed;
and step four, the server side uses the received answer parameter value, takes the value of the session [ "request" ] as a salt value, calculates a Hash value, and checks whether the answer is correct, thereby judging whether cheating behaviors exist.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711377653.1A CN108089849B (en) | 2017-12-19 | 2017-12-19 | Method for preventing cheating program from being rapidly submitted |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711377653.1A CN108089849B (en) | 2017-12-19 | 2017-12-19 | Method for preventing cheating program from being rapidly submitted |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108089849A CN108089849A (en) | 2018-05-29 |
CN108089849B true CN108089849B (en) | 2021-04-27 |
Family
ID=62177290
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711377653.1A Active CN108089849B (en) | 2017-12-19 | 2017-12-19 | Method for preventing cheating program from being rapidly submitted |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108089849B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102469091A (en) * | 2010-11-18 | 2012-05-23 | 金蝶软件(中国)有限公司 | Method for processing verification codes of pages, device and terminal |
CN104035923A (en) * | 2013-03-04 | 2014-09-10 | 阿里巴巴集团控股有限公司 | Data inquiry method and device |
CN104881479A (en) * | 2015-06-03 | 2015-09-02 | 北京京东尚科信息技术有限公司 | Method and device for limiting minimum operating interval of users |
CN106713336A (en) * | 2017-01-03 | 2017-05-24 | 厦门法信公证云科技有限公司 | Electronic data safekeeping system and method based on double and asymmetric encryption technology |
CN107016035A (en) * | 2016-12-27 | 2017-08-04 | 阿里巴巴集团控股有限公司 | form data processing method and server |
CN107172121A (en) * | 2017-03-29 | 2017-09-15 | 努比亚技术有限公司 | A kind of devices and methods therefor for preventing Data duplication from submitting |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8181246B2 (en) * | 2007-06-20 | 2012-05-15 | Imperva, Inc. | System and method for preventing web frauds committed using client-scripting attacks |
-
2017
- 2017-12-19 CN CN201711377653.1A patent/CN108089849B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102469091A (en) * | 2010-11-18 | 2012-05-23 | 金蝶软件(中国)有限公司 | Method for processing verification codes of pages, device and terminal |
CN104035923A (en) * | 2013-03-04 | 2014-09-10 | 阿里巴巴集团控股有限公司 | Data inquiry method and device |
CN104881479A (en) * | 2015-06-03 | 2015-09-02 | 北京京东尚科信息技术有限公司 | Method and device for limiting minimum operating interval of users |
CN107016035A (en) * | 2016-12-27 | 2017-08-04 | 阿里巴巴集团控股有限公司 | form data processing method and server |
CN106713336A (en) * | 2017-01-03 | 2017-05-24 | 厦门法信公证云科技有限公司 | Electronic data safekeeping system and method based on double and asymmetric encryption technology |
CN107172121A (en) * | 2017-03-29 | 2017-09-15 | 努比亚技术有限公司 | A kind of devices and methods therefor for preventing Data duplication from submitting |
Non-Patent Citations (3)
Title |
---|
JS限制客户频繁提交表单;活水源头LOVE;《https://www.cnblogs.com/shuiyuanlove/p/3412248.html》;20131107;全文 * |
防止表单重复提交的校验;Sharker_;《https://blog.csdn.net/elsery/article/details/50143555》;20151202;全文 * |
高级表单验证-针对多次提交表单(转);cqwf95925;《https://blog.csdn.net/cqwf95925/article/details/100267345》;20070701;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108089849A (en) | 2018-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105306733B (en) | Third party login based on cell phone application binds cell-phone number method | |
CN108011863B (en) | Method and device for identifying brute force cracking | |
WO2016131365A1 (en) | Information processing method, client, server and computer readable storage medium | |
CN102546770B (en) | Unified account management method and third-party account management system | |
WO2015135305A1 (en) | Method and device for verifying authenticity of a terminal | |
CA2770265A1 (en) | Individualized time-to-live for reputation scores of computer files | |
JP2012527179A5 (en) | ||
CN111241517A (en) | Method and device for constructing biological characteristic verification question-answer library | |
CN104917756A (en) | Login authentication method for network games | |
CN105491010A (en) | Cross validation method and system for verification codes | |
EP3298531A1 (en) | Brute force attack prevention system | |
CN109886810B (en) | Crowdsourcing transaction method and system, readable storage medium and terminal | |
CN105162604A (en) | Feature image identification based verification method and system, and verification server | |
CN108089849B (en) | Method for preventing cheating program from being rapidly submitted | |
CN105429754A (en) | Management method and system of national standard electronic seal | |
CN1980128A (en) | Method and system for identifying internet user | |
CN110460617A (en) | Machine examines examination system and Related product | |
SG11201810205XA (en) | Method and device for preventing server from being attacked | |
CN109688109B (en) | Verification method and device of verification code based on client information identification | |
CN107623664B (en) | Password input method and device | |
RU2016130455A (en) | METHOD AND SYSTEM FOR DETERMINING WHETHER THE USER IS A HUMAN | |
US20230370846A1 (en) | Method and apparatus for detecting arbitrary account password reset logic vulnerability, and medium | |
WO2015018311A1 (en) | Method and apparatus for verifying captcha | |
CN104348613A (en) | User verification method, apparatus and system | |
CN105681344A (en) | Verification code recognition system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 523808 19th floor, Cloud Computing Center, Chinese Academy of Sciences, No.1 Kehui Road, Songshanhu high tech Industrial Development Zone, Dongguan City, Guangdong Province Applicant after: G-CLOUD TECHNOLOGY Co.,Ltd. Address before: 523808 No. 14 Building, Songke Garden, Songshan Lake Science and Technology Industrial Park, Dongguan City, Guangdong Province Applicant before: G-CLOUD TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |