CodeIgniter Forums

Full Version: Prevent hack sms function
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi
I have a function in my API that send sms to user's mobile
I try limit it by user IP
But user can change IP and again send sms or hack it
Do you have best way for limit sms for each user?
Sessions? Store it in a DB? MFA?

We'd need a little more information.
(08-22-2019, 09:37 AM)albertleao Wrote: [ -> ]Sessions? Store it in a DB? MFA?

We'd need a little more information.

I save user's IP in database and check record count for each IP and in each 5 hour,user can send 5 sms
Limit send sms by ip and user_id, or registered mobile number or email address.
Since the session can be reset, which will lead to re-registration, and the IP can be changed as gloves for example through Tor, I would do a code check via mail + phone and (QR Codes {Google auth or other}) . and for example kept something in localStorage through js as in a case with sessions.