+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Prevent hack sms function (/showthread.php?tid=74199)
Prevent hack sms function - omid_student - 08-22-2019
Hi
I have a function in my API that send sms to user's mobile
I try limit it by user IP
But user can change IP and again send sms or hack it
Do you have best way for limit sms for each user?
RE: Prevent hack sms function - albertleao - 08-22-2019
Sessions? Store it in a DB? MFA?
We'd need a little more information.
RE: Prevent hack sms function - omid_student - 08-22-2019
(08-22-2019, 09:37 AM)albertleao Wrote: Sessions? Store it in a DB? MFA?
We'd need a little more information.
I save user's IP in database and check record count for each IP and in each 5 hour,user can send 5 sms
RE: Prevent hack sms function - refik5 - 09-28-2019
Limit send sms by ip and user_id, or registered mobile number or email address.
RE: Prevent hack sms function - Digital_Wolf - 09-28-2019
Since the session can be reset, which will lead to re-registration, and the IP can be changed as gloves for example through Tor, I would do a code check via mail + phone and (QR Codes {Google auth or other}) . and for example kept something in localStorage through js as in a case with sessions.