1

我有一个注册表格,可以正常注册。作为防止滥用/僵尸程序的一部分,如果您尝试在最后一次的 3 小时内从同一 IP 地址注册另一个帐户,注册页面将显示反脚本检查。

但是,我设法获得了一个脚本,该脚本正在设法绕过此检查。该脚本可以在 Windows 上使用 Firefox 的宏扩展来运行。它使用 email.txt 作为电子邮件地址的来源。

email="email.txt"
akun=new Array()
ID=new Array()

for(ns=1;ns<=2000;ns++){
iimPlay("CODE:"
+"\n"+"CMDLINE !DATASOURCE "+email
+"\n"+"SET !DATASOURCE_COLUMNS 1"
+"\n"+"SET !LOOP "+(ns)
+"\n"+"SET !EXTRACT {{!COL1}}")
akun[ns]=iimGetLastExtract();if(akun[ns]==""||akun[ns]=="undefined"||akun[ns]=="#eanf#")
{break}
ID[ns]=akun[ns].replace("@yahoo.com","")


i=iimPlay("CODE:"
+"\n"+"URL GOTO=http://www.website.com/signup"
+"\n"+"TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=NAME:email CONTENT="+akun[ns]
+"\n"+"TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=NAME:confirm CONTENT="+akun[ns]
+"\n"+"TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=NAME:username CONTENT="+ID[ns]
+"\n"+"SET !ENCRYPTION NO"
+"\n"+"TAG POS=1 TYPE=INPUT:PASSWORD FORM=NAME:NoFormName ATTR=NAME:password CONTENT=satan1234"
+"\n"+"TAG POS=1 TYPE=INPUT:PASSWORD FORM=NAME:NoFormName ATTR=NAME:confirm_password CONTENT=satan1234"
+"\n"+"TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:NoFormName ATTR=NAME:referral CONTENT=52799"
+"\n"+"TAG POS=1 TYPE=INPUT:CHECKBOX FORM=NAME:NoFormName ATTR=NAME:tos CONTENT=YES"
+"\n"+"pause"
+"\n"+"TAG POS=1 TYPE=INPUT:SUBMIT FORM=ID:street-register ATTR=NAME:register&&VALUE:Play<SP>For<SP>Free<SP>→"
+"\n"+"TAG POS=1 TYPE=A ATTR=TXT:Logout"
)
if(i!=1){break};
iimDisplay (ns)
}

谁能提醒我如何阻止这个脚本无休止地工作?

谢谢

4

1 回答 1

1

Since all request do originate from the same IP address, please doa server-side check with your logic. Somewhere you should store what requests have already been placed. Then check the server variable "remote address" against these values. Have they already placed a request the last 3 hours, then reject it and don't process it any further.

Don't rely on client-side scripts. And also don't rely on any values passed on by the client's request, as they can all be manipulated.

于 2012-11-06T09:44:50.053 回答