abuse prevention

System Architect Go

Dec 29, 2017 · Information Security

Mitigating SMS API Abuse with Captcha, Signatures, and Third‑Party Verification

After suffering significant losses from malicious bulk requests to a registration‑focused SMS API, the author explains why simple phone‑number or IP restrictions are ineffective and proposes stronger defenses such as server‑validated captchas, request signatures, and integration with third‑party verification services like Geetest.