Skip to content

Pay the perfect solution for the vulnerability the game class electricity supplier website

[reading object]: ordinary shopping Internet users, games, electricity providers, technical personnel, third party payment platform.


]: history has been, phishing fraud is rampant, many games electricity supplier websites are caught, many users are cheated.

[]: the focus is the largest entertainment sites, these sites operate the virtual goods service, liar cheat money to get rid of the moment. Physical class sites are rarely used. These business entertainment games, card recharge sites, we referred to as the a website.

[Netizens feel]: often unknown truth, report no door. Heavy losses.


]: liar deception principle

the first step: liar registered members on the site a. Manual or automatic program, get the order on the website a, get the order number;

the second step: the liar to pay the order to the web site to be cheated, induce the victim to pay. Those who visit the site to pay, it will jump to the third party payment platform, and then enter the online banking payment. After the payment is successful, it is tantamount to spend money to buy things for a liar.

the third step: the moment to buy things to buy a liar.

[payment loopholes where]: the site did not detect the single a and payment is not the same person, there is no time to freeze the account number of the liar. When people are around to find out, after the complaint report, the site a to freeze the liar account number, the liar has to buy something squandered.

[Payment]: the principle of vulnerability solution collecting collating information, summarize some lessons of website experience, analysis of swindlers principle, summed up the website a IP can be used to completely block the payment of vulnerability comparison method.

[some sites are not ripe to detect fishing order method]:

1, limiting the number of orders per member per day. Limit each member can only submit n daily list. More than this quantity can not order. Problems: can be registered by multiple members to break the limit.

2, limiting the number of orders per IP for a given period of time. For example, limit 1 hours up to a single n, the number of orders over N, it continues to limit the order of ip. Problems: by changing the IP breakthrough limit.

3, limit the amount of single payment method. Such as limiting the maximum single 500010000, etc.. Problems: the normal payment of normal members. A liar can also limit the scope of deception.

4, the third party payment platform to determine whether the source of the order of payment is corresponding to the number of sites. Find the corresponding source domain is not order merchant website, will prohibit the payment, and gives the risk warning. Existing problems: through software simulation of antecedents to break the restrictions of forgery.


Comments are closed.

Leave a Reply

Your email address will not be published. Required fields are marked *