技术饭
网站防刷,防止羊毛党:顶象、数美数据接口配置
最近做了很多的微信活动,特别是答题发红包活动,除了并发量需要处理之外,还有一个很重要的点就是网站防刷、防止羊毛党刷接口,因为微信上羊毛党养了很多的机器微信号,活动如果在只有微信授权的情况下,无法做到完全的限制,即使通过ip来限制也没办法完全限制,因为羊毛党还可以通过模拟定位、模拟ip来访问,只要是正常的微信号还是可以突破防线的,那这时候第三方防刷也是有点必要的。
为什么要做防刷:“微信群控”:虚假养号、色情变现、薅羊毛,微信黑产全揭露!外挂、群控养号
如果做的活动红包都被羊毛党刷走了,正常用户就无法正常参与活动,这个就背离了做活动的初衷,如果都被羊毛党刷了,活动还不如不做,所以羊毛党就想苍蝇一样很烦人。
下面介绍两个防刷的第三方接口,当然你可以自己仿造这去写一份防刷功能,这里不做推荐,只是做个介绍而已。
1、顶象:https://console.dingxiang-inc.com/
1)、前端
<script src="https://cdn.dingxiang-inc.com/ctu-group/constid-js/index.js"></script>
<script type="text/javascript">
var options = {
appId: 'ce7140894a53424243200c71787fcafb3728', // 唯一标识,必填
server: 'https://constid.dingxiang-inc.com/udid/c1', // ConstId 服务接口,可选
userId: 'oHL30wVEuI258Lgp8d1kQmSSW4dU4g' // 用户标识,可选
};
_dx.ConstID(options, function (e, id) {
if (e) {
console.log('error: ' + e);
return;
}
//初始化后的 token id 通过接口或者头部传给后端做验证
console.log('token is ' + id);
console.log(_dx.constID === id); // true
});
</script>
2)、后端
/**
* [dingxiang 顶象防刷]
* @param string $token [前端返回token]
* @param string $openid [openid]
* @return [type] [description]
*/
public function dingxiang($token = '', $openid = '') {
//获取参数
$params = $this->request->param();
//加载自动加载文件
require_once env('extend_path') . 'dingxiang' . DIRECTORY_SEPARATOR . 'CtuClient.php';
$url = "https://sec.dingxiang-inc.com/ctu/event.do";
$appId = "ce7140894a53424243200c71787fcafb3728";
$appSecret = "eee920540e857b3c19121ef8fb38df42b537";
//时区
//ini_set('date.timezone','Asia/Shanghai');
//构造请求参数
$request = new \CtuClient($url, $appId, $appSecret);
$reqJsonString = json_encode($request, JSON_UNESCAPED_UNICODE);
$ctuRequest = new \CtuRequest();
//$data 具体的业务参数,根据业务实际情况传入
$data = array(
"const_id" => $token, //设备指纹token,端上获取 传入后台
"user_id" => $openid,
"source" => 3,
"ext_submit_time" => date('Y-m-d H:i:s'),
"ext_current_url" => $this->request->url(true),
"ext_user_agent" => $this->request->header('user-agent'),
"ip" => $this->request->ip()
);
//$eventCode 事件code
$ctuRequest->eventCode = "draw";
$ctuRequest->flag = "activity_" . time();
$ctuRequest->data = $data;
//请求超时时间,单位秒
$timeout = 1;
//调用风控引擎
$responseData = $request->checkRisk($ctuRequest, $timeout);
$jsonResult = json_decode($responseData, true);
$result = $jsonResult['result']["riskLevel"];
//根据不同风险做出相关处理
if ($result == "ACCEPT") {
//无风险,建议放过
$rdata['code'] = 1;
$rdata['msg'] = '无风险,建议放过';
return $rdata;
} else if ($result == "REVIEW") {
//不确定,需要进一步审核
$rdata['code'] = 0;
$rdata['msg'] = '不确定,需要进一步审核';
return $rdata;
} else if ($result == "REJECT") {
//有风险,建议拒绝
$rdata['code'] = 0;
$rdata['msg'] = '有风险,建议拒绝';
return $rdata;
}
}
2、数美:https://console.ishumei.com/
1)、前端
<script type="text/javascript">
(function() {
window._smReadyFuncs = [];
window.SMSdk = {
ready: function(fn) {
fn && _smReadyFuncs.push(fn);
}
};
// 1. 通用配置项
window._smConf = {
organization: 'toqhqa2LszcOBG2aKeiJG17', //必填,组织标识,邮件中 organization 项
staticHost: 'static.fengkongcloud.com' //2.连接海外机房特殊配置项,仅供设备数据上报海外机房客户使用
//apiHost:'fp-sa-it.fengkongcloud.com' //连接新加坡机房客户使用此选项
//apiHost: 'fp-na-it.fengkongcloud.com' //连接到美国机房客户使用此选项
};
var url = (function () {
var originHost = "static2.fengkongcloud.com";
var isHttps = 'https:' === document.location.protocol;
var protocol = isHttps ? 'https://' : 'http://';
var fpJsPath = '/fpv2.js';
var url = protocol + _smConf.staticHost + fpJsPath;
var ua = navigator.userAgent.toLowerCase();
var isWinXP = /windows\s(?:nt\s5.1)|(?:xp)/.test(ua);
var isLowIE = /msie\s[678]\.0/.test(ua);
if(isHttps && isWinXP && isLowIE) {
url = protocol + originHost + fpJsPath;
}
return url;
})();
var sm = document.createElement("script");
var s = document.getElementsByTagName("script")[0];
sm.src = url;
s.parentNode.insertBefore(sm, s);
})();
</script>
<script>
/**
* cb业务逻辑
* 使用数美设备标识逻辑
*/
function dealSmDeviceId(cb) {
var smTimeoutTime = 100;
var smDeviceId = "";
var smDeviceIdReady = false;
var smTimer = setTimeout(function(){
smDeviceId = SMSdk.getDeviceId ? SMSdk.getDeviceId() : smDeviceId;
if(!smDeviceIdReady) {
smDeviceIdReady = true;
//执行业务逻辑
cb && cb(smDeviceId);
}
}, smTimeoutTime);
SMSdk.ready(function(){
smDeviceId = SMSdk.getDeviceId ? SMSdk.getDeviceId() : smDeviceId;
clearTimeout(smTimer);
if(!smDeviceIdReady) {
smDeviceIdReady = true;
//执行业务逻辑
cb && cb(smDeviceId);
}
});
}
//客户根据实际情况选择以下场景,如有疑惑直接联系数美技术支持答疑
//场景一:需要点击按钮(如:登录、注册、领卷等)交互场景使用
/*var buttonEl = document.getElementById('getDeviceId');
bindEvent(buttonEl, 'click', function() {
dealSmDeviceId(cb);
});
*/
//场景二:无需交互直接使用(如:浏览)
dealSmDeviceId(function(deviceId){
//初始化后的 deviceId 通过接口或者头部传给后端做验证
window.console && console.log('回调执行成功,设备标识为:'+deviceId);
});
</script>
2)、后端
/**
* [smlogin 数美防刷登录]
* @param string $deviceId [设备ID]
* @param string $openid [openid]
*/
public function smlogin($deviceId = '', $openid = '') {
//请求地址
$url = "http://api-tw-bj.fengkongcloud.com/v3/event";
//发送数据
$data = [
"accessKey" => 'AvDmRa2QwM243kujdmtgOs',
"appId" => 'default',
"eventId" => 'login',
"data" => [
'tokenId' => $openid,
'ip' => $this->request->ip(),
'timestamp' => time(),
'deviceId' => $deviceId,
'os' => 'web'
]
];
//请求并返回数据
$res = $this->https_post($url, json_encode($data));
$res = json_decode($res, true);
if($res['code'] == 1100 && $res['riskLevel'] == 'PASS'){
//登录成功
$rdata['code'] = 1;
$rdata['msg'] = $res['message'];
$rdata['data'] = $res;
return $rdata;
} else {
//失败
$rdata['code'] = 0;
$rdata['msg'] = $res['message'];
return $rdata;
}
}
/**
* [smtask 数美防刷任务]
* @param string $deviceId [设备ID]
* @param string $openid [openid]
*/
public function smtask($deviceId = '', $openid = '') {
//请求地址
$url = "http://api-skynet-bj.fengkongcloud.com/v3/event";
//发送数据
$data = [
"accessKey" => 'AvDmRa2QwM243kujdmtgOs',
"appId" => 'default',
"eventId" => 'task',
"data" => [
'tokenId' => $openid,
'ip' => $this->request->ip(),
'timestamp' => time(),
'taskId' => $openid,
'deviceId' => $deviceId,
'os' => 'web'
]
];
//请求并返回数据
$res = $this->https_post($url, json_encode($data));
$res = json_decode($res, true);
if($res['code'] == 1100 && $res['riskLevel'] == 'PASS'){
//登录成功
$rdata['code'] = 1;
$rdata['msg'] = $res['message'];
$rdata['data'] = $res;
return $rdata;
} else {
//失败
$rdata['code'] = 0;
$rdata['msg'] = $res['message'];
return $rdata;
}
}
/**
* [https_post curl处理post]
* @param [type] $url [地址]
* @param [type] $data [json数据]
*/
public function https_post($url, $data) {
//初始化curl
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
if (!empty($data)){
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
}
//设置选项
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($curl);
curl_close($curl);
//返回数据
return $output;
}
总结:防刷程序其实如果有时间,可以自行开发,第三方毕竟是需要一定的费用,当然了第三方的防刷规则不一定能百分百得屏蔽刷机。
文明上网理性发言!