[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-cloudflare-account-abuse-protection-fraud-zh":3,"tags-cloudflare-account-abuse-protection-fraud-zh":34,"related-lang-cloudflare-account-abuse-protection-fraud-zh":50,"related-posts-cloudflare-account-abuse-protection-fraud-zh":54,"series-tools-f0cd6c3c-bf63-4275-aed9-8778e5518222":91},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":22,"translated_content":10,"views":23,"is_premium":24,"created_at":25,"updated_at":25,"cover_image":11,"published_at":26,"rewrite_status":27,"rewrite_error":10,"rewritten_from_id":28,"slug":29,"category":30,"related_article_id":31,"status":32,"google_indexed_at":33,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":10,"topic_cluster_id":10,"embedding":10,"is_canonical_seed":24},"f0cd6c3c-bf63-4275-aed9-8778e5518222","Cloudflare 加強帳號濫用防護","\u003Cp>\u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Cloudflare\u003C\u002Fa> 這次不是只在擋 bot。它把焦點拉到帳號濫用。官方說，近一週平均每天攔下 69 億次可疑登入嘗試。這數字很直接。現在的詐騙，早就不是單純腳本亂打而已。\u003C\u002Fp>\u003Cp>這套新功能叫 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Account Abuse Protection\u003C\u002Fa>。它先開放給 \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fproducts\u002Fbot-management\u002F\" target=\"_blank\" rel=\"noopener\">Bot Management\u003C\u002Fa> 的 Enterprise 客戶。Cloudflare 也說，之後會把它放進 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Cloudflare Fraud Prevention\u003C\u002Fa>。講白了，這是在把登入、註冊、憑證外洩，全部拉進同一個防線。\u003C\u002Fp>\u003Cp>我覺得這方向很務實。因為攻擊者現在很會混搭。腳本、真人、代理\u003Ca href=\"\u002Fnews\u002Falibaba-risc-v-ai-cpu-server-chips-zh\">伺服器\u003C\u002Fa>、外洩資料、\u003Ca href=\"\u002Fnews\u002Fai-pc-build-budget-config-guide-zh\">AI\u003C\u002Fa> 工具，全都能一起上。你如果還只看 IP，真的會被玩爛。\u003C\u002Fp>\u003Ch2>為什麼 Cloudflare 要把範圍拉大\u003C\u002Fh2>\u003Cp>以前很多團隊看帳號安全，只問一件事。這是不是機器人。現在這題太小了。更該問的是，這個帳號到底真不真。因為攻擊者可以先用外洩密碼試登入，再用代理輪換位置，最後用真人去補最後一腳。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775198039137-4jn5.png\" alt=\"Cloudflare 加強帳號濫用防護\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這種打法很煩。它不會只打你的登入頁。它也會打你的註冊流程、試用方案、推薦獎勵，還有付款前的身份驗證。假帳號一多，廣告費、行銷費、客服成本都會一起上升。說真的，這很像在幫壞人買單。\u003C\u002Fp>\u003Cp>\u003Ca href=\"\u002Fnews\u002Fcloudflare-emdash-wordpress-successor-zh\">Clou\u003C\u002Fa>dflare 之前就丟過一些數字。它說去年有 41% 的登入用了外洩憑證。它也在 2024 年 Black Friday 分析裡提到，超過 60% 的登入頁流量是自動化。這不是邊角料。這是日常環境。\u003C\u002Fp>\u003Cul>\u003Cli>去年有 41% 的登入使用外洩憑證。\u003C\u002Fli>\u003Cli>2024 Black Friday 期間，超過 60% 的登入頁流量是自動化。\u003C\u002Fli>\u003Cli>近一週每天攔下 69 億次可疑登入。\u003C\u002Fli>\u003Cli>Cloudflare 提到，16 億筆資料的資料庫讓密碼重用更危險。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>這次新增了哪些防護\u003C\u002Fh2>\u003Cp>這次最先上的是註冊端的兩個功能。第一個是 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Disposable email check\u003C\u002Fa>。它用來抓一次性信箱。這類信箱常被拿來洗註冊、薅試用、騙活動碼。\u003C\u002Fp>\u003Cp>第二個是 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Email risk\u003C\u002Fa>。它會把信箱分成 low、medium、high 三種風險等級。這很實際。因為你不用一刀切封鎖所有人。你可以對高風險帳號多做一步驗證，對低風險帳號少打擾。\u003C\u002Fp>\u003Cp>第三個是 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Hashed User IDs\u003C\u002Fa>。它會把使用者名稱做雜湊，變成每個網域內穩定的識別碼。Cloudflare 說，它不會把明文 username 當成這個功能的一部分去記錄或儲存。這點很重要。因為很多安全工具一碰到使用者資料，就開始往隱私地雷區走。\u003C\u002Fp>\u003Cul>\u003Cli>Disposable email check 可抓一次性信箱。\u003C\u002Fli>\u003Cli>Email risk 分成 low、medium、high 三級。\u003C\u002Fli>\u003Cli>Hashed User IDs 會把 username 雜湊成穩定識別碼。\u003C\u002Fli>\u003Cli>Cloudflare 說不會記錄或儲存明文 username。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>這套東西建在什麼基礎上\u003C\u002Fh2>\u003Cp>Cloudflare 不是從零開始。它在 2024 年就把 leaked credential detection 開放給所有客戶，連 Free plan 都有。它也把 account takeover detection IDs 放進 bot management 架構裡。這次只是把零散功能串起來。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775198049052-gl2i.png\" alt=\"Cloudflare 加強帳號濫用防護\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這個串法很重要。因為單看 IP，現在真的不夠。住宅代理、行動網路、雲端跳板，外加 AI 輔助操作，都讓來源判斷越來越不準。你封一個 IP，對方可能 5 分鐘內就換 3 個。\u003C\u002Fp>\u003Cp>Cloudflare 的做法是把風險往帳號層拉。也就是說，它不只看來源，也看使用者行為。這對電商、金融、社群、SaaS 都有用。因為這些服務最怕的，不是某個 IP 很吵，而是同一個壞人一直換馬甲。\u003C\u002Fp>\u003Cblockquote>“The core question in this case is not ‘Is this automated?’ but rather ‘Is this authentic?’” — Jin-Hee Lee, Cloudflare\u003C\u002Fblockquote>\u003Ch2>和舊式防護比起來差在哪\u003C\u002Fh2>\u003Cp>傳統 bot 防護很會抓明顯自動化。像是固定節奏、異常標頭、怪異瀏覽器指紋。問題是，現在很多濫用看起來很像真人。甚至就是真人在幫忙操作。這時候只靠 bot 規則，命中率會掉。\u003C\u002Fp>\u003Cp>Cloudflare 這次把重點放在帳號本身。這代表它想把註冊、登入、風險分數、使用者識別，串成一條線。這條線比單點封鎖更實用。因為詐騙很少只靠一個訊號就得手。\u003C\u002Fp>\u003Cp>如果拿常見方案來比，大概是這樣：\u003C\u002Fp>\u003Cul>\u003Cli>\u003Cstrong>只看 IP\u003C\u002Fstrong>：擋噪音有效，但遇到代理輪換就很弱。\u003C\u002Fli>\u003Cli>\u003Cstrong>只看憑證\u003C\u002Fstrong>：能抓重複密碼，但抓不到假註冊。\u003C\u002Fli>\u003Cli>\u003Cstrong>看註冊風險\u003C\u002Fstrong>：能先擋掉試用濫用和活動碼濫領。\u003C\u002Fli>\u003Cli>\u003Cstrong>看使用者層識別\u003C\u002Fstrong>：能把同一個壞人跨裝置、跨地點串起來。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>這也解釋了為什麼數據很重要。Cloudflare 說它每天攔下 69 億次可疑登入。這代表問題量級已經很大。對企業來說，手動審核早就不夠用了。你需要的是可自動化的風險分層，不是客服人員一個一個翻。\u003C\u002Fp>\u003Ch2>產業現在為什麼特別需要這類工具\u003C\u002Fh2>\u003Cp>帳號濫用其實跟商業模式綁很緊。只要你的產品有註冊、有試用、有推薦獎勵，就會被盯上。假帳號不只會吃資源，還會污染資料。你之後看成效報表，可能會誤判行銷真的有效。\u003C\u002Fp>\u003Cp>這也是很多產品團隊現在很頭痛的地方。資料看起來漂亮，實際上是被刷出來的。這種情況下，安全不再只是防守。它也在保資料品質。對開發者來說，這件事很現實。因為你寫的演算法再好，輸入資料爛掉，一樣白搭。\u003C\u002Fp>\u003Cp>整體來看，Cloudflare 這次的方向，是把 fraud prevention 往更細的帳號層推。它不是只抓網路流量。它在抓行為、身份、註冊風險。這跟過去那種「看起來像 bot 就擋」的思路，差很多。\u003C\u002Fp>\u003Ch2>接下來你該看什麼\u003C\u002Fh2>\u003Cp>如果你有做登入、註冊、試用、推薦碼，這次更新很值得檢查。先看你能不能擋一次性信箱。再看你能不能替信箱或帳號做風險分數。最後看你能不能把異常行為綁到使用者，而不是只綁到 IP。\u003C\u002Fp>\u003Cp>我會直接下這個判斷：接下來 12 個月，帳號防護會更像身份風險分析，而不是傳統 bot 過濾。誰先把註冊風險和登入真實性做進產品流程，誰就比較不會被假帳號拖著跑。你如果現在還沒做，真的該排進 roadmap 了。\u003C\u002Fp>","Cloudflare 推出 Account Abuse Protection，鎖定假註冊、外洩憑證與帳號接管。官方稱近一週每天攔下 69 億次可疑登入，企業可先看風險分數與一次性信箱偵測。","blog.cloudflare.com","https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775198039137-4jn5.png",[13,14,15,16,17,18,19,20,21],"Cloudflare","帳號濫用","Fraud Prevention","Bot Management","外洩憑證","假註冊","Account Takeover","一次性信箱","風險分數","zh",1,false,"2026-04-03T06:33:37.385059+00:00","2026-04-03T06:33:37.055+00:00","done","6d2bb130-d260-4e8e-ab1b-58a2ee0ebd2e","cloudflare-account-abuse-protection-fraud-zh","tools","927718e8-88af-44a1-9f32-a6422f4e44af","published","2026-04-07T07:41:10.621+00:00",[35,38,41,42,43,45,46,47],{"name":36,"slug":37},"account takeover","account-takeover",{"name":39,"slug":40},"fraud prevention","fraud-prevention",{"name":20,"slug":20},{"name":21,"slug":21},{"name":13,"slug":44},"cloudflare",{"name":17,"slug":17},{"name":18,"slug":18},{"name":48,"slug":49},"bot management","bot-management",{"id":31,"slug":51,"title":52,"language":53},"cloudflare-account-abuse-protection-fraud-en","Cloudflare Adds Account Abuse Protection for Fraud","en",[55,61,67,73,79,85],{"id":56,"slug":57,"title":58,"cover_image":59,"image_url":59,"created_at":60,"category":30},"d058a76f-6548-4135-8970-f3a97f255446","why-gemini-api-pricing-is-cheaper-than-it-looks-zh","為什麼 Gemini API 定價其實比看起來更便宜","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778869845081-j4m7.png","2026-05-15T18:30:25.797639+00:00",{"id":62,"slug":63,"title":64,"cover_image":65,"image_url":65,"created_at":66,"category":30},"68e4be16-dc38-4524-a6ea-5ebe22a6c4fb","why-vidhub-huiyuan-hutong-bushi-quan-shebei-tongyong-zh","為什麼 VidHub 會員互通不是「買一次全設備通用」","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778789450987-advz.png","2026-05-14T20:10:24.048988+00:00",{"id":68,"slug":69,"title":70,"cover_image":71,"image_url":71,"created_at":72,"category":30},"7a1e174f-746b-4e82-a0e3-b2475ab39747","why-buns-zig-to-rust-experiment-is-right-zh","為什麼 Bun 的 Zig-to-Rust 實驗是對的","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778767879127-5dna.png","2026-05-14T14:10:26.886397+00:00",{"id":74,"slug":75,"title":76,"cover_image":77,"image_url":77,"created_at":78,"category":30},"e742fc73-5a65-4db3-ad17-88c99262ceb7","why-openai-api-pricing-is-product-strategy-zh","為什麼 OpenAI API 定價是產品策略，不是註腳","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778749859485-chvz.png","2026-05-14T09:10:26.003818+00:00",{"id":80,"slug":81,"title":82,"cover_image":83,"image_url":83,"created_at":84,"category":30},"c757c5d8-eda9-45dc-9020-4b002f4d6237","why-claude-code-prompt-design-beats-ide-copilots-zh","為什麼 Claude Code 的提示設計贏過 IDE Copilot","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778742645084-dao9.png","2026-05-14T07:10:29.371901+00:00",{"id":86,"slug":87,"title":88,"cover_image":89,"image_url":89,"created_at":90,"category":30},"4adef3ab-9f07-4970-91cf-77b8b581b348","why-databricks-model-serving-is-right-default-zh","為什麼 Databricks Model Serving 是生產推論的正確預設","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778692245329-a2wt.png","2026-05-13T17:10:30.659153+00:00",[92,97,102,107,112,117,122,127,132,137],{"id":93,"slug":94,"title":95,"created_at":96},"de769291-4574-4c46-a76d-772bd99e6ec9","googles-biggest-gemini-launches-in-2026-zh","Google 2026 最大 Gemini 盤點","2026-03-26T07:26:39.21072+00:00",{"id":98,"slug":99,"title":100,"created_at":101},"855cd52f-6fab-46cc-a7c1-42195e8a0de4","surepath-real-time-mcp-policy-controls-zh","SurePath 推出即時 MCP 政策控管","2026-03-26T07:57:40.77233+00:00",{"id":103,"slug":104,"title":105,"created_at":106},"9b19ab54-edef-4dbd-9ce4-a51e4bae4ebb","mcp-in-2026-the-ai-tool-layer-teams-use-zh","2026 年 MCP：團隊真的在用的 AI 工具層","2026-03-26T08:01:46.589694+00:00",{"id":108,"slug":109,"title":110,"created_at":111},"af9c46c3-7a28-410b-9f04-32b3de30a68c","prompting-in-2026-what-actually-works-zh","2026 提示工程，真正有用的是什麼","2026-03-26T08:08:12.453028+00:00",{"id":113,"slug":114,"title":115,"created_at":116},"05553086-6ed0-4758-81fd-6cab24b575e0","garry-tan-open-sources-claude-code-toolkit-zh","Garry Tan 開源 Claude Code 工具包","2026-03-26T08:26:20.068737+00:00",{"id":118,"slug":119,"title":120,"created_at":121},"042a73a2-18a2-433d-9e8f-9802b9559aac","github-ai-projects-to-watch-in-2026-zh","2026 必看 20 個 GitHub AI 專案","2026-03-26T08:28:09.619964+00:00",{"id":123,"slug":124,"title":125,"created_at":126},"a5f94120-ac0d-4483-9a8b-63590071ac6a","claude-code-vs-cursor-2026-zh","Claude Code 與 Cursor 深度對比：202…","2026-03-26T13:27:14.279193+00:00",{"id":128,"slug":129,"title":130,"created_at":131},"0975afa1-e0c7-4130-a20d-d890eaed995e","practical-github-guide-learning-ml-2026-zh","2026 機器學習入門 GitHub 實用指南","2026-03-27T01:16:49.712576+00:00",{"id":133,"slug":134,"title":135,"created_at":136},"bfdb467a-290f-4a80-b3a9-6f081afb6dff","aiml-2026-student-ai-ml-lab-repo-review-zh","AIML-2026：像課綱的學生實驗 Repo","2026-03-27T01:21:51.467798+00:00",{"id":138,"slug":139,"title":140,"created_at":141},"80cabc3e-09fc-4ff5-8f07-b8d68f5ae545","ai-trending-github-repos-and-research-feeds-zh","AI Trending：把 AI 資源收成一張表","2026-03-27T01:31:35.262183+00:00"]