[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-cloudflare-account-abuse-protection-fraud-zh":3,"article-related-cloudflare-account-abuse-protection-fraud-zh":29,"series-tools-f0cd6c3c-bf63-4275-aed9-8778e5518222":87},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":11,"views":26,"created_at":27,"published_at":28,"topic_cluster_id":11},"f0cd6c3c-bf63-4275-aed9-8778e5518222","cloudflare-account-abuse-protection-fraud-zh","Cloudflare 加強帳號濫用防護","\u003Cp>\u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Cloudflare\u003C\u002Fa> 這次不是只在擋 bot。它把焦點拉到帳號濫用。官方說，近一週平均每天攔下 69 億次可疑登入嘗試。這數字很直接。現在的詐騙，早就不是單純腳本亂打而已。\u003C\u002Fp>\u003Cp>這套新功能叫 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Account Abuse Protection\u003C\u002Fa>。它先開放給 \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fproducts\u002Fbot-management\u002F\" target=\"_blank\" rel=\"noopener\">Bot Management\u003C\u002Fa> 的 Enterprise 客戶。Cloudflare 也說，之後會把它放進 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Cloudflare Fraud Prevention\u003C\u002Fa>。講白了，這是在把登入、註冊、憑證外洩，全部拉進同一個防線。\u003C\u002Fp>\u003Cp>我覺得這方向很務實。因為攻擊者現在很會混搭。腳本、真人、代理\u003Ca href=\"\u002Fnews\u002Falibaba-risc-v-ai-cpu-server-chips-zh\">伺服器\u003C\u002Fa>、外洩資料、\u003Ca href=\"\u002Fnews\u002Fai-pc-build-budget-config-guide-zh\">AI\u003C\u002Fa> 工具，全都能一起上。你如果還只看 IP，真的會被玩爛。\u003C\u002Fp>\u003Ch2>為什麼 Cloudflare 要把範圍拉大\u003C\u002Fh2>\u003Cp>以前很多團隊看帳號安全，只問一件事。這是不是機器人。現在這題太小了。更該問的是，這個帳號到底真不真。因為攻擊者可以先用外洩密碼試登入，再用代理輪換位置，最後用真人去補最後一腳。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775198039137-4jn5.png\" alt=\"Cloudflare 加強帳號濫用防護\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這種打法很煩。它不會只打你的登入頁。它也會打你的註冊流程、試用方案、推薦獎勵，還有付款前的身份驗證。假帳號一多，廣告費、行銷費、客服成本都會一起上升。說真的，這很像在幫壞人買單。\u003C\u002Fp>\u003Cp>\u003Ca href=\"\u002Fnews\u002Fcloudflare-emdash-wordpress-successor-zh\">Clou\u003C\u002Fa>dflare 之前就丟過一些數字。它說去年有 41% 的登入用了外洩憑證。它也在 2024 年 Black Friday 分析裡提到，超過 60% 的登入頁流量是自動化。這不是邊角料。這是日常環境。\u003C\u002Fp>\u003Cul>\u003Cli>去年有 41% 的登入使用外洩憑證。\u003C\u002Fli>\u003Cli>2024 Black Friday 期間，超過 60% 的登入頁流量是自動化。\u003C\u002Fli>\u003Cli>近一週每天攔下 69 億次可疑登入。\u003C\u002Fli>\u003Cli>Cloudflare 提到，16 億筆資料的資料庫讓密碼重用更危險。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>這次新增了哪些防護\u003C\u002Fh2>\u003Cp>這次最先上的是註冊端的兩個功能。第一個是 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Disposable email check\u003C\u002Fa>。它用來抓一次性信箱。這類信箱常被拿來洗註冊、薅試用、騙活動碼。\u003C\u002Fp>\u003Cp>第二個是 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Email risk\u003C\u002Fa>。它會把信箱分成 low、medium、high 三種風險等級。這很實際。因為你不用一刀切封鎖所有人。你可以對高風險帳號多做一步驗證，對低風險帳號少打擾。\u003C\u002Fp>\u003Cp>第三個是 \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F\" target=\"_blank\" rel=\"noopener\">Hashed User IDs\u003C\u002Fa>。它會把使用者名稱做雜湊，變成每個網域內穩定的識別碼。Cloudflare 說，它不會把明文 username 當成這個功能的一部分去記錄或儲存。這點很重要。因為很多安全工具一碰到使用者資料，就開始往隱私地雷區走。\u003C\u002Fp>\u003Cul>\u003Cli>Disposable email check 可抓一次性信箱。\u003C\u002Fli>\u003Cli>Email risk 分成 low、medium、high 三級。\u003C\u002Fli>\u003Cli>Hashed User IDs 會把 username 雜湊成穩定識別碼。\u003C\u002Fli>\u003Cli>Cloudflare 說不會記錄或儲存明文 username。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>這套東西建在什麼基礎上\u003C\u002Fh2>\u003Cp>Cloudflare 不是從零開始。它在 2024 年就把 leaked credential detection 開放給所有客戶，連 Free plan 都有。它也把 account takeover detection IDs 放進 bot management 架構裡。這次只是把零散功能串起來。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775198049052-gl2i.png\" alt=\"Cloudflare 加強帳號濫用防護\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這個串法很重要。因為單看 IP，現在真的不夠。住宅代理、行動網路、雲端跳板，外加 AI 輔助操作，都讓來源判斷越來越不準。你封一個 IP，對方可能 5 分鐘內就換 3 個。\u003C\u002Fp>\u003Cp>Cloudflare 的做法是把風險往帳號層拉。也就是說，它不只看來源，也看使用者行為。這對電商、金融、社群、SaaS 都有用。因為這些服務最怕的，不是某個 IP 很吵，而是同一個壞人一直換馬甲。\u003C\u002Fp>\u003Cblockquote>“The core question in this case is not ‘Is this automated?’ but rather ‘Is this authentic?’” — Jin-Hee Lee, Cloudflare\u003C\u002Fblockquote>\u003Ch2>和舊式防護比起來差在哪\u003C\u002Fh2>\u003Cp>傳統 bot 防護很會抓明顯自動化。像是固定節奏、異常標頭、怪異瀏覽器指紋。問題是，現在很多濫用看起來很像真人。甚至就是真人在幫忙操作。這時候只靠 bot 規則，命中率會掉。\u003C\u002Fp>\u003Cp>Cloudflare 這次把重點放在帳號本身。這代表它想把註冊、登入、風險分數、使用者識別，串成一條線。這條線比單點封鎖更實用。因為詐騙很少只靠一個訊號就得手。\u003C\u002Fp>\u003Cp>如果拿常見方案來比，大概是這樣：\u003C\u002Fp>\u003Cul>\u003Cli>\u003Cstrong>只看 IP\u003C\u002Fstrong>：擋噪音有效，但遇到代理輪換就很弱。\u003C\u002Fli>\u003Cli>\u003Cstrong>只看憑證\u003C\u002Fstrong>：能抓重複密碼，但抓不到假註冊。\u003C\u002Fli>\u003Cli>\u003Cstrong>看註冊風險\u003C\u002Fstrong>：能先擋掉試用濫用和活動碼濫領。\u003C\u002Fli>\u003Cli>\u003Cstrong>看使用者層識別\u003C\u002Fstrong>：能把同一個壞人跨裝置、跨地點串起來。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>這也解釋了為什麼數據很重要。Cloudflare 說它每天攔下 69 億次可疑登入。這代表問題量級已經很大。對企業來說，手動審核早就不夠用了。你需要的是可自動化的風險分層，不是客服人員一個一個翻。\u003C\u002Fp>\u003Ch2>產業現在為什麼特別需要這類工具\u003C\u002Fh2>\u003Cp>帳號濫用其實跟商業模式綁很緊。只要你的產品有註冊、有試用、有推薦獎勵，就會被盯上。假帳號不只會吃資源，還會污染資料。你之後看成效報表，可能會誤判行銷真的有效。\u003C\u002Fp>\u003Cp>這也是很多產品團隊現在很頭痛的地方。資料看起來漂亮，實際上是被刷出來的。這種情況下，安全不再只是防守。它也在保資料品質。對開發者來說，這件事很現實。因為你寫的演算法再好，輸入資料爛掉，一樣白搭。\u003C\u002Fp>\u003Cp>整體來看，Cloudflare 這次的方向，是把 fraud prevention 往更細的帳號層推。它不是只抓網路流量。它在抓行為、身份、註冊風險。這跟過去那種「看起來像 bot 就擋」的思路，差很多。\u003C\u002Fp>\u003Ch2>接下來你該看什麼\u003C\u002Fh2>\u003Cp>如果你有做登入、註冊、試用、推薦碼，這次更新很值得檢查。先看你能不能擋一次性信箱。再看你能不能替信箱或帳號做風險分數。最後看你能不能把異常行為綁到使用者，而不是只綁到 IP。\u003C\u002Fp>\u003Cp>我會直接下這個判斷：接下來 12 個月，帳號防護會更像身份風險分析，而不是傳統 bot 過濾。誰先把註冊風險和登入真實性做進產品流程，誰就比較不會被假帳號拖著跑。你如果現在還沒做，真的該排進 roadmap 了。\u003C\u002Fp>","Cloudflare 推出 Account Abuse Protection，鎖定假註冊、外洩憑證與帳號接管。官方稱近一週每天攔下 69 億次可疑登入，企業可先看風險分數與一次性信箱偵測。","blog.cloudflare.com","https:\u002F\u002Fblog.cloudflare.com\u002Faccount-abuse-protection\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775198039137-4jn5.png","tools","zh","927718e8-88af-44a1-9f32-a6422f4e44af",[17,18,19,20,21,22,23,24,25],"Cloudflare","帳號濫用","Fraud Prevention","Bot Management","外洩憑證","假註冊","Account Takeover","一次性信箱","風險分數",3,"2026-04-03T06:33:37.385059+00:00","2026-04-03T06:33:37.055+00:00",{"tags":30,"relatedLang":46,"relatedPosts":50},[31,34,37,38,39,41,42,43],{"name":32,"slug":33},"account takeover","account-takeover",{"name":35,"slug":36},"fraud prevention","fraud-prevention",{"name":24,"slug":24},{"name":25,"slug":25},{"name":17,"slug":40},"cloudflare",{"name":21,"slug":21},{"name":22,"slug":22},{"name":44,"slug":45},"bot management","bot-management",{"id":15,"slug":47,"title":48,"language":49},"cloudflare-account-abuse-protection-fraud-en","Cloudflare Adds Account Abuse Protection for Fraud","en",[51,57,63,69,75,81],{"id":52,"slug":53,"title":54,"cover_image":55,"image_url":55,"created_at":56,"category":13},"1a92ac0a-75ea-4877-874d-4a309cd0085b","nvidia-research-gpu-template-zh","NVIDIA 研究頁把 GPU 資源變模板","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780567412863-e8oq.png","2026-06-04T10:02:58.043845+00:00",{"id":58,"slug":59,"title":60,"cover_image":61,"image_url":61,"created_at":62,"category":13},"3ead09ec-5656-4165-9bb0-f602add3c409","qdrant-filter-first-rag-design-decoded-zh","Qdrant 讓 RAG 先過濾再找相似","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780566519640-bdds.png","2026-06-04T09:47:59.450347+00:00",{"id":64,"slug":65,"title":66,"cover_image":67,"image_url":67,"created_at":68,"category":13},"7b5e6965-307e-4492-bf65-d922cd7818ad","anthropic-code-review-tool-ai-generated-code-zh","Anthropic 讓 AI 程式變可審","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780563813320-5wc7.png","2026-06-04T09:02:56.999212+00:00",{"id":70,"slug":71,"title":72,"cover_image":73,"image_url":73,"created_at":74,"category":13},"bef47dbc-b0b4-439e-bae9-abe9473a321c","wei-shen-me-tether-ba-ben-di-ai-ji-yi-tui-jin-ri-chang-zhuan-zh","為什麼 Tether 把本地 AI 記憶推進日常裝置是對的","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780542170805-opi6.png","2026-06-04T03:02:19.599329+00:00",{"id":76,"slug":77,"title":78,"cover_image":79,"image_url":79,"created_at":80,"category":13},"d3ec03a8-a805-4a21-9826-72a74a72b625","databricks-model-serving-llm-deploy-guide-zh","Databricks Model Serving 讓 LLM 部署變簡單","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780525998117-7ur8.png","2026-06-03T22:32:51.005996+00:00",{"id":82,"slug":83,"title":84,"cover_image":85,"image_url":85,"created_at":86,"category":13},"4dd225a8-bf6c-4768-a486-a27956c7033d","opencode-digitalocean-model-freedom-zh","OpenCode+DigitalOcean 讓你切換模型","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780525116428-1q7g.png","2026-06-03T22:18:06.969758+00:00",[88,93,98,103,108,113,118,123,128,133],{"id":89,"slug":90,"title":91,"created_at":92},"855cd52f-6fab-46cc-a7c1-42195e8a0de4","surepath-real-time-mcp-policy-controls-zh","SurePath 推出即時 MCP 政策控管","2026-03-26T07:57:40.77233+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"9b19ab54-edef-4dbd-9ce4-a51e4bae4ebb","mcp-in-2026-the-ai-tool-layer-teams-use-zh","2026 年 MCP：團隊真的在用的 AI 工具層","2026-03-26T08:01:46.589694+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"af9c46c3-7a28-410b-9f04-32b3de30a68c","prompting-in-2026-what-actually-works-zh","2026 提示工程，真正有用的是什麼","2026-03-26T08:08:12.453028+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"05553086-6ed0-4758-81fd-6cab24b575e0","garry-tan-open-sources-claude-code-toolkit-zh","Garry Tan 開源 Claude Code 工具包","2026-03-26T08:26:20.068737+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"042a73a2-18a2-433d-9e8f-9802b9559aac","github-ai-projects-to-watch-in-2026-zh","2026 必看 20 個 GitHub AI 專案","2026-03-26T08:28:09.619964+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"a5f94120-ac0d-4483-9a8b-63590071ac6a","claude-code-vs-cursor-2026-zh","Claude Code 與 Cursor 深度對比：202…","2026-03-26T13:27:14.279193+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"0975afa1-e0c7-4130-a20d-d890eaed995e","practical-github-guide-learning-ml-2026-zh","2026 機器學習入門 GitHub 實用指南","2026-03-27T01:16:49.712576+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"bfdb467a-290f-4a80-b3a9-6f081afb6dff","aiml-2026-student-ai-ml-lab-repo-review-zh","AIML-2026：像課綱的學生實驗 Repo","2026-03-27T01:21:51.467798+00:00",{"id":129,"slug":130,"title":131,"created_at":132},"80cabc3e-09fc-4ff5-8f07-b8d68f5ae545","ai-trending-github-repos-and-research-feeds-zh","AI Trending：把 AI 資源收成一張表","2026-03-27T01:31:35.262183+00:00",{"id":134,"slug":135,"title":136,"created_at":137},"3ce6e6e2-bac5-463e-9f8d-45caabcc61f7","awesome-ai-for-science-research-tools-map-zh","AI 科研工具清單，開始像地圖了","2026-03-27T01:46:50.521945+00:00"]