我正在尝试提出一种足够好的反垃圾邮件机制,以防止自动生成输入.我已经读过验证码,1 + 1 =?东西工作正常,但是它们还提出了一个额外的步骤,阻碍了该应用程序的免费快速使用(我不是在寻找类似的东西).
I'm trying to come up with a good enough anti-spamming mechanism to prevent automatically generated input. I've read that techniques like captcha, 1+1=? stuff work well, but they also present an extra step impeding the free quick use of the application (I'm not looking for anything like that please).
我尝试使用display: none;在所有表单中设置一些隐藏字段 但是,我确定可以将脚本配置为跟踪该表单字段ID,而不必填写它.
I've tried setting some hidden fields in all of my forms, with display: none; However, I'm certain a script can be configured to trace that form field id and simply not fill it.
您是否实施/知道了一种良好的反自动表格填充机器人方法?有什么可以通过HTML AND/OR服务器端处理无缝完成的,并且(几乎)是防弹的吗? (如果没有JS,可以将其禁用).
Do you implement/know of a good anti automatic-form-filling-robots method? Is there something that can be done seamlessly with HTML AND/OR server side processing, and be (almost) bulletproof? (without JS as one could simply disable it).
为此,我试图不依赖会话(即计算单击按钮的次数以防止过载).
I'm trying not to rely on sessions for this (i.e. counting how many times a button is clicked to prevent overloads).
推荐答案一种易于实施但并非万无一失的解决反垃圾邮件的方法(特别是针对特定"攻击)正在跟踪提交表单之间的时间和页面加载.
An easy-to-implement but not fool-proof (especially on "specific" attacks) way of solving anti-spam is tracking the time between form-submit and page-load.
机器人请求页面,解析页面并提交表单.这样很快.
Bots request a page, parse the page and submit the form. This is fast.
人类键入URL,加载页面,等待页面完全加载,向下滚动,阅读内容,决定是否评论/填写表格,需要时间填写表格并提交.
Humans type in a URL, load the page, wait before the page is fully loaded, scroll down, read content, decide wether to comment/fill in the form, require time to fill in the form, and submit.
时间差可能很小.以及如何在不使用cookie的情况下跟踪这段时间需要某种方式的服务器端数据库.这可能会影响性能. 另外,您需要调整阈值时间.
The difference in time can be subtle; and how to track this time without cookies requires some way of server-side database. This may be an impact in performance. Also you need to tweak the threshold-time.
更多推荐
如何防止机器人自动填写表格?
发布评论