问题描述
我正在尝试提出一种足够好的反垃圾邮件机制来防止自动生成的输入.我读过像验证码、1+1=?东西运行良好,但它们也提出了一个额外的步骤,阻碍了应用程序的免费快速使用(我不是在寻找类似的东西).
I'm trying to come up with a good enough anti-spamming mechanism to prevent automatically generated input. I've read that techniques like captcha, 1+1=? stuff work well, but they also present an extra step impeding the free quick use of the application (I'm not looking for anything like that please).
我尝试在所有表单中设置一些隐藏字段,使用 display: none;
但是,我确信可以配置一个脚本来跟踪该表单字段 ID,而只是不填写它.
I've tried setting some hidden fields in all of my forms, with display: none;
However, I'm certain a script can be configured to trace that form field id and simply not fill it.
您是否实施/知道一种很好的反自动填表机器人方法?是否可以通过 HTML 和/或服务器端处理无缝地完成某些事情,并且(几乎)是防弹的?(没有 JS 可以简单地禁用它).
Do you implement/know of a good anti automatic-form-filling-robots method? Is there something that can be done seamlessly with HTML AND/OR server side processing, and be (almost) bulletproof? (without JS as one could simply disable it).
为此我尽量不依赖会话(即计算按钮被点击的次数以防止过载).
I'm trying not to rely on sessions for this (i.e. counting how many times a button is clicked to prevent overloads).
推荐答案
一种易于实施但并非万无一失(尤其是针对特定"攻击)的反垃圾邮件解决方案是跟踪表单提交之间的时间和页面加载.
An easy-to-implement but not fool-proof (especially on "specific" attacks) way of solving anti-spam is tracking the time between form-submit and page-load.
机器人请求页面,解析页面并提交表单.这很快.
Bots request a page, parse the page and submit the form. This is fast.
人类输入 URL,加载页面,等待页面完全加载,向下滚动,阅读内容,决定是否评论/填写表单,填写表单需要时间,然后提交.
Humans type in a URL, load the page, wait before the page is fully loaded, scroll down, read content, decide wether to comment/fill in the form, require time to fill in the form, and submit.
时间上的差异可能很微妙;以及如何在没有 cookie 的情况下跟踪这个时间需要某种方式的服务器端数据库.这可能会影响性能.
您还需要调整阈值时间.
The difference in time can be subtle; and how to track this time without cookies requires some way of server-side database. This may be an impact in performance.
Also you need to tweak the threshold-time.
这篇关于如何防止机器人自动填表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!