问题描述
我有一个网站,我有一个工作部分.我允许申请人在线填写工作申请.无需登录.输入的数据存储在数据库中.
我没有在 HTML 表单中放置任何验证码或机器人阻止机制.我明白这是一件愚蠢的事情.但我的网站很小,我没有花太多时间来编程.
我每隔一段时间就会看到像下面这样的申请表字段中的垃圾输入:
yRERRCEXEUOMCew
有时数据中的城市"字段会有一个有效的输入(例如纽约)
我试图了解这些输入来自哪里以及任何人通过这样做会获得什么.
谢谢
它来自垃圾邮件机器人,他们只是提交随机信息来检查它是否是工作表单或可以发送电子邮件等.如果您正在寻找一种防止垃圾邮件机器人提交虚假数据的非侵入性方法(即没有 CAPTCHA 或 JavaScript),我强烈建议限制表单提交.如果您使用的是 PHP,则可以使用如下代码:
//将表单绑定到特定用户所需的会话session_start();//这里处理表单if ( isset($_POST['submit']) ){$现在=时间();//查看当前时间减去开始时间是否小于等于5秒if ( ( $now - $_SESSION['start_time'] )注意:这不会阻止专用机器人,也不会提供任何真正的安全性.但它会停止自动洪水机器人,因为它们通常不会在提交之间等待 5 秒.
希望这会有所帮助.
I have a website where I have a job section. I allow applicants fill out job applications online. No login is required. The data input gets stored in a database.
I have NOT put any captcha or bot blocking mechanism in the HTML form. I understand that this is a dumb thing to do. But mine is a small website and I did not spend too much time programming this.
I see every once in a while garbage inputs into the application form fields like the following:
yRERRCEXEUOMCew
Some times the 'City' field in the data would have a valid input (such as New York)
I am trying to understand where does this input come from and what would anyone gain by doing this.
Thanks
It comes from spam bots and they just submit random information to check to see if it is a working form or can send email, etc. If you are looking for a non-intrusive method (i.e. no CAPTCHA or JavaScript) to prevent spam bots from submitting bogus data, I would highly recommend throttling form submissions. If you are using PHP, you could use code like this:
// Sessions needed to tie forms to specific users session_start(); // Process form here if ( isset($_POST['submit']) ) { $now = time(); // See if the current time less the start time is less than or equal to 5 seconds if ( ( $now - $_SESSION['start_time'] )
Note: this will not stop dedicated bots nor will it provide any real security. It will stop automatic flood bots though since they will not normally wait 5 seconds between submissions.
Hope this helps.
这篇关于通过机器人将不需要的垃圾输入到 HTML 表单中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!