简单& 减少基本形式的垃圾邮件:检查 Javascript?
我正在努力减少我们网站上的表单垃圾邮件。 (实际上是最近的)。
我似乎记得在某处读到垃圾邮件发送者没有在网站上执行 Javascript。
真的吗? 如果是这样,那么您是否可以简单地检查 javascript 是否被禁用,然后判断它可能是垃圾邮件?
I'm trying to reduce the form spam on our website. (It's actually pretty recent).
I seem to remember reading somewhere that the spammers aren't executing the Javascript on the site.
Is that true?
And if so, then could you simply check for javascript being disabled and then figure it's likely that it's spam?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
仍然有大量的人在关闭 Javascript 的情况下运行。
另外,我在使用 CSS 阻止垃圾邮件方面取得了相当大的成功。 基本上,包括一个使用 CSS 隐藏的输入字段和标签(
display: none;),提交后,检查该字段中是否输入了任何内容。我通常将该字段标记为垃圾邮件过滤器,并指示不要在该字段中放置任何内容,但所有较新的浏览器都会正确隐藏该块。
reCAPTCHA 也非常容易实现。
There are still a large number of people that run with Javascript turned off.
Alternatively, I have had decent success with stopping form spam using CSS. Basically, include an input field and label that is hidden using CSS (
display: none;) and once submitted, check if anything has been entered in the field.I generally label the field as a spam filter with an instruction to not put anything in the field, but all newer browsers will properly hide the block.
reCAPTCHA is also surprisingly easy to implement.
检查 http://kahi.cz/wordpress/ravens-antispam-plugin/ 一个很好的答案,
如果输入
那么 javascript 用户什么也看不到,非 js 用户只需输入一个单词,
如果垃圾邮件发送者专门针对您,他们不会花很长时间来编码它,但对于垃圾邮件发送者的驱动来说,这应该很好
check http://kahi.cz/wordpress/ravens-antispam-plugin/ for a nice answer
if puts in
so javascript users see nothing, non js users just type in a word
if a spammer targets you specifically it won't take them long to code round it but for drive by spammers it should be good
同样,添加虚拟字段然后使用 CSS 隐藏它是欺骗机器人的好方法。 如果提交了该字段,您就知道可能是非人类完成了该表单。
如果您按照 URL 或 网站 的方式标记/命名字段,则特别有效。
In the same vein, adding a dummy field and then using CSS to hide it is a good way to trick the bots. If the field is submitted, you know a non-human probably completed the form.
Especially effective if you label/name the field something along the lines of URL or website.
您可以检查 - 让 JavaScript 在页面加载后使用特定值填充隐藏表单字段。 然后,当页面回发到服务器时,检查隐藏表单字段的预期值。 如果它不存在,则意味着 JavaScript 未执行。
至于您是否应该假设它是垃圾邮件完全是另一回事,并且确实没有确定的答案。 您可以简单地使用
标记,并让它向用户表明,除非他们启用 JavaScript,否则他们的提交不会被接受。然而,一旦 JavaScript 运行,垃圾邮件发送者就会使用另一种解决方法。 :)
You could check - have JavaScript that populates a hidden form field with a specific value after the page loads. Then, when the page posts back to the server, check that hidden form field the expected value. If it is not there, that means the JavaScript didn't execute.
As to whether you should assume it is spam is another story altogether, and one that has no certain answer, really. You could simply have a
<noscript>tag and have it indicate to the user that their submission will not take unless they enable JavaScript.Once you have JavaScript running, however, the spammers will just use another workaround for that. :)
你有这样的运气吗? 我认为一些基于文本的浏览器已经实现了基本的 JavaScript 支持,所以也许垃圾邮件机器人也有?
否则,我正在考虑为没有 JavaScript 的用户使用验证码,并为其他用户使用一些自动 JavaScript 检查。
Did you have any luck with this? I think some text based browsers have implemented basic JavaScript support, so maybe spam bots have as well?
Otherwise I'm considering using a captcha for users without JavaScript and some automatic JavaScript check for other users.
我不记得在哪里见过这种方法,但垃圾邮件机器人喜欢填写表格。 您是否考虑过放置一个用 JavaScript 隐藏的表单字段(并表示如果用户没有 JavaScript,则不要填写此字段)。 这样,如果此字段填写了某些内容,您可以将其视为垃圾邮件而忽略。
I can't remember where I've seen this method but spam bots like to fill out forms. Have you considered putting a form field that is hidden with javascript (and says don't fill this field if the user doesn't have JavaScript). This way if something fills in this field you can ignore it as spam.