Django 中的垃圾邮件防护计数器
我已经研究过最流行的 Django 命中计数器解决方案,但它们似乎都没有解决刷新按钮垃圾邮件的问题。
我是否真的需要记录每个访问者的 IP,以防止他们通过垃圾邮件刷新按钮(或编写一个快速而肮脏的脚本来人为地提高页面浏览量)对他们来说)?
更多信息
现在您可以使用以下几行 Python 代码来增加您的观看次数。 它是如此之小,以至于您实际上不需要编写脚本,您只需将其输入到交互式会话中即可:
from urllib import urlopen
num_of_times_to_hit_page = 100
url_of_the_page = "http://example.com"
for x in range(num_of_times_to_hit_page):
urlopen(url_of_the_page)
解决方案我可能会使用
对我来说,当您需要做很多事情时,这是一个非常艰难的情况在每个页面视图上写入数据库,但我想这是没有帮助的。 由于一些用户人为地增加了他们的观看次数,我将实施 IP 日志记录。 这并不是说他们是坏人,甚至不是坏用户。
查看有关解决缓存问题的答案...我将首先采用这条路线。 将更新结果。
就其价值而言,Stack Overflow 似乎正在使用 cookie(我无法增加自己的浏览次数,但当我在其他浏览器中访问该网站时,它会增加。)
我认为这样做的好处实在是太过分了,而且现在这种‘作弊’太容易了。
感谢大家的帮助!
I already looked at the most popular Django hit counter solutions and none of them seem to solve the issue of spamming the refresh button.
Do I really have to log the IP of every visitor to keep them from artificially boosting page view counts by spamming the refresh button (or writing a quick and dirty script to do it for them)?
More information
So right now you can inflate your view count with the following few lines of Python code. Which is so little that you don't really need to write a script, you could just type it into an interactive session:
from urllib import urlopen
num_of_times_to_hit_page = 100
url_of_the_page = "http://example.com"
for x in range(num_of_times_to_hit_page):
urlopen(url_of_the_page)
Solution I'll probably use
To me, it's a pretty rough situation when you need to do a bunch of writes to the database on EVERY page view, but I guess it can't be helped. I'm going to implement IP logging due to several users artificially inflating their view count. It's not that they're bad people or even bad users.
See the answer about solving the problem with caching... I'm going to pursue that route first. Will update with results.
For what it's worth, it seems Stack Overflow is using cookies (I can't increment my own view count, but it increased when I visited the site in another browser.)
I think that the benefit is just too much, and this sort of 'cheating' is just too easy right now.
Thanks for the help everyone!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
记录 IP 可能是最安全的。 它并不完美,但它比 cookie 更好,而且比要求注册更不会让用户烦恼。 也就是说,我建议不要费心将它们保存在数据库中。 相反,使用 Django 的 低级缓存框架< /a>. 键是 ip,值是一个简单的布尔值。 即使基于文件的缓存也应该相当快,但如果您确实预计流量很大,请使用 memchached 作为缓存后端。
像这样的东西应该有效:
Logging an IP is probably the safest. It's not perfect, but it's better than cookies and less annoying to users than requiring a signup. That said, I'd recommend not bothering with saving these in a DB. Instead, use Django's low-level caching framework. The key would be the ip and the value a simple boolean. Even a file-based cache should be pretty fast, though go with memchached as the cache backend if you really expect heavy traffic.
Something like this should work:
没有万无一失的方法可以防止有人人为夸大计数。 相反,您愿意花时间让他们更难这样做:
所以,最后,您只需要选择您想要的努力级别以防止用户滥用系统。
There is no foolproof way of preventing someone from artificially inflating a count. Rather, there's the extent to which you're willing to spend time making it more difficult for them to do so:
So, in the end, you just need to pick the level of effort you want to go to in order to prevent that users from abusing the system.
您可以在他们访问 cookie 时向他们发送一个 cookie,然后检查该 cookie。 仍然可以玩,但是有点难。
You could send them a cookie when they access it and then check for that cookie. It can still be gamed, but it's a bit harder.