如何验证机器人是否正在输入信息

发布于 2024-07-30 12:29:24 字数 183 浏览 8 评论 0原文

我有一个网络表单,用户填写该表单并将信息发送到服务器并存储在数据库中。 我担心机器人可能只是填写表格,而我最终会得到一个充满无用记录的数据库。 如何防止机器人填写我的表格? 我在想也许类似于 Stackoverflow 的机器人检测,如果它认为你是机器人,它会要求你验证你不是。 是否有 Perl、Java 或 PHP 语言的服务器端 API?

I have a web form which the users fill and the info send to server and stored on a database. I am worried that Robots might just fill in the form and I will end up with a database full of useless records. How can I prevent Robots from filling in my forms? I am thinking maybe something like Stackoverflow's robot detection, where if it thinks you are a robot, it asks you to verify that you are not. Is there a server-side API in Perl, Java or PHP?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

垂暮老矣 2024-08-06 12:29:24

有几种解决方案。

  1. 使用验证码。 据我所知,SO 使用 reCAPTCHA

  2. 向您的表单添加一个额外的字段并使用 CSS 隐藏它(display:none)。 普通用户不会看到此字段,因此不会填写它。 您在提交时检查该字段是否为空。 如果没有,那么您面对的机器人已经仔细填写了所有表单字段。 这种技术通常被称为“蜜罐”。

  3. 添加 JavaScript 计时器功能。 在页面加载时,它的初始值为零,然后随着时间的推移而增加。 普通用户会阅读并填写您的表单一段时间,然后才提交。 机器人收到表格后会立即填写并提交。 您检查提交时该值是否与零相差很大。 如果有,那么它可能是真正的用户。 如果您只看到几秒钟(甚至由于机器人不执行 JavaScript 而根本看不到任何值),那么它很可能是一个机器人。 然而,只有当您决定要求用户启用 JavaScript 才能执行“写入”操作时,这才有效。

当然还有其他技术。 但这些都是非常简单有效的。

There are several solutions.

  1. Use a CAPTCHA. SO uses reCAPTCHA as far as I know.

  2. Add an extra field to your form and hide it with CSS (display:none). A normal user would not see this field and therefore will not fill it. You check at the submission if this field is empty. If not, then you are dealing with a robot that has carefully filled out all form fields. This technique is usually referred to as a "honeypot".

  3. Add a JavaScript timer function. At the page load it starts a value at zero and then increases it as time passes. A normal user would read and fill out your form for some time and only then submit it. A robot would just fill out and submit the form immediately upon receiving it. You check if the value has gone much from zero at the submission. If it has, then it is likely a real user. If you see just a couple of seconds (or even no value at all due to the robots not executing JavaScript) then it is likely a robot. This will however only work if you decide you will require your users have JavaScript on in order to perform "write" operations.

There are other techniques for sure. But these are quite simple and effective.

坚持沉默 2024-08-06 12:29:24

您可以使用 reCAPTCHA (与 stackoverflow 相同) - 他们有 多种编程语言的库

You can use reCAPTCHA (same as stackoverflow) - they have libraries for a number of programming languages.

简单爱 2024-08-06 12:29:24

我一直更喜欢蜜罐验证码(phil haack 的文章 ),因为它对用户的侵入较小。

I've always preferred Honeypot captcha (article by phil haack), as its less invasive to the user.

很酷不放纵 2024-08-06 12:29:24

验证码带来了可访问性问题,最终会被软件识别打败。

我建议阅读此关于机器人陷阱的短文,其中包括隐藏字段,正如 Matthew Vines 和 New intown 已经建议的那样。

无论如何,您仍然可以自由使用验证码和机器人陷阱。

Captchas bring accessibility problems and will be ultimately defeated by software recognition.

I recommand the reading of this short article about bot traps, which include hidden fields, as Matthew Vines and New in town already suggested.

Anyway, you are still free to use both captcha and bot traps.

音盲 2024-08-06 12:29:24

验证码很棒。 您可以做的另一件事是验证字段,这将阻止 99% 的机器人流量,但又不会惹恼您的用户。

在我的网站上,我检查邮政编码和电话号码等字段中的文本。 这消除了所有非目标机器人的错误信息。

CAPTCHA is great. The other thing you can do that will prevent 99% of your robot traffic yet not annoy your users is to validate fields.

My site, I check for text in fields like zip code and phone number. That has removed all of the non-targeted robot misinformation.

梦醒灬来后我 2024-08-06 12:29:24

您可以创建一个两步系统,用户填写表单,但随后必须回复电子邮件以在设定的时间段(例如 24 小时)内“激活”记录。

在后端,您可以将所有表单提交放入当前表中,而不是将它们放入临时表中,该临时表会自动删除早于您的时间分配的任何行。 除非您有严重的机器人问题,否则我认为该表不会变得那么大,特别是如果第一个表单只有几个字段。

这种方法的好处是您不必使用验证码或其他可能会产生一些可访问性问题的技术。

You could create a two-step system in which a user fills the form, but then must reply to an e-mail to "activate" the record within a set period of time - say 24 hours.

In the back end, instead of populating your current table with all the form submissions, you could put them into a temporary table that automatically deletes any row that is older than your time allotment. Unless you have a serious bot problem, then I would think that the table wouldn't get that big, especially if the first form is just a few fields.

A benifit of this approach is that you don't have to use captcha or some other technology like that that might create some accessibility problems.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文