当前位置: 文江博客话题详情

替代验证码方法

发布于 2024-08-05 19:45:43 字数 358 浏览 3 评论 0原文

我在这里寻找灵感。我需要为我的网站采用某种人工验证,但目前最常见的方法(要求用户将他们在图像中看到的字母和数字输入到文本输入框中)似乎有点垃圾 - I有时很难弄清楚字母和数字的含义。数字是。

一定有更好的办法!

我有一些想法,最好的一个似乎是向用户展示一系列图像(4-6),并要求他们根据图像的内容回答问题,例如:(

显示一些几何形状)“哪个图像有 3 个边?”

(出示动物图片)“哪种动物会飞?”

这样做的优点是易于编程,并且希望易于通过。

谁能想到解决这个问题的其他方法吗?或者可能发现上述系统中的缺陷?是否有可能让这样的系统既更容易人类通过,又更难让机器人通过?

原文

I'm looking for inspiration here. I need to employ some sort of human verification for my website, but the most common method these days (asking users to type the letters & numbers they see in an image into a text input box) seems a little rubbish - I find it hard sometimes to work out what the letters & numbers are.

There must be a better way!

I've had a few ideas, the best one seems to be to show users a series of images (4-6), and ask them to answer a question based on the contents of the images, such as:

(show some geometric shapes) "Which image has 3 sides?"

or

(show picture of animals) "which animal can fly?"

This has the advantage of being easy to program, and hopefully easy to pass.

Can anyone think of any other approaches to this problem? Or possibly spot flaws in the system outlined above? Is it possible to make such systems both easier for humans to pass, and harder for bots to pass?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

少女七分熟 2024-08-12 19:45:43

虽然它有点旧,但我确实发现 KittenAuth 是一种有趣(并且可能非常有效)的验证码方法。不过,他们的联系页面上似乎只有一个演示

基于纯图像的方法(与文本图像相反)的问题在于,您基本上是在阻止盲人用户使用您的网站。 KittenAuth 作者在其网站上的一条评论中承认了这一点。

作为 KittenAuth 的一个有趣的小骑手,此页面有“10有史以来最糟糕的验证码”,包括我最喜欢的验证码之一:

calculus captcha

Although it's a bit old, I really found KittenAuth to be an amusing (and probably very effective) captcha approach. There only seems to be one demo on their contact page, though.

The problem with pure-image based approaches (as opposed to textual images) is that you are basically preventing blind users from using your site. The KittenAuth author acknowledged this on one of the comments on his site.

As a funny little rider to KittenAuth, this page has "10 of the worst captchas of all time," including one of my favorites:

calculus captcha

回复 原文
许一世地老天荒 2024-08-12 19:45:43

尝试使用问题挑战系统,其中一个简单的问题需要简单的认知反应。例如,要求用户回答以下示例问题:

街上的三辆车可以看到另外三辆车。总共有多少辆汽车?

技术还没有先进到带宽敏感机器人能够回答这样的问题,但这个问题很容易回答。用户必须输入三或三个来验证他们是人而不是机器。您必须拥有足够多的问题库,这样机器人就不会简单地对您的网站进行 ping 操作,查看要记录的问题,以便它可以返回手头的答案。

Try using a question challenge system where a simple question demands a simple cognitive response. For example ask a user to answer the following example question:

Three cars on the street can see three more cars. How many total cars are there?

Technology is not so advanced that a bandwidth sensitive bot is capable of answering such a question and yet the question is easy to answer. A user must enter three or 3 to verify they are a human and not a machine. You would have to have a large enough bank of questions that a bot would not simply ping your site looking at questions to record so that it may return with answers in hand.

回复 原文
萌逼全场 2024-08-12 19:45:43

我特别喜欢“哪种动物会飞”的例子。简单&有效的。

但这种事情可能会被滥用。赋予它一种文化偏见——或者一种可感知的偏见并不困难。

而且,正如 奥斯汀·切尼 所示,它很容易成为一种智力测试,而且你会遇到可访问性问题。

I particularly like the "which animal can fly" example. Simple & Effective.

But this kind of thing could be abused. It wouldn't be difficult to give it a cultural bias — or a perceived one.

And, as austin cheney showed, it could easily become a sort of intelligence test, and you would have an Accessibility problem.

回复 原文
故事还在继续 2024-08-12 19:45:43

尝试使用基于 ajax 的提交过程,该过程通过单击普通按钮(不是提交按钮)触发,使用 jQuery 非常简单。

据我所知,垃圾邮件机器人没有 JavaScript。

如果您担心未启用 JavaScript 的用户,我认为让他们无法提交表单是完全可以的。如果他们不信任您在您的网站上启用了 javascript,那么他们无法充分利用该网站并不是您的错。

编辑:

另请参阅: 实用的非基于图像的验证码方法?

但问题,如果有人故意针对您的网站,这种技术将不起作用。

编辑2:

我无法提供现实生活中示例的链接,但我 博客对此有更多详细信息,因此这里有一些示例代码:

function submit_form()
{
    jQuery.ajax({
      "type": "POST", // or GET
      "url": 'action_url', // The url you wish to send the data to, the url you'd put in the "action" attribute on the form tag
      "data": jQuery("form#the-form").serialize(), // The data you'll send. You need to get the form somehow. Easiest way is to give it an id.
      "dataType": "json", // Only put this if the server sends the response in json format
      "success": function(data, textStatus) // server responded with http status 200
        {
            // This is the happy case: server response has arrived
        },
      "error": function(req, textStatus, errorThrown) // maybe HTTP 404 or HTTP 500
        {
            // something went wrong, the response didn't go through or the response didn't come. Handle the situation: let the user know, or something.
        },
      "complete": function(req, textStatus) // This one always gets called anyway
        {
            // cleanup after yourself
        }   // XXX careful: if you put a comma here, IE6 will fail
      });
}

Try using an ajax based submission process that's triggered by clicking a normal button (not a submit button), it's really easy with jQuery.

As far as I can tell, spambots don't have javascript.

If you're worried about users without javascript enabled, I think it's perfectly ok to have them unable to submit the form. If they can't trust you to enable javascript on your site, it's not your fault that they can't use the website to its fullest extent.

EDIT:

Also see: Practical non-image based CAPTCHA approaches?

The problem though, if someone is targeting your site purposely, this kind of technique won't work.

EDIT2:

I can't provide a link to a real life example, but I blogged about it with a bit more details, so here's some sample code:

function submit_form()
{
    jQuery.ajax({
      "type": "POST", // or GET
      "url": 'action_url', // The url you wish to send the data to, the url you'd put in the "action" attribute on the form tag
      "data": jQuery("form#the-form").serialize(), // The data you'll send. You need to get the form somehow. Easiest way is to give it an id.
      "dataType": "json", // Only put this if the server sends the response in json format
      "success": function(data, textStatus) // server responded with http status 200
        {
            // This is the happy case: server response has arrived
        },
      "error": function(req, textStatus, errorThrown) // maybe HTTP 404 or HTTP 500
        {
            // something went wrong, the response didn't go through or the response didn't come. Handle the situation: let the user know, or something.
        },
      "complete": function(req, textStatus) // This one always gets called anyway
        {
            // cleanup after yourself
        }   // XXX careful: if you put a comma here, IE6 will fail
      });
}
回复 原文
~没有更多了~

关于作者

一梦浮鱼

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文