基于评论内容的Javascript垃圾邮件预防
请帮我。最近,我收到了很多评论,这些评论没有以任何方式处理发布的内容,而只是表明评论的基数。
我想在这些评论发布之前通过使用 Javascript 函数来阻止它们,在提交之前检查它们是否是垃圾邮件。
这就是我的想法。
var postHTMLContent = "...";
function isSpamComment(comment, index)
{
if (index == 0 && comment == 'first')
return true;
else
return false;
}
它有效(没有误报),但让许多其他类似的不相关的评论通过。如果他们只是拼错了“first”或者弄错了评论的基数,它甚至会失败。
是否有更通用的功能可以阻止通过的东西?没有服务器端的内容,也没有正则表达式。
Please help me. Recently I've been getting lots of comments that don't address the posted content in any way, instead only indicating the cardinality of the comment.
I would like to stop these comments before they are posted by using a Javascript function to check if they are spam before submitting them.
Here's what I came up with.
var postHTMLContent = "...";
function isSpamComment(comment, index)
{
if (index == 0 && comment == 'first')
return true;
else
return false;
}
It works (no false positives) but lets a lot of other, similarly irrelevant comments through. It even fails if they simply misspell 'first' or get the cardinality of their comment wrong.
Is there a more general function that would stop the stuff that makes it through? Nothing server-side please, and no regexes.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
垃圾邮件发送者会绕过您阻止他们的 JavaScript 尝试。
您想要延迟评论以允许审核,或者通过服务器端的一些健全性测试来运行它。
如果可以的话,像 StackOverflow 那样做,让社区本身来帮助保护系统。如果用户发布了令人反感或愚蠢的内容,请让其他人将其标记为审核,或者如果他们是“权力”/“受信任”用户,则将其删除。
Spammers will get around your JavaScript attempts to block them.
You want to either delay comments to allow moderation or run it through some sanity tests server side.
If you can, do as StackOverflow does and allow the community itself to help protect the system. If a user posts something distasteful or stupid, let the others flag it for moderation, or delete it if they are "power"/"trusted" users.
对于这个问题来说,JavaScript 解决方案确实不是一个很好的答案。如果有人想发布他们的“第一条”评论,他们可以禁用 javascript,如果您没有任何服务器端验证,垃圾邮件仍然会到达该网站。 JavaScript 的第二个不好的原因是用户可以看到你认为是垃圾邮件的单词,然后自我感知它们(首先......等等)。话虽如此,如果您可以通过多种不同的方式进行更多启发式垃圾邮件检测,我将在下面详细说明:
列入黑名单的术语 - 有点像您的示例,如果您这样做:
您可以弄清楚是否评论包含一个术语...而不仅仅是等于整个内容。老实说,就内容检测而言, no regex 子句确实对您造成了伤害,但这至少应该让您获得用户输入内容中的基本短语。但这并不是万无一失的,因为您最终可能会遇到这样的情况:您对“经典”之类的词出现误报:)
评论长度 - 考虑到任何少于 50 个字符的内容都可能会被误报没有建设性...这不会阻止人们“首先!!!!!!!!!!!!!!!!!!!!!!!!!!!...你明白了“不过要打破你的过滤器。一定要修剪用户输入周围的空白区域,以帮助确保它更安全。
这些只是一些基本想法,但老实说,仅仅在客户端修复此问题是没有意义的。巨魔就是巨魔,如果服务器不愿意备份客户端的规则,他们总是会试图绕过你的脚本。
话虽这么说。评论批准/审核是确保您想要的内容显示在您的网站上的唯一可靠方法,老实说,当尝试参与在线对话时,这并不是一个很好的用户体验。它确实应该只在需要保护人们免受内容侵害的环境中使用(例如,如果您正在开发一些面向儿童的产品页面)。
Really a JavaScript solution isn't a very good answer for this problem. If someone wants to post their 'first' comment they can just disable javascript and if you don't have any server side validation the spam will still reach the site. The second bad reason for javascript is that users can see what words you consider spammy and just self sensor them (f!rst...etc). That being said if there are many different ways you could do some more heuristic spam detection which I will detail below:
black listed terms - sort of like your example, if you do:
you can figure out if a comment contains a term...not just is equal to the entire content. honestly the no regex clause is really hurting you in terms of what you can do with content detection but this should at least get you basic phrases within what a user types. This isn't fool proof though as you might end up with a situation where you get false positives for words like 'Classic' :)
comment length - consider the fact that anything less than 50 characters or so might not be constructive...that won't stop people from going "first!!!!!!!!!!!!!!!!!!!!!!!!!!!...you get the idea" to break your filter though. Definitely trim the white space around the user input to help ensure it is a little more secure.
Those are just a few basic ideas but honestly there is no point is doing just a fix for this on the client side. Trolls will be trolls and will always try to find away around your script if the server isn't willing to back up the client's rules.
That being said. Comment approval/moderation is the only sure fire way to ensure the content you want shows up on your site and honestly that is not a very good user experience when trying to take part in a dialogue online. It really should only be used in an environment where you need to protect people from content (like maybe if you are working on some product page marketed to kids).
您可以不断添加新的“禁止评论”,但您的用户总是会绕过它们。
如果你想保持它没有垃圾邮件,你有两种选择,其中只有第二种是可行的:
当然,这是假设垃圾邮件或噪音评论来自您的人类读者。如果您试图阻止自动垃圾邮件,那么这在技术上是可行的,请参阅CAPTCHAs。
You can keep adding new "banned comments", but your users will always get around them.
If you want to keep it spam free you have two alternatives, of which only the second one is viable:
This is of course assuming spam or noise comments are from your human readers. If you are trying to stop automated spam then it's technically possible, see CAPTCHAs.