使用 Referrer 代替验证码?
考虑 form.php
和 process.php
。 captcha 的作用是检查表单是否已从 form.php
提交或直接 POST
到 process.php
。一种简单的方法是检查 Referrer
,如果实际的 Referrer
不是 form.php
,则阻止处理。
这种方法通常不被使用,其主要问题是什么?
垃圾邮件发送者机器人是否可以从 form.php
发送表单以将其作为 Referrer
?
此方法可以稍微阻止垃圾邮件帖子(如果不能完全阻止)吗?
Consider form.php
and process.php
. What captcha does is to check if the form has been submitted from form.php
or directly POST
ed to process.php
. A simple way is to check the Referrer
and prevent processing if the actuall Referrer
is not form.php
.
What can be the main problem for this method, as it is not normally used?
Is it possible for a spammer bot to send the form from form.php
to have it as the Referrer
?
Can this method slightly stop spam posts (if not completely)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Referer 是一个可选的 HTTP 请求标头,有时出于隐私考虑而被禁用(有时为了廉价的隐私而被垃圾覆盖,有时为了隐私软件而被广告覆盖)。
您不应假设 Real Users™ 会发送它。
很容易。如果大部分垃圾邮件机器人尚未设置它,我会感到惊讶。
The referer is an optional HTTP request header that is sometimes disabled for privacy (and sometimes overwritten with junk for cheap privacy, and sometimes overwritten with adverts for privacy software).
You should not assume that Real Users™ will send it.
Very easily. I'd be surprised if a large proportion of spambots didn't set it already.
Referrer 可以很简单地伪造,因为它只是一个 HTTP 标头。因此,这将阻止坚定的垃圾邮件发送者 5 分钟。
The Referrer can be faked trivially, as it's simply a HTTP header. So this would stop a determined spammer for all of 5 minutes.