使用随机名称字段进行输入以对抗垃圾邮件机器人
我正在考虑在注册表中使用随机输入名称。可以这样完成:
- 用户请求注册表格站点。
- 为输入字段创建随机名称并将其保存到用户会话中。
- 渲染表单并将其显示给用户。
我只是想知道这种方法是否给了我任何东西。如果会话驱动程序是一个 cookie - 它是 使用第三方库以最佳方式进行加密和保护,我认为足够保存。如果用户不排除 cookie,我可以拒绝注册。
为了删除 cookie 作为潜在的安全风险,我可以将会话存储在数据库中。这看起来更安全,但也可能使服务器过载(?)。
我的问题很简单。实现这样的功能有什么意义吗?
I'm considering using random input names for registration form. It would be done this way:
- User requests register form site.
- Create random names for input fields and save them to user's session.
- Render form and display it to the user.
I just wonder if that method gives me anything. If session driver is a cookie - it's
encrypted and secured in the best possible way using third party library which I consider as save enough. If user don't except cookies I can refuse registration.
To remove cookies as potential security risk I can store sessions in database. This seems more secure but also might overload the server(?).
My question is quite simple. Is there any sense to implement such feature?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
标准方法是有一个隐藏的文本字段。这是一个 type=text 的字段,但应用了 CSS 规则,因此它是不可见的。
标记:
CSS:
PHP:
其工作方式非常简单。普通用户永远不会看到您的隐藏文本字段,因为 CSS 规则会将其隐藏。因此,真正的用户永远不会填写它。
然而,大多数垃圾邮件机器人并不了解 CSS。他们只是解析表单标记,然后看到一个似乎需要填写的文本字段。因此他们用一些随机数据填充该字段。因为普通用户永远看不到的表单字段已被填写,这意味着您可能正在与机器人打交道。
不要为此使用 input type=hidden,因为大多数垃圾邮件机器人都足够聪明,能够注意到它们并忽略它们。
The standard approach is to have a hidden text field. That is a field with type=text, but with CSS rules applied to it so that it's invisible.
markup:
CSS:
PHP:
The way this works is quite simple. A normal user will never see your hidden text field because CSS rules will keep it hidden. therefore a real user will never fill it out.
However, most spambots aren't aware of CSS. They just parse the form markup and they see a text field that appears to need filling out. So they fill the field out with some random data. Because a form field that should never be seen by a normal user has been filled out, this means you're probably dealing with a bot.
Don't use input type=hidden for this, because most spambots are smart enough to notice them and ignore them.
有点晚了,但我已经创建了一个类文件,它完全满足您的需要,您可以在此处找到它。
您只需通过函数示例传递表单名称即可。
提交表单后,一旦您创建其对象,它就会使用适当的数据填充
$_POST['fieldName']。A little late but I have created an class file which does exactly what you need you can find it here.
You just need to pass the name of the form through a function example.
and once the form is submitted it will populate
$_POST['fieldName']with appropriate data as soon as you create its object.尝试根据已知的垃圾邮件发送者列表检查 IP,这非常有效。很好的例子是 Botscout 和 已拦截垃圾邮件。我两种都尝试过,他们减少了我的垃圾邮件发送者机器人注册。
Try checking the IP against known spammers lists, it's very effective. Good examples would be Botscout and Spambusted. I've tried both, and they reduced my spammer bot registrations.