阻止用户启动多个帐户? [英] Prevent users from starting multiple accounts?
问题描述
我知道最终不可能完成。
但是,有什么选择:
a)限制人们创建多个帐户的选项,
b)增加检测多个帐户/人的机会
类似博客的Web服务?
(人们可以注册自己的博客) )
更新:
我认为限制选项已经很好地回答了。 (没有可靠的方法,但是我们可以提高标准)
但是,我仍然想知道还有哪些其他选项可以检测多个帐户?
我假设您是在谈论免费服务?我想不出任何没有严重缺陷或失败的方法。设置cookie,需要唯一的电子邮件地址之类的事情很容易被破坏。
要求唯一的IP地址并非万无一失,但在某种程度上可以奏效。
最好的方法是收费或要求人们提供某种个人信息,例如真实的您验证的姓名/电话/地址,或抄送号码,但这是侵入性的(那么,也许您只希望愿意提供此类信息的认真用户)。
我想我会回答这个问题,然后问为什么不让人们拥有多个帐户?
还有其他一些缓解方法不管您的潜在原因是什么,即,如果您担心许多孤立的博客,都可以扫描一段时间不活动并禁用它们,或者至少安排它们被人类查看。如果您担心垃圾博客,可以定期扫描所有博客内容中的垃圾内容。如果您担心机器人,并使用诸如WordPress之类的通用软件,请更改表单变量的名称并以其他方式保护您的表单不受机器人的攻击。</ p>
一定要考虑其他解决问题的方法,因为如果像Blogger这样的典型免费服务,您将无法阻止人们注册多个帐户。
用于检测多个帐户一个人创建一个帐户,您需要做的第一件事是拥有一个日志文件,该文件存储有关每个用户登录名的完整数据(用户名,时间戳,IP,用户代理等),您可以在以后进行分析。我将列出一些需要注意的事项,但是仅通过遍历日志文件,您可能会发现其他模式。需要寻找的一些想法是:
- 设置跟踪cookie(即随机哈希)并在登录时记录其值,然后查找多个从相同的cookie值登录
- 从相同的IP地址/用户代理组合登录
- 仅从相同的IP地址登录(可靠性比以前低)两个项目符号)
- 具有来自免费网络邮件服务(Gmail等)的电子邮件地址的帐户
- 具有相同密码的帐户
如果您担心垃圾博客,可以尝试对博客内容进行一些分析,即提取所有< a href> s,并查找博客之间的相关性。您可以使用SpamAssassin之类的内容来运行博客内容本身,或者过滤诸如 viagra和 rolex之类的垃圾邮件。
I know that in the end it, can't be done.
But, what are the options to:
a) limit the options for persons to create multiple accounts,
b) increase the chance of detecting multiple accounts / person
for a blog-like web service?
(people can sign up for their own blog)
Update:
I think the 'limit the options' has been answered nicely. (there is no reliable method, but we can raise the bar)
However, I would still like to know what other options there are to detect multiple accounts?
I'm assuming you're talking about a free service? I can't think of any ways that don't either have serious drawbacks or would be trivial to defeat. Things like setting a cookie, requiring a unique e-mail address are easy to defeat.
Requiring a unique IP address is not foolproof but might work to some degree, up to the point that you have lots of users and get complaints from people behind proxies.
The best ways are to charge money or require people provide some kind of personal information, like real name/phone/address that you verify, or a CC number, but that's invasive (then again maybe you only want serious users who are willing to provide this sort of info).
I guess I would turn the question around and ask "Why don't you want to let people have multiple accounts?"
There may be some other ways of mitigating whatever your underlying reason is, i.e. if you're worried about lots of orphaned blogs you could scan for a period of inactivity and disable them or at least schedule them to be looked at by a human. If you're worried about spam blogs you could periodically scan all blog content for spammy stuff. If you're worried about bots and are using some generic software like WordPress, change the names of the form variables and otherwise protect your forms from bots.
Definitely think of other ways of dealing with the problem, because you are not going to be able to block people from registering multiple accounts if it's a typical free service like Blogger.
As for detecting multiple accounts by one person, the first thing you need to do is have a log file store complete data on every user login (username, timestamp, IP, user-agent etc.), that you can then analyze later. I'll list a few things to look out for, but just by poring over the log file you will likely discover other patterns. Some ideas of things to look for are:
- Set a tracking cookie (i.e. random hash) and log its value on login, look for multiple logins from the same cookie value
- Logins from same IP address/user-agent combination
- Logins from same IP address only (less reliable than the previous two bullets)
- Accounts with email addresses from free webmail services (Gmail etc.)
- Accounts with same password
If you're worried about spam blogs, you could try doing some analysis of blog content, i.e. extract all the <a href>s and look for correlations between blogs. You could run the blog content itself though something like SpamAssassin or otherwise filter for spammy words like "viagra" and "rolex."
这篇关于阻止用户启动多个帐户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
