程序化机器人检测 [英] Programmatic Bot Detection
问题描述
我需要编写一些代码来分析我们网站上的给定用户是否是机器人.如果是机器人,我们将采取一些具体措施.除了友好的机器人以外,查看用户代理并不能成功,因为您可以在机器人中指定所需的任何用户代理.我关注不友好的机器人的行为.到目前为止,我有各种各样的想法:
I need to write some code to analyze whether or not a given user on our site is a bot. If it's a bot, we'll take some specific action. Looking at the User Agent is not something that is successful for anything but friendly bots, as you can specify any user agent you want in a bot. I'm after behaviors of unfriendly bots. Various ideas I've had so far are:
- 如果您没有浏览器ID
- 如果您没有会话ID
- 无法编写Cookie
很明显,在某些情况下,合法用户看起来像个机器人,但这没关系.还有其他检测机器人的程序化方法,还是检测看起来像机器人的东西?
Obviously, there are some cases where a legitimate user will look like a bot, but that's ok. Are there other programmatic ways to detect a bot, or either detect something that looks like a bot?
推荐答案
用户代理可以被伪造.验证码已被破解.有效的cookie可以与页面请求一起发送回您的服务器.合法程序(例如Adobe Acrobat Pro)可以在一个会话中进入并下载您的网站.用户可以禁用JavaScript.由于没有标准的措施来衡量正常"的用户行为,因此无法与机器人区分开来.
User agents can be faked. Captchas have been cracked. Valid cookies can be sent back to your server with page requests. Legitimate programs, such as Adobe Acrobat Pro can go in and download your web site in one session. Users can disable JavaScript. Since there is no standard measure of "normal" user behaviour, it cannot be differentiated from a bot.
换句话说:要做的只是将用户吸引到某种形式的交互式聊天中,并希望他们通过图灵测试,那么他们又可能是一个非常好的机器人.
In other words: it can't be done short of pulling the user into some form of interactive chat and hope they pass the Turing Test, then again, they could be a really good bot too.
这篇关于程序化机器人检测的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
