击败验证码绕过策略 [英] strategy to defeat CAPTCHA bypass

问题描述

我已经阅读了有关如何解码验证码的帖子和链接。我还没有看到使它变得更加困难的策略。特别是那些并不十分复杂的策略。

I have read the posts and the links about how to decode captcha. What I have not seen are strategies to make it more difficult to do this. In particular strategies that are not really complex.

还有，没有人有任何策略来尝试检测人们是否绕过了验证码吗？我正在开发基于浏览器的游戏，我需要使用一些方法来防止人们整日使用简单的机器人玩游戏。实际上，有一些公司出售专门用于游戏的机器人。

Also, does anyone have any strategies to try to detect if people are bypassing captcha? I am developing browser based game and I need to use something to prevent people from using simple bots to play all day long. There are actually companies out that that sell specialized bots for games.

诸如此类： http://jrimsoftware.com/

以下是我的一些想法：

1. 存储时间戳何时显示验证码


2. 存储回答验证码的时间戳。


3. 用户每次获得验证码时都要记录一次。


4. 使用sql来确定人们回答这些问题所需的时间的平均值，均值和标准差
   我愿意猜测，回答验证码的平均时间为机器人将低于总体平均水平，尤其是标准偏差会更小。

1. Store a timestamp for when a captcha is presented
2. Store a timestamp for when the captcha is answered.
3. Record this by user for each time they get a captcha.
4. Use sql to determine the avg, mean, and standard deviation for how long it takes people to answer theses I am willing to guess that the average time to answer a captcha by a bot will be lower than the overall average and in particular the standard deviation will be smaller.

我知道人们可以为此编写随机函数，但是如果我保持安静，他们可能不知道我做了什么。加上禁止用户可能会吓many其他许多人试图绕过验证码。

I know people can code random functions around this, but if I keep it quiet they may not know what I did. Plus banning people may scare many others from trying to bypass captcha.

防止绕过验证码：

1. 使用多种类型的验证码（从1开始，然后添加更多）


2. 更改屏幕上显示的按钮名称。同时保留旧按钮。如果重复使用较旧的按钮，则应该为机器人提供有力的证据。


3. 混入您必须在Google中搜索的问题。这会花费一些时间。但我也许可以找到一个列表，然后将它们加载到数据库中。使用这些相互混合验证码。


4. 一些问题可能包括将单词翻译成其他语言（例如使用Google翻译）以增加我的列表。

1. use multiple types of captchas (start with 1, then add more)
2. change button names presented on the screen. Keep the old button as well. If an older button is used repeatedly, this should give strong evidence for a bot.
3. mix in questions that you have to google. This is a bit time consuming to get. but I may be able to find a list, then load them in the database. use these inter mixed with captcha.
4. some questions can include translating a word to a different language (such as using google translate) to increase my list.

还有其他建议吗？

推荐答案

比这简单得多。只要留意哪些验证码已被打败，并在您当前的验证码中断时切换您的方法即可。很容易看出哪些验证码更容易，哪些更难。

It is much simpler than all that. Just stay on top of which CAPTCHAs have been defeated and switch your methods when your current one breaks. It is easy to see which CAPTCHAs are easier and which are tougher.

这里有一些好人

我在 reCAPTCHA

CAPTCHA就像您前门的锁；他们的目的不是防止小偷闯入。他们的目的是使他变得足够困难，以至于效率低下。他会辞职而去隔壁。 （对不起，邻居。）

CAPTCHAs are like the lock on your front door; they're not intended to prevent thieves from breaking in. They're intended to make it hard enough for him that it's not efficient to do. He'll quit and go next door instead. (Sorry, neighbor.)

在所有应有的尊重下，我认为您对此过于考虑。

With all due respect, I think you're overthinking this.

这篇关于击败验证码绕过策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！