你是人类？ （或如何防止垃圾邮件） [英] Are you human? (or How to prevent spam)

问题描述

您知道什么机制可以防止匿名垃圾邮件发送者滥用您的网站。

例如，假设我有一个人们可以投票的网站。但是，我不希望某人一直向顶部发送垃圾邮件。因此，我发现（a）创建一个帐户，只允许投票一次，（b）验证码以减少垃圾邮件。您还知道其他哪些方法以及它们的效果如何？

For example, let's say that I have a site where people can vote something. But I don't want someone to spam something all the way to the top. So I found (a) creating an account and only allowed to vote once and (b) CAPTCHA to decrease spam. What other methods do you know and how good do they work?

推荐答案

我注意到的重要事情是，无论您做什么，您希望您的系统是唯一的。您希望攻击者必须为您的特定站点量身定制其自动化程序，而不是仅向其抛出几乎可以在任何地方使用的预先存在的脚本。它甚至不必是加密安全的；

The big thing I've noticed is that whatever you do, you want your system to be unique. You want an attacker to have to tailor their automation program for your specific site, rather than just throw a pre-existing script at it that will work almost anywhere. It doesn't even have to be cryptographically secure; it just has to make your site a little different from the norm.

这并不意味着您不能或不应该使用预制的验证码之类的东西。小部件。绝对不要将其中之一用作凝视点！这只是意味着您必须在某个地方对其进行自定义，以便在正常情况之外发生一些额外的事情，并且会破坏任何通常可能会破坏它的现有脚本。

This doesn't mean you can't or shouldn't use something like a pre-built captcha widget. Absolutely do use one of those as a staring point! It just means you have to customize it somewhere so that something extra happens that is outside the norm and will break any pre-existing script that could normally defeat it.

该站点足够大，以至于攻击者会专门针对它进行攻击，那么您的简单小定制可能就不再适用，您可能会做一些更特殊的事情，并考虑真正的加密技术等等。但这就是其中的一个好问题。

If your site gets big enough that you have attackers targeting it specifically, then your simple little customization probably won't hold up anymore and you might have do something a little more special and think about real cryptography and all that. But that's one of those things that's a "good" problem to have.

这篇关于你是人类？ （或如何防止垃圾邮件）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！