对于阻止垃圾邮件,recaptcha.net是否有其他替代方法? [英] Are there any alternatives to recaptcha.net, for stopping spam?
问题描述
我公司中排名高于我的成员拒绝使用其网站上的recaptcha.net来阻止垃圾邮件以公开形式进行。他认为,进入我们网站的任何人都很难输入他们的信息,因为图灵测试太难读了。
A member of my company in greater ranking than myself refuses to use recaptcha.net on his website to thwart spam off of a public form. He thinks it would be difficult for anyone coming to our site to enter their information since the Turing Tests are "so darn hard to read".
是使用这种方法的替代方法?其中不包含这些难以读取的图像?
Is there an alternative to using this method? That doesn't contain these sorts of difficult to read images?
(好吧愚蠢的问题...如果由我决定,我们将使用Recaptcha,因为地球上其他所有人都可以...但是我只是想知道我会检查一下
(Okay stupid question...if it were up to me we'd use recaptcha because everyone else on earth does...but I just figured I'd check anyway.)
还使用由Javascript设置并随后在服务器上检查的隐藏字段真的是解决垃圾邮件的好方法吗?
我自己并不真的认为这是...因为有各种各样的Javascript引擎无法在浏览器中运行,但可以运行Javascript( Rhino等...),可以轻松地用于JS / Serverside反垃圾邮件方法。
I myself don't really buy that it is...since there are all sorts of Javascript engines that don't run in a browser yet can run Javascript (Rhino etc...), that could easily be used to thawart a JS/Serverside anti-spam method.
推荐答案
CAPTCHA将减少垃圾邮件,但不会消除垃圾邮件。人们被要求解密那些字形。有些站点使用呈现给他们的字形作为自己的站点,以便一些不幸的访客将其解密。
CAPTCHA will reduce your spam but it won't eliminate it. People are paid to decipher those glyphs. Some sites use the glyph that was presented to them for their own site so some hapless visitor will decipher it.
请注意,这并不是一个完美的解决方案。
Just so you're aware that it's not a perfect solution.
基于在问题解决之前不要解决问题的原则:垃圾邮件在您的网站上是否是一个重大问题?有话要说,不要惹恼您的客户/访客。即使在这里,有时我也需要进行一些编辑,而对于我需要进行的最后一次编辑,我通常会遇到令人讨厌的我是人类测试。
Based on the principle of don't solve a problem until it's a problem: is spam a significant problem on your website? There is something to be said for not annoying your customers/visitors. Even here I sometimes need to make a few edits and I get the irritating "I'm a Human Being" test on typically the last edit I need to make. It's annoying.
人们已经提出了各种其他方法来解决此问题。我读过一篇关于猫和狗的旧皮具的文章,您必须对它们进行分类,因为显然在美国有30+百万个这样的数据库,用于废弃动物或类似动物。
People have proposed all sorts of other methods for dealing with this problem. One I read about used picutres of cats and dogs that you had to classify because apparently there's a database of 30+ million of these in the US for abandoned animals or somesuch. This or anything that gets in widespread use will be defeated.
网站上的垃圾邮件最大的问题是,如果您使用的是广泛使用的软件(例如phpBB)。最好的选择是进行足够的修改以击败现成的脚本。无论如何,您都有可能成为攻击目标,但是垃圾邮件是一种高容量,低成功的游戏。在网站占据大量流量之前,没有真正的理由来定位您的网站。
The biggest problem with spam on sites is if you use software that's in widespread use (eg phpBB). Your best bet for those is to make enough modifications to defeat out-of-the-box scripting. You may get targeted anyway but spamming is a high-volume low-success game. There's no real reason to target your site until it accounts for a significant amount of traffic.
值得一提的另一件事是可用来消除脚本垃圾邮件的技术:
The other thing worth mentioning is techniques that can be used to defeat scripted spam:
- 使用Javascript编写关键内容,而不是将其包含为静态HTML。处理起来要困难得多(但并非不可能);
- 重命名和/或重新排序键字段,例如用户名和密码。例如,生成用户名和密码表单字段并将其存储为会话变量,以便它们仅适用于该用户。然后,这要求用户使用登录表单访问页面(而不是编写可以直接发布的表单响应脚本);
- 混淆表单提交。可以在jQuery和类似框架中执行的不引人注意的Javascript之类的事情使此操作非常容易;
- 包括一个验证码图像和字段框,然后不显示它们(显示:CSS中没有显示) 。您会混淆解析器。
- Use Javascript to write critical content rather than including it as static HTML. That's a lot harder to deal with (but not impossible);
- Rename and/or reorder key fields like username and password. For example, generate username and password form fields and store them as session variables so they only work for that user. That then requires the user to have visited the page with the login form (rather than scripting a form response that can be POSTed directly);
- Obfuscate the form submission. Things like unobtrusive Javascript that you can do in jQuery and similar frameworks make this pretty easy;
- Include a CAPTCHA image and field box and then don't display them (display: none in CSS). You'll confuse parsers.
这篇关于对于阻止垃圾邮件,recaptcha.net是否有其他替代方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
