验证码问题的另一个答案？ [英] Another answer to the CAPTCHA problem?

问题描述

大多数站点至少都使用服务器访问日志检查和禁止，以及诸如CAPTCHA（那些混乱的文本图像）之类的机器人防御措施。

Most sites at least employ server access log checking and banning along with some kind of bot prevention measure like a CAPTCHA (those messed-up text images).

CAPTCHA的问题在于它们对用户体验构成威胁。幸运的是，它们现在具有诸如刷新和音频版本之类的用户友好功能。

The problem with CAPTCHAs is that they poss a threat to the user experience. Luckily they now come with user friendly features like refresh and audio versions.

无论如何，像linux vs Windows这样的垃圾邮件发送者，不值得花时间定制和/或构建脚本来处理仅与一个站点有关的自定义CAPTCHA示例。因此，我想知道是否有更好的方法来处理整个验证码。

Anyway, like linux vs windows, it isn't worth the time of a spammer to customize and/or build a script to handle a custom CAPTCHA example that only pertains to one site. Therefore, I was wondering if there might be better ways to handle the whole CAPTCHA thing.

在更好的验证码 Peter Bromberg提到一种方法是将图像转换为HTML并将其显示在页面中。在 http://shiflett.org/ 上，克里斯只是要求用户在输入中键入他的名字。这样的示例是简化CAPTCHA体验，同时降低垃圾邮件发送者价值的方法。有谁知道更多我可以使用的好例子，或者看到嵌入图像的想法有什么问题？

In A Better CAPTCHA Peter Bromberg mentions that one way would be to convert the image to HTML and display it embedded in the page. On http://shiflett.org/ Chris simply asks users to type his name into an input. Examples like this are ways to simplifying the CAPTCHA experience while decreasing the value for spammers. Does anyone know of more good examples I could use or see any problem with the embedded image idea?

推荐答案

以HTML表格形式显示的图像只是技术上的减速带。从这样的文档中提取像素没有困难。

Image presented as HTML table is just a technical speed bump. There's no difficulty in extraction of pixels from such document.

恕我直言，验证码将重点放在错误的事情上–您不关心对方是否有人。您也不希望人类向您发送垃圾邮件。因此，退后一步，重点关注垃圾邮件：

IMHO CAPTCHA puts focus on a wrong thing – you're not interested whether there's a human on the other side. You wouldn't like human to spam you either. So take a step back and focus on spam:

• 分析文本（查找垃圾邮件关键字，使用贝叶斯过滤）


• 分析链接（黑名单的垃圾邮件域-SURBL，LinkSleeve）


• 查看流量模式并阻止洪水


• 没有一个完全准确方法，但您可以使用其中的一些方法并权衡结果以使结果非常接近。

• Analyze text (look for spammy keywords, use bayesian filtering)
• Analyze links (blacklist spammy domains – SURBL, LinkSleeve)
• Look at traffic patterns and block floods
• There's no single perfectly accurate method, but you can use few of them and weight the result to get pretty close.

请查看 Sblam！（这是一个完全透明的服务器端评论垃圾邮件过滤器）。

Have a look at source code of Sblam! (it's a completely transparent server-side comment spam filter).

这篇关于验证码问题的另一个答案？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！