如何将蜜罐字段添加到我的表单中? [英] How do I add Honey pot fields to my forms?

问题描述

我一直在阅读有关将蜜罐字段添加到我的表单以对抗机器人/垃圾邮件的信息.唯一的问题是他们没有指南或任何关于从哪里开始的东西.许多网站都说要制作一个隐藏的字段，只有垃圾邮件机器人才会填写.但由于我是新手，不知道我会从哪里开始我的应用程序.谁能给我一些关于如何设置的建议?我正在尝试让我的设计注册页面使用蜜罐字段.

I've been reading about adding Honey pot fields to my forms for combating bots/spam. Only problem is theirs no guides or anything on where to start. Many sites say to make a field that is hidden that only the spam bot would fill out. But as I'm new to this, don't know where I would start in my application. Could anyone give me the advice on how to set this up? I am trying to make my Devise registration page use honey pot fields.

推荐答案

蜜罐验证码背后的基本思想是你有一个隐藏的(通过 CSS)字段，名为表单"或电子邮件"或内容"，它(机器人只是读取字段名称)看起来应该填写.然后，当服务器查看提交时，您确保这些隐藏字段为空.如果不是，那么您将帖子标记为机器人.

The basic idea behind honeypot captchas is that you have a hidden (via CSS) field named something like "form" or "email" or "content" that (to a bot just reading the field name) looks like it should be filled in. Then, when the server looks at the submission, you make sure these hidden fields are blank. If they aren't, then you flag the post as a bot.

这是一个很好解释的例子(在ASP)，以及这是一个提供蜜罐验证码的 Rails Gem.

我链接的那个 Rails Gem 看起来很容易安装后使用:

That Rails Gem I linked looks like it's very easy to use once installed:

  <% form_tag comments_path, :honeypot => true do -%>
  ...
  <% end -%>

尽管如果您有兴趣了解该方法而不仅仅是实施它，我还是建议您自己动手.如果您自己滚动，请务必确保该字段被 CSS(或其他一些样式/定位技巧)而不是 input type="hidden" 隐藏 - 否则机器人可能会不填写该字段.

Although if you're interested in learning about the approach rather than just having it implemented, I'd recommend you roll your own. If you're rolling your own, it's important to make sure that the field is hidden by CSS (or some other style/positioning trick) and not input type="hidden" - as otherwise the bot might not fill out the field.

正如 Michael Mior 在评论中指出的那样，重要的是在隐藏字段旁边有一条消息告诉用户将其留空 - 否则使用屏幕阅读器的用户可能会错误地填写它.我的 gem 中缺少此功能链接到 - 因此，如果您正在制作一个可访问的网站(您几乎肯定应该这样做)，您可能需要对其进行修改或推出自己的网站.

As Michael Mior pointed out in the comments, it's important to have a message next to the hidden field telling the user to leave it blank - otherwise users with screen readers might erroneously fill it in. This feature is missing from the gem I linked to - so if you're making an accessible website (which you almost certainly should be) you may need to modify it or roll your own.

请记住，这个技巧并不是万无一失的——没有什么能阻止机器人呈现页面并在填写任何字段之前确定用户实际可见的字段——但这种机器人会比一个复杂得多那只是看着表单html.蜜罐验证码在阻止简单机器人方面可能非常有效.

Keep in mind that this trick isn't foolproof - there's nothing stopping a bot from rendering the page and determining which fields are actually visible to the user before filling any in - but that kind of bot would be considerably more complex than one that just looked at the form html. A honeypot captcha is likely to be very effective at stopping simple bots.

这篇关于如何将蜜罐字段添加到我的表单中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！