如何在我的表单中添加蜂蜜罐字段? [英] How do I add Honey pot fields to my forms?
问题描述
我一直在阅读关于将蜂蜜罐字段添加到我的表单中以打击机器人/垃圾邮件。唯一的问题是他们没有指导或任何开始的地方。许多网站表示要隐藏一个只有垃圾邮件机器人才能填写的字段。但是,就我而言,我不知道从哪里开始我的应用程序。有人可以给我关于如何设置这个的建议吗?我正在努力使我的Devise注册页面使用蜂蜜罐领域。
I've been reading about adding Honey pot fields to my forms for combating bots/spam. Only problem is theirs no guides or anything on where to start. Many sites say to make a field that is hidden that only the spam bot would fill out. But as I'm new to this, don't know where I would start in my application. Could anyone give me the advice on how to set this up? I am trying to make my Devise registration page use honey pot fields.
推荐答案
蜜罐验证背后的基本想法是,隐藏(通过CSS)字段命名为form或email或content(对于刚刚读取字段名称的机器人),似乎应该被填写。然后,当服务器查看提交时,你确保这些隐藏的字段是空白的。如果没有,那么你将该帖子标记为机器人。
The basic idea behind honeypot captchas is that you have a hidden (via CSS) field named something like "form" or "email" or "content" that (to a bot just reading the field name) looks like it should be filled in. Then, when the server looks at the submission, you make sure these hidden fields are blank. If they aren't, then you flag the post as a bot.
这是一个很好的解释示例(在ASP中有一些代码),而这里是提供蜜罐验证码的Rails Gem。
Rails Gem 我链接看起来像一旦安装就很容易使用:
That Rails Gem I linked looks like it's very easy to use once installed:
<% form_tag comments_path, :honeypot => true do -%>
...
<% end -%>
虽然如果您有兴趣了解该方法,而不仅仅是实现该方法,那么推荐你自己滚。如果你自己滚动,重要的是确保该字段被CSS隐藏(或其他风格/定位技巧),而不是 input type =hidden - 否则机器人可能不会填写该字段。
Although if you're interested in learning about the approach rather than just having it implemented, I'd recommend you roll your own. If you're rolling your own, it's important to make sure that the field is hidden by CSS (or some other style/positioning trick) and not input type="hidden" - as otherwise the bot might not fill out the field.
正如Michael Mior在评论中指出的那样,在隐藏的字段旁边留下一条消息,告诉用户将其留空,这一点非常重要 - 否则屏幕阅读器的用户可能会错误这个功能缺少从我链接到的宝石 - 所以如果你正在制作一个可访问的网站(你几乎肯定应该),你可能需要修改或自己滚动。
As Michael Mior pointed out in the comments, it's important to have a message next to the hidden field telling the user to leave it blank - otherwise users with screen readers might erroneously fill it in. This feature is missing from the gem I linked to - so if you're making an accessible website (which you almost certainly should be) you may need to modify it or roll your own.
请记住,这个诀窍并不是万无一失的 - 没有什么可以阻止机器人渲染页面,并确定用户实际上可以看到哪些字段填充任何内容 - 但是那种机器人将比仅仅看HTML格式复杂得多。一个蜜罐验证码可能非常有效地阻止简单的机器人。
Keep in mind that this trick isn't foolproof - there's nothing stopping a bot from rendering the page and determining which fields are actually visible to the user before filling any in - but that kind of bot would be considerably more complex than one that just looked at the form html. A honeypot captcha is likely to be very effective at stopping simple bots.
这篇关于如何在我的表单中添加蜂蜜罐字段?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
