Enhanced Numbered Equation CAPTCHA - Killing Web Spam - Part 2 增强编号方程CAPTCHA -造成网络垃圾邮件-第2部分

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is arguably one of the best ways to knock out the majority of spam you receive. CAPTCHA (完全自动化的公共图灵测试来告诉计算机和人类除了)无疑是一个最好的方法淘汰的大多数您收到的垃圾邮件。 Its become popular with web 2.0 applications.其成为流行的Web 2.0应用。 So much that its become widely used and thus spammers found a needed to crack it.这么多,它成为广泛使用的垃圾邮件,从而发现了裂缝需要它。 If you can create a new and unique CAPTCHA however, you’ll be a lot safer then everyone else who tend to use the same script site after site.如果你可以创建一个新的和独特的CAPTCHA然而,您就安全了很多然后其他人谁倾向于使用相同的脚本后,网站的网站。

About a year ago I tried a simple addition script.大约一年前我试着除了一个简单的脚本。 If you didn’t enter the right result of the simple query it would error.如果您没有输入正确的结果,简单的查询它将错误。 This actually works pretty well for me and most others right now.这实际上相当不错的作品对我和大多数人现在。 Especially since they have evolved into changing the numbers used in the addition after each refresh.特别是因为它们已演变成不断变化的数字中使用的除在每刷新。 When I use something like this I get even less spam slipping through.当我使用这样的事情我更垃圾渗透。 So I took the addition script a step further.所以,我采取了另外的脚本又向前迈进了一步。 Why?为什么? Because a single number can easily be copied over by a script and because not all servers I’ve worked with have ImageMagik and/or GD Library installed.因为一个单一数目可以很容易地复制了剧本,因为不是所有的服务器,我一直在与有ImageMagik和/或GD库安装。

In about 15 lines I came up with a function that dynamically generated two numbers and allows an array of different signs/text/symbols to tell your users the appropriate math to apply in several different ways.在大约15行我来到了一个功能,动态生成的两个号码,并允许各种不同的迹象/文字/符号,告诉你的用户适当的数学适用于几种不同的方式。 Just add more to make it a bit more complex for spammers.只需添加更多使它成为一个更复杂一点的垃圾邮件。 You can also mix it up by inserting random characters between words: “Plus” or “PLUS” or “P L U S”.您还可以组合起来插入随机字符之间的话: “加”或“加”或“ P 1 绿 S ”的。

  1. //USAGE: $answer = numbercaptcha();
  2. //****** Call this between <form></form>
  3. //****** $_POST will contain $_POST['number']
  4. //****** Check if $_POST['number'] is == to $answer
  5. //OPERATORS: Add additional $opperators to the array for more varriation
  6. function numbercaptcha ( ) {
  7. //Set first and second num rand(min,max)
  8. $firstnum = rand ( 5 , 8 ) ;
  9. $secondnum = rand ( 1 , 4 ) ;
  10. $coinflip = rand ( 1 , 2 ) % 2 ; //Picks a random equation type
  11. if ( $coinflip == 0 ) {
  12. $math = $firstnum $secondnum ;
  13. $operators = array ( " " , "Added To" , "Plus" ) ;
  14. $operatorschoice = rand ( 1 , 3 ) % 3 ;
  15. } else {
  16. $math = $firstnum - $secondnum ;
  17. $operators = array ( "-" , "Minus" ) ;
  18. $operatorschoice = rand ( 1 , 2 ) % 2 ;
  19. }
  20. echo $firstnum . " " . $operators [ $operatorschoice ] . " " . $secondnum . " = <input type= \" text \" name= \" number \" maxlength= \" 2 \" size= \" 5 \" >" ;
  21. return $math ;
  22. }
  23. Download this code: 0314numbercaptcha.txt 下载此代码: 0314numbercaptcha.txt

Nothing is foolproof, this can be cracked too.没有什么是万无一失的,这可以被破解了。 But it will get you around the typical bot or “script kiddy” that wants to spam your site and cause more of a headache for the pros to want to deal with.但是,让你周围的典型僵尸或“脚本kiddy ”想垃圾您的网站,并造成更让人头痛的利弊要处理的问题。 When this gets beaten and spammers have automated their way around my method then I have another plan in mind.当此得到毒打和垃圾邮件发送者自动他们围绕我的方法然后我还有一个计划在心。 Thats another day however.多数民众赞成但另一天。

For now, I’ve found the key to avoiding spam is to stay away from typical CMS and/or forum systems that contain predictable code among several other cookie cutter sites.现在,我发现的关键是避免垃圾邮件远离典型的不育系和/或论坛系统,可预见的代码包含在其他几个网站的Cookie刀。 This defiantly isn’ta solution for most of you.这种目空一切不是解决你的大部分。 But if you implement this code or something like it in the places that matter…something unique…you can break a spammers script by keeping your site out of the typical expectations of a spammer.但是,如果执行此代码或者类似的东西在地方这个问题... ...独特的东西你可以打破脚本的垃圾邮件使您的网站出典型的预期的垃圾邮件发送者。

Also, a friend mentioned the addition/subtraction might be too hard for users and you’ll have lost comments/email.此外,一个朋友提到此外/减法可能是太硬的用户,你会失去评论/电子邮件。 Maybe you’re considering that too?也许您认为呢? I have to question the quality of user that is leaving you a comment or sending you an email if they can’t add or subtract single digit numbers.我有问题的质量是用户离开你的意见,或向您发送一封电子邮件,如果他们不能添加或减去个位数的号码。 Though you could increase the difficulty by adjusting the randomization seed and throw in some long division.虽然你可以增加难度调整随机种子,扔在一些长期分裂。 That might be overkill :).这也许是过度: ) 。

If you’re keeping up with the spam series you might want to check out my last post: 5 Ways To Catch And Prevent Website Form Spam - Part 1 .如果你跟上垃圾邮件的一系列你可能想看看我上次帖子: 5种方法渔获物和防止垃圾邮件表格网站-第1部分。 I updated the second block of code on that page to check the referring URL to prevent form abuse.我更新了第二个代码块在该网页检查提到的网址,以防止滥用的形式。

Posted by: Rob 发布者:罗布
Category: Coding , Web Design 类别: 编码, 网页设计
Tags: Automate , PHP , Spam 标签: 自动化, PHP中, 垃圾邮件
Respond: Leave A Comment | Trackback URL 回应: 发表评论 | 引用网址



Leave A Comment:发表评论:

Comments RSS Feed 评论RSS馈送

5 Plus 4 = 5 4 =

Custom Theme by Rob Malon | Content & Design © 2008 - Rob Malon [dot] Com. 自订主题罗布丙二|内容与设计© 2008 -罗布丙二[斑点]通信。 "));
"));