NoBot is a control that attempts to provide Captcha-like bot/spam prevention without requiring any user interaction. This approach is easier to bypass than an implementation that requires actual human intervention, but NoBot has the benefit of being completely invisible. NoBot is probably most relevant for low-traffic sites where blog/comment spam is a problem and 100% effectiveness is not required.
NoBot employs a few different anti-bot techniques:
- Forcing the client's browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the DOM for added assurance that a browser is involved)
- Enforcing a configurable delay between when a form is requested and when it can be posted back. (Ex: a human is unlikely to complete a form in less than two seconds)
- Enforcing a configurable limit to the number of acceptable requests per IP address per unit of time. (Ex: a human is unlikely to submit the same form more than five times in one minute)
- Captcha项目是Completely Automated Public Turing Test to Tell Computers and Humans Apart (全自动区分计算机和人类的图灵测试)的简称,已由卡内基梅隆大学注册商标。
CAPTCHA的目的是区分计算机和人类的一种程序算法,这种程序必须能生成并评价人类能很容易通过但计算机却通不过的测试。这个要求本身就是悖论,因为这意味着一个CAPTCHA必须能生成一个它自己不能通过的测试。
大家可以看看CAPTCHA的一个例子:
人类能够比较容易识别图片中的字母,但如果编写计算机程序,难度就非常大了。
按照Lenore Blum的说法,任何的图片中的内容都能被识别,不存在一种计算程序生成的图片不能被计算机程序识别出来。
于是,比赛开始了,有人站到Captcha一方,有人站到破译Captcha的一方.......
如今,GZUG的两位牛人已经开始了这个游戏,有兴趣的朋友请加入到我们的对抗比赛(QQ群:16699048):
CYT(Coremail的主要设计者)加入了Captcha一方。
灵感之源 (Guardio/Definio的Designer)加入了破译Captcha的一方。
游戏规则是:Captcha方公布一系列的图片,破译Captcha的一方提供程序能够分析这些图片中的内容,如果破译方提供的应用程序能够以高于10%的识别率识别出图片内容,则判定破译方获胜。获胜方将得到BEA UG礼品一份!
游戏奖品参见:
http://dev2dev.bea.com.cn/bbs/gift!default.jspa
关于Captcha的信息,参考下面的链接
Captcha方:
Captcha项目:http://www.captcha.net/
jCaptcha项目:http://jcaptcha.sourceforge.net/
破译Captcha方:
http://www.cs.sfu.ca/~mori/research/gimpy/
http://sam.zoy.org/pwntcha/
http://www.brains-n-brawn.com/default.aspx?vDir=aicaptcha
