我需要/我什么时候需要验证码?
[英]Do I need to have/When do I need Captcha?
问题描述
I have a classifieds website, where users must fill in a form to post a classified (offcourse). 
我有一个分类广告网站,用户必须填写表格以发布分类(偏离)。
I wonder, do you think I need some form of captcha on the form? 我想知道,你认为我需要在表格上使用某种形式的验证码吗?
Also, I am working on a "register" page where users may get their own username/pass and login to post classifieds more easily. 此外,我正在“注册”页面上,用户可以在其中获得自己的用户名/通行证并登录以更轻松地发布分类广告。
Also, I have a mail-server setup... 另外,我有一个邮件服务器设置...
So now, users may click on a classified and at the bottom fill in just three fields in a form (name, email, message) and send an email to the poster of the classified. 所以现在,用户可以点击分类和底部填写表格(姓名,电子邮件,消息)中的三个字段,并向分类的海报发送电子邮件。 No captcha there. 那里没有验证码。 Is this safe? 这样安全吗?
My firewall is setup so that it is preventing any outside access to the mail-server except from the websites IP. 我的防火墙已设置好,以防止除了网站IP之外的任何外部访问邮件服务器。
Can I set up the firewall to some settings so that I don't need captcha? 我可以将防火墙设置为某些设置,以便我不需要验证码吗?
I have my own Virtual Private Server btw, and it is running Ubuntu. 我有自己的虚拟专用服务器顺便说一句,它正在运行Ubuntu。
A follow-up Q is, if a spam-bot or whatever, gets the hold of my forms and fills alot of them out, or use my mail-server to send emails, what would happen then? 后续问题是,如果是垃圾邮件机器人或其他任何东西,可以获取我的表单并将其填满,或使用我的邮件服务器发送电子邮件,那么会发生什么?
Would my site and mail-server get blacklisted? 我的网站和邮件服务器会被列入黑名单吗? Is this reverssible or do I have to create a new mail-server then? 这是可逆的还是我必须创建一个新的邮件服务器呢?
Thanks 谢谢
6 个解决方案
解决方案1
6 已采纳 2010-11-04 07:45:40
I go by the design principle of "least barrier to entry". 我遵循“最小障碍”的设计原则。 You want people to use your site, so you want to make it as easy as possible for them. 您希望人们使用您的网站,因此您希望尽可能简化这些网站。 Anything at all -- including a captcha -- might turn them away. 任何事情 - 包括验证码 - 都可能会让它们失控。 So my standard line would be to definitely not include a captcha anywhere until you've actually seen a problem with spam. 所以我的标准路线是在您真正看到垃圾邮件问题之前,绝对不会在任何地方都包含验证码。 And even then, see if the problem can be solved without a captcha first. 即便如此,看看问题是否可以在没有验证码的情况下解决。
Regarding your question of "well what if a spam bot starts spamming". 关于你的问题“好吧,如果垃圾邮件机器人开始发送垃圾邮件”。 Simple solution to this is to pre-implement a rate limit. 对此的简单解决方案是预先实施速率限制。 Make it so that someone at a given IP address cannot initiate the sending of an email more frequently than say once every minute. 使其成为某个给定IP地址的人不能比每分钟说一次更频繁地发起电子邮件的发送。 This will not actually cause a problem for real people, but will stop a spam bot in its tracks. 这实际上不会对真人造成问题,但会阻止垃圾邮件机器人。 You can even try to detect situations where you see a high rate and temporarily block that IP address for 24 hours. 您甚至可以尝试检测高速率的情况,并暂时阻止该IP地址24小时。 That will prevent even the once-a-minute spam. 这甚至可以阻止一分钟一分钟的垃圾邮件。
解决方案2
2 2010-11-04 07:52:51
I can see two situations where you might be thinking of using Captcha's. 我可以看到两种情况,你可能会考虑使用Captcha。
- Registration 注册
- Interaction/Contact Form 互动/联系表格
However, captcha does tend to upset and drive away users if overused. 但是,如果过度使用,验证码确实会让用户心烦意乱。
So, in these instances: 所以,在这些情况下:
Registration 注册
The easiest way to stop, or at least inconvenience, anyone trying to create bulk accounts would be to use an email confirmation. 任何试图创建批量帐户的人最简单的方法是停止或至少不方便使用电子邮件确认。 So, the user fills out the form, including their email address. 因此,用户填写表单,包括他们的电子邮件地址。 The form then sends them an email, which contains a link they must click to activate the account and allow them to login. 然后,表单会向他们发送一封电子邮件,其中包含他们必须单击以激活帐户并允许他们登录的链接。
Interaction/Contact Form 互动/联系表格
There will be two kinds of people who will interact through this form. 将有两种人通过这种形式进行互动。 There will be registered, and logged-in users and there will be casual visitors. 将有注册和登录用户,并将有临时访客。 As Captcha is a method to test for whether a person is a person or not, any registered/logged-in users have already proven themselves, there is no need to use Captcha for them. 由于Captcha是一种测试一个人是否是某人的方法,任何注册/登录用户已经证明了自己,没有必要为他们使用Captcha。
However, for a casual, non-logged-in users, then you can use the Captcha for them. 但是,对于临时的,未登录的用户,您可以使用Captcha。
So, the short version, as you can tell, I hate Captcha, and only use it when absolutely necessary. 所以,正如你所知,短版本,我讨厌Captcha,只有在绝对必要时才使用它。
解决方案3
0 2010-11-04 07:43:59
captch is mainly used for security purpose to stop automation. captch主要用于安全目的,以停止自动化。 Like if u have a signup column, a geek can easily make a 1000 users within minutes if he automates it.. and u lose so much space.. At the same time, if u use captcha, its much more safer and you can be sure that all the users are human and none are computer generated usernames. 就像你有一个注册专栏一样,一个极客可以在几分钟内轻松地让1000个用户自动化它......你会失去太多的空间..同时,如果你使用验证码,它会更安全,你可以成为确保所有用户都是人,而且没有一个是计算机生成的用户名。 So if u take your website seriously, i would suggest to go for captch. 所以,如果你认真对待你的网站,我会建议去抓拍。 But keep it simple like they have at megaupload. 但保持简单,就像他们在megaupload。 I dont know which service that is but still its simple. 我不知道哪个服务但仍然很简单。
解决方案4
0 2010-11-04 07:48:56
解决方案5
0 2010-11-04 07:49:54
Can I set up the firewall to some settings so that I don't need captcha?
No. Captcha and firewall are totally different things and cannot be used as the alternative of each other. 没有.Caps和防火墙是完全不同的东西,不能作为彼此的替代品。
A follow-up Q is, if a spam-bot or whatever, gets the hold of my forms and fills alot of them out, or use my mail-server to send emails, what would happen then?
One can write a script which will automate the registration process on your website. 可以编写一个脚本,自动完成您网站上的注册过程。 It can create so many accounts on your server and/or can post some content which is not good for your website or can use your website for some other persons ads. 它可以在您的服务器上创建如此多的帐户和/或发布一些对您的网站不利的内容,或者可以将您的网站用于其他人的广告。
解决方案6
0 2010-11-06 23:58:19
Beter尝试使用Sblam ,它对访问者来说是透明的,不需要用户输入,它在很多站点上对我很有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.