获取图品验证码_验证码的替代品

获取图品验证码

It seems I stirred the pot a little more than expected with my post calling for the death to captchas. If you haven’t read the post, it was basically a rant detailing all the issues with captcha systems—accessibility and usability concerns primarily. My goal was to identify the problem, but quite a few people called me out for not taking the time to highlight alternatives (I actually did mention Akismet, but only in passing). The criticism was fair enough and since there appears to be interest, I thought a follow-up post pointing out three alternative solutions that don’t interrupt the user would be a good idea.

我的帖子呼吁验证员死亡 ，看来我搅动锅子比预期的多。 如果您还没有阅读过这篇文章，那基本上就是一个冗长的细节，详细说明了验证码系统的所有问题-主要是可访问性和可用性问题。 我的目标是确定问题所在，但是很多人因为没有花时间强调其他选择而把我叫出来(我确实提到了Akismet，但只是顺便提及)。 批评是很公平的，而且由于似乎引起了人们的兴趣，我认为在后续文章中指出三个不打扰用户的替代解决方案将是一个好主意。

Just a warning ahead of time because I know people are going to mention it—none of these solutions are 100% foolproof, just as captchas are not 100% foolproof. I acknowledge that, but that’s beside the point. While it would be nice to use a system that detects and eliminates 100% of the spam without any false positives, I don’t think that’s a realistic expectation at this point in time. My goal is to eliminate as much as spam as possible without negatively affecting the experience of my users.

提前警告只是因为我知道人们会提到它-这些解决方案中没有一个是100％安全的，就像验证码不是100％安全的一样。 我承认这一点，但这是无关紧要的。 尽管使用能够检测并消除100％的垃圾邮件而没有任何误报的系统会很不错，但我认为这不是现实的期望。 我的目标是在不负面影响用户体验的前提下，尽可能地消除垃圾邮件。

So let’s get started shall we?

因此，让我们开始吧？

Akismet (Akismet)

The only alternative solution I proposed in the prior post is also the one I most commonly use. Taken directly from their site:

我在上一篇文章中提出的唯一替代解决方案也是我最常用的解决方案。 直接从他们的网站上获取 ：

Akismet is a hosted web service that saves you time by automatically detecting comment and trackback spam. It’s hosted on our servers, but we give you access to it through plugins and our API.

Akismet是托管的Web服务，可通过自动检测评论和引用垃圾邮件来节省您的时间。 它托管在我们的服务器上，但是我们为您提供了通过插件和API对其进行访问的权限。

Here’s the basic gist. Every time a form using Akismet is submitted, that information is sent to the Akismet service. Akismet then performs a series of tests (including whether that email or message has been marked as spam by other users of the service) on that information to determine if it’s spam or not. The service then returns a value indicating the results of these tests.

这是基本要点。 每次提交使用Akismet的表单时，该信息都会发送到Akismet服务。 Akismet然后对该信息执行一系列测试(包括该服务的其他用户是否将该电子邮件或消息标记为垃圾邮件)，以确定是否为垃圾邮件。 然后，服务将返回一个值，指示这些测试的结果。

If Akismet thinks it’s spam, it keeps the information in their database for 15 days in case you need to check it out and approve it. If you do find a false positive, Akismet will re-analyze the information to attempt to learn from it.

如果Akismet认为这是垃圾邮件，则它将信息保留在其数据库中15天，以防您需要检出并批准该信息。 如果您确实发现了误报，则Akismet将重新分析信息以尝试向其学习。

Traditionally, Akismet has been used on blogs (primarily Wordpress driven ones). However since the API is available, there have been many plugins and libraries created that allow you to easily use the service on other platforms, and for any type of form you would like (contact, sign-up, etc).

传统上，Akismet已用于博客(主要是Wordpress驱动的博客)上。 但是，由于API可用，因此创建了许多插件和库，使您可以轻松地在其他平台上使用该服务，并以所需的任何形式(联系，注册等)使用该服务。

I use Akismet on this site and it’s been very effective. I can remember only a handful of spam comments that got through, and even less false positives. Meanwhile, Akismet has managed to successfully mark ~45,000 messages as spam. Not too bad.

我在此站点上使用Akismet，它非常有效。 我记得只有很少的垃圾邮件评论，甚至更少的误报。 同时，Akismet已成功将大约45,000条邮件标记为垃圾邮件。 还不错

推出您自己的启发式解决方案 (Roll Your Own Heuristic Solution)

Another alternative solution is to use a heuristic spam detection system. Basically, you would check the message against a series of specific criteria to see how likely it is to be spam. Jonathan Snook outlined a method for doing just this a couple of years ago.

另一个替代解决方案是使用启发式垃圾邮件检测系统。 基本上，您将根据一系列特定条件检查邮件，以查看其成为垃圾邮件的可能性。 乔纳森·斯努克(Jonathan Snook) 概述了一种在几年前这样做的方法 。

In his system, he checked a long list of rules and used a point based system to weigh the results. For example, for anytime ‘viagra’ was found in a comment he would apply -1 points. At the end of the checks, if the number is below a certain level, he marks the message as spam. At the time he wrote the post, he was only getting a spam message every one or two weeks.

在他的系统中，他检查了一长串规则，并使用基于点的系统来权衡结果。 例如，任何时候只要在评论中发现“伟哥”，他都会应用-1分。 在检查结束时，如果该数字低于某个特定水平，他会将邮件标记为垃圾邮件。 在他撰写帖子时，他每隔一到两周才收到一封垃圾邮件。

Building a heuristic approach like this would not be particularly difficult or time-consuming. It would also allow you the opportunity to fine-tune the system based on common traits you are seeing amongst spam submissions. More importantly, as with Akismet, it would not get in the way of your users.

建立这样的启发式方法将不会特别困难或耗时。 它还将使您有机会根据您在垃圾邮件提交中看到的共同特征来微调系统。 更重要的是，与Akismet一样，它不会妨碍您的用户。

贝叶斯滤波 (Bayesian Filtering)

Taking the heuristic solution one step further, you could use a bayesian filtering method (like most email spam filtering services). A bayesian approach determines the probability that a message is spam based both on what that message contains and also the contents of past messages that were marked as spam.

如果将启发式解决方案更进一步，则可以使用贝叶斯过滤方法(就像大多数电子邮件垃圾邮件过滤服务一样)。 贝叶斯方法基于邮件包含的内容以及标记为垃圾邮件的过去邮件的内容来确定邮件为垃圾邮件的可能性。

It actually works the other way too–a bayesian filtering system can also compare the words that are typical in ‘good’ messages to help determine if a message is safe. What works so beautifully about a bayesian approach is that it will progressively get better the more it is used and the larger it’s library of ‘good’ and ‘bad’ words grows.

它实际上也以另一种方式起作用–贝叶斯过滤系统还可以比较“好”消息中的典型单词，以帮助确定消息是否安全。 贝叶斯方法之所以如此出色，是因为它使用得越多，它的“好”和“坏”字库就越大，它将逐渐变得更好。

You could easily roll your own solution here if you would like. There are numerous bayesian filtering classes written in a variety of programming languages, that are readily available online.

如果愿意，您可以轻松地在这里推出自己的解决方案。 有许多用各种编程语言编写的贝叶斯过滤类，可以随时在线获得。

以上任意组合 (Any combination of the above)

You can of course combine any of the above to give yourself an even more robust system if you would like. In my experience, there isn’t much of a reason to combine Akismet with anything. It’s been robust and accurate enough that I just haven’t had the need. If you’d rather not use their service, however, combining bayesian filtering with some general criteria would create a strong layer of defense against spam attacks.

当然，如果您愿意，您可以结合使用上述任何一种，从而为您提供一个更强大的系统。 根据我的经验，没有太多理由将Akismet与任何东西结合起来。 它足够强大和准确，以至于我只是不需要。 但是，如果您不想使用它们的服务，则将贝叶斯过滤与一些常规条件结合使用将为抵御垃圾邮件攻击提供强大的防御层。

Again, as stated above, none of these methods are entirely, 100% foolproof. They are, however, quite effective and will bring the number of spam messages that get through to an almost negligible amount. A few minutes a week would be all it would take to clean those up.

同样，如上所述，这些方法都不是完全100％可靠的。 但是，它们非常有效，并将使通过的垃圾邮件数量几乎可以忽略不计。 一周只需几分钟即可清理掉它们。

To me, these solutions are much better alternatives to using a captcha system. They still catch the spam, but they remain transparent to the user.

对我来说，这些解决方案是使用验证码系统的更好选择。 它们仍会捕获垃圾邮件，但对用户保持透明。

翻译自: https://timkadlec.com/2011/01/alternatives-to-captcha/

获取图品验证码