问题
I use this captcha method on all my forms on many sites, the basic premis is that I have a text box that is hidden by css, if the server-side code determines that there is any content in this box, then the form is not completed.
Client side:
<li id="li-cap"><label>Leave this field blank</label><input type="text" maxlength="30" id="cap" name="cap" /></li>
Css:
#li-cap{display:none}
Server side psuedo code:
if(!nullOrEmpty(input#cap))
{
return post back to form with error
}
else
{
process form
}
this is ignoring any clientside validation for the moment
I've been using this form of captcha (i believe it has a name, can't remember it though, think it begins with p) for a while now, and i'm seeing lots of different kinds of captchas around: mathematical sums, random letters on images, questions.
My version requires no entry from the user, and I get no spam forms at all. Is this actually a good method, or am I just a bit lucky? Should I be using a stronger method?
回答1:
This type of captcha is relatively strong for typical spambots, that fill all the fields. However, it is completely inefficient for site-based floodbots, and this is why it will not be used on high-audience websites.
来源:https://stackoverflow.com/questions/10207135/what-are-the-downpoints-of-this-captcha-method