问题
What is a good invisible captcha? My site requires JavaScript so anything which requires that is fine.
回答1:
Add a new input field, label it "Please leave blank", hide it using CSS, and ignore the post if that field is filled in. Something like this:
<style type='text/css'>
#other_email_label, #other_email {
display: none;
}
</style>
...
<form action='mail'>
<label id='other_email_label' for='other_email'>Please leave blank:</label>
<input type='text' name='other_email' id='other_email'>
...
</form>
So a human being won't see that field (unless they have CSS turned off, in which case they'll see the label and leave it blank) but a spam robot will fill it in. Any post with that field populated must be from a spam robot.
回答2:
Here's a simple math captcha by Phil Haack. It even works with javascript disabled.
In his own words:
The way it works is that it renders some javascript to perform a really simple calculation and write the answer into a hidden text field using javascript. When the user submits the form, we take the submitted value from the hidden form field, combine it with a secret salt value, and then hash the whole thing together. We then compare this value with the hash of the expected answer, which is stored in a hidden form field base64 encoded. If javascript is disabled, then we render out the question as text alongside a visible text field, thus giving users reading your site via non-javascript browsers a chance to comment.
回答3:
I've used the technique of a Display:None text box, and rejecting any submission that fills it in and had pretty good luck with that.
回答4:
For what it's worth Google is rolling out 'Invisible ReCAPTCHA' (https://www.google.com/recaptcha/intro/comingsoon/invisible.html), I already got whitelisted with my site. At the moment implementing it, however the docs aren't that elaborated...:)
回答5:
MTCaptcha is a reCaptcha alternative captcha service that supports invisible captchas similar to the recently launched reCaptcha V3, where its invisible to most users but shows a captcha if it feels the traffic is risky.
回答6:
If you mean - use captcha that a human can't see as a human validation test - i think it's impossible.
This way a robot ignoring the captcha will pass for a real person! Seems like a trap for a naive spam robot.
If you want your captcha-protected site to work with clients that have no javascript - then you should hardcode it into html.
Also, if you can reliably identify trusted users (either by judgment call or by detecting some usage pattern) - you can let them post to your site without captcha.
来源:https://stackoverflow.com/questions/972507/what-is-a-good-invisible-captcha