How do I detect if a client is a browser-issued operation?

Source: Internet
Author: User
Now headless browser A lot of, can simulate a lot of browser behavior, which is very easy to send spam information, even if there is no PHANTOMJS or casperjs, through the grab packet to obtain the target request address, curl or Snoopy for example, user-agent , MAC address, IP address, cookie, and so can all forge, the only can prevent the verification code, online coding software too much, are employed some Aunt uncle to identify, hair spam is also very easy, I think there is a way to detect the client is a real browser, It would be much easier for me to ban this browser.

Reply content:

Now headless browser A lot of, can simulate a lot of browser behavior, which is very easy to send spam information, even if there is no PHANTOMJS or casperjs, through the grab packet to obtain the target request address, curl or Snoopy for example, user-agent , MAC address, IP address, cookie, and so can all forge, the only can prevent the verification code, online coding software too much, are employed some Aunt uncle to identify, hair spam is also very easy, I think there is a way to detect the client is a real browser, It would be much easier for me to ban this browser.

You can't even count the numbers in.

You can try these two very tiring practices:

    1. Make the verification code complex. For example, GIF moving and moving the verification code ...
    2. Limit the frequency, the back end record, the same IP request frequency is too fast to pull black ...

Agree with the idea of selling little girls ' matches, you need to understand why you have to differentiate between users and robots, usually in two situations:

One is to protect against attacks, reduce the pressure on the server, want to shield off non-user access; This is a better way to cache the system and ensure that no matter how much level of access will not drag down the server.

The second is to prevent the misuse of some mechanisms, such as preventing users from using robots to cheat in "inviting friends to register"; This is a better way of associating users with an entity, such as a mobile phone number, a social security number that is not easy to forge. Of course, there are some users who are in this scenario and do not want to provide personal privacy information.

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.