好吧，我有几个问题，而不是一个答案，因为我没有技术经验，不知道它是否可以工作或有帮助。

目标如下: 1. 将道具卖给非脚本人。 2. 保持网站运行的速度不被机器人减慢。 3.不要让“正常”用户完成任何任务来证明他们是人类。

My questions are: -. Would a Flash application, or Java applet, or Silverlight or anything similar reduce the ease of screen scraping enough to decrease the impact of the bots? I'm curious if these are as wide open to external manipulation as typical javascript/html. While it is not standard for web development and may not be 'good' from an SEO point of view, it sounds like search visibility isn't your problem if you have millions of users. I believe that any of these could still offer a very good looking interface so your humans wouldn't be put off by the design.

-。你能把你所有的信息放在一张图片里吗?我也从未见过你所提到的woot部分，但我的建议是将人类需要知道的任何文本放在人类友好的图像中，而不是机器人友好的文本框中。

哦，还有一些在其他回答中提到的东西。不要错过你拥有的大好机会: 你有很多机器人的需求，那些拥有机器人的人真的会买，对吧?你还想要他们的钱吗?(如果不是，我就买了。)

这些拥有机器人的人有其他选择从你这里购买吗?把你的垃圾袋子拿出来。

为机器人建立一个woot子网站，让脚本写手获得很多乐趣，并为此付钱。卖给他们垃圾，让他们挑战其他编剧。这是一个完全不同的市场。

如果他们有另一种选择，可以赢得一些东西，并获得吹嘘的权利，他们可能不太倾向于殴打小老人。

我所读到的大多数解决方案最终都退化为一种反移动的情况，并不能抑制人们按照“公平竞争规则”进行游戏的积极性。

你有没有想过有目的的性能限制/影子禁止?如果你检测到来自一个IP的大量命中，你的CGI脚本是否故意延迟响应-或者让他们没有资格赢得该物品?

So If you say set a cookie on the system and you see it hitting you more than X per interval of time, you start delaying the responses more and more. If you see cookie X continue this behavior for some interval of time, you set the dreaded 'Can not win today come back tomorrow flag' and dont tell them - that way, even if they win, they still loose. If you have several parameters like this that would be easily/randomly tweekable, you could be changing the rules all the time in such a way that it would keep out the bots - but humans wouldnt even notice. Maybe you could have a login have a delay of X seconds - where the delay is depended on that IP addresses history of hits/logins :)

只是一两个想法

CAPTCHA的问题在于，当你在Woot上看到垃圾促销时，作为消费者，如果你希望收到你的垃圾包，你就必须迅速采取行动。所以，如果你要使用一种形式的验证码，对客户来说必须非常快。

What if you had a large image, say 600 x 600 that was just a white background and dots of different colors or patterns randomly placed on the image. The image would have an image map on it. This map would have a link mapped to small chunks of the image. Say, 10 x 10 blocks. The user would simply have to click on the specific type of dot. It would be quick for end the user and it would somewhat difficult for a bot developer to code. But this alone may not be that difficult for a good bot creator to get past. I would add ciphered URLs.

以前我在开发一个系统，可以对url进行加密。如果这些页面上的每个URL都用随机的IV加密，那么它们对机器人来说都是唯一的。我设计这个是为了迷惑探测机器人。我还没有完成的技术，但我有一个小网站编码，功能在这个庄园。

虽然这些建议并不是一个完整的解决方案，但它们会使构建一个工作机器人变得更加困难，同时仍然易于人类使用。

我的第一个想法是，你说机器人正在抓取你的网页，这意味着他们只抓取HTML内容。因此，让您的订单屏幕验证(从http-logs)，报价相关的图形是从bot加载的

已经发布了一些其他/更好的解决方案，但为了完整起见，我想我会提到这个:

If your main concern is performance degradation, and you're looking at true hammering, then you're actually dealing with a DoS attack, and you should probably try to handle it accordingly. One common approach is to simply drop packets from an IP in the firewall after a number of connections per second/minute/etc. For example, the standard Linux firewall, iptables, has a standard operation matching function 'hashlimit', which could be used to correlate connection requests per time unit to an IP-address.

虽然，这个问题可能更适合于上一个so播客中提到的下一个so衍生产品，它还没有推出，所以我想可以回答:)

编辑: 正如novatrust指出的那样，仍然有ISP实际上没有分配ip给他们的客户，因此有效地，这样一个ISP的脚本客户将禁用该ISP的所有客户。

ASP.net AJAX控件工具包中的NoBot控件呢?

它做了一些自动javascript请求和计时技巧，以防止机器人在没有用户交互的情况下访问网站。

抱歉，如果这不符合要求，我得打个电话 tl;博士> D