这里最重要的事情是改变系统，从你的服务器上移除负载，防止机器人在不让奶瓶商知道你在和他们玩游戏的情况下赢得这袋垃圾，否则他们会修改他们的策略。我认为如果你们不进行一些处理，就没有办法做到这一点。

So you record hits on your home page. Whenever someone hits the page that connection is compared to its last hit, and if it was too quick then it is sent a version of the page without the offer. This can be done by some sort of load balancing mechanism that sends bots (the hits that are too fast) to a server that simply serves cached versions of your home page; real people get sent to the good server. This takes the load off the main server and makes the bots think that they are still being served the pages correctly.

如果这个提议能以某种方式被拒绝就更好了。然后你仍然可以在假服务器上提供报价，但当机器人填写表格时，说“对不起，你不够快”:)然后他们肯定会认为他们还在游戏中。

让我们换个角度看问题——你让机器人买你想让真人买的东西，那给机器人一个机会买你不想让真人买的东西怎么样?

有一个随机的机会，一些非显示的html，抓取机器人会认为是真实的情况，但现实的人不会看到(不要忘记，现实的人包括盲人，所以考虑屏幕阅读器等)，这通过购买一些非常昂贵的东西(或不进行实际购买，但获得付款细节，让你放在列表上)。

即使机器人切换到“提醒用户”而不是“购买”，如果你能得到足够多的假警报，你可能就能让人们(也许不是所有人，但减少一些诈骗总比没有强)不去打扰它。

我喜欢BradC的回答(使用Ned Batchelder文章中的建议)，但我想在此基础上再增加一个层次。您不仅可以随机化字段名称，还可以随机化字段位置和使它们不可见的代码。

Now, this last bit is hard part and I don't know exactly how to do it, but someone with more JavaScript and CSS experience might be able to figure it out. Of course, you can't just keep the same positions all the time, because the scripters will just figure out that the element with position (x,y) is the real one. You would have to have some code that changes the positioning of form elements relative to other elements in order to move them off the page, overlay them on each other, etc. Then obfuscate the code that does this with some randomness introduced into it. Automatically change the obfuscation daily, before a new item is made available. The idea is that without a proper CSS and JavaScript implementation (and code to read layout of the page as a human would) a bot won't be able to figure out which elements are being shown to the user. Your server-side code, of course, knows which fields are real and which are fake.

总而言之:

字段名是随机的 字段顺序是随机的 字段隐藏代码很复杂 字段隐藏代码是随机混淆的 服务器端代码每天自动更改随机因子

在你给出的限制条件下，我不认为有办法避免某种形式的“军备竞赛”，但这并不意味着一切都完了。如果你能在军备竞赛中实现自动化，而编剧不能，那么你每次都能获胜。

目标的一个可能的解决方案，不一定是问题的标题:

Instead of serving up the special deal to everyone, serve it to random sets of ip addresses at a time. For instance, partition the IP space into 256 unique blocks, and at time=0, only allow people with ip addresses in the first block, and at time=5 seconds, allow people from the first block and the second block... until the last time slot arrives, and allow everyone to see the deal. One idea to randomize it would be to take the least significant bits of the md5/sha of their IP plus some salt based on the deal.

这将允许脚本编写人员拥有接近于零的响应时间，以及拥有多个ip地址的优势，但这将意味着给定的机器人与其他因ip地址而比他们“幸运”的客户相比没有任何优势。

将这一点与其他一些想法结合起来似乎是个好主意。

为什么不将内容设置为CAPTCHA?

On the page where you display the prize, always have an image file in the same location with the same name, when a bag o crap sale is on, dynamically generate and load an image with the text etc advertising the prize, when no sale is on just have some default image that integrates well with the site. Seems like its the same concept as CAPTCHA... if the bot cannot figure out the meaning of the image they will not be able to "win" it, if they can they would have been able to figure out your CAPTCHA images anyways.

如上所述，我在非验证码表单上做了一些工作，方法是使用存储在表单中的结果的预期值的预计算散列。这个想法适用于Wordpress的两个反垃圾邮件插件:WP-Morph和WP-HashCash。唯一的缺点是客户端浏览器必须能够解释JavaScript。