假定原则:

第一个屏幕必须是非常简单的低开销HTML，带有一个易于识别的按钮(游戏邦注:无论是机器人还是玩家)，以明确表示“我想要我的垃圾”。因为我们假设了最坏的情况-你有来自机器人和非机器人组合的DOS攻击，所有人都首先点击网站(就可识别性而言)。所以让我们尽快把这些从缓存，良性回声机器人等中分发出去。

(注:就追求者而言，这就是发生的事情;这对用户和Woot来说都是痛苦的，所以任何有助于吸收或缓解首次屏幕获取的内容都符合三方的利益。)

然后，对于非机器人来说，这个过程不需要比现在更糟糕，对于正版机器人来说，不需要额外的步骤(或痛苦)。(关于当前设计的背景说明:当前的wooters通常已经签约，或者可以在购买过程中签约。新买家需要在购买时进行注册。所以实际上已经注册和已经登录会更快。)

为了完成垃圾销售，需要导航一系列交易屏幕(比如5个正负，取决于具体情况)。获胜者是第一个完成全部导航的人。当前进程奖励那些最快完成整个5个屏幕序列的机器人(或其他人);但整个进程都偏向于快速响应(即机器人)。

毫无疑问，机器人将在第一个屏幕上占据优势;无论他们在这一点上取得了什么优势，他们都会在剩下的屏幕上保持下去，再加上身体在其他阶段提供的任何优势。

What if Woot were to intentionally decouple the queuing process after the first screen, and feed every session from that point into a sequence of fixed-minimum-time steps? The second screen wouldn't even be presented until 30 seconds had passed; after it was submitted, same for the following screens. I bet wooters would have no problem if they were told that, after the first screen, they would wait in a queue (which is already true) that would spread the load over time in a way that should take no longer than before, be more robust, and help weed out the bots. At this point you can throw in some of the bot speedbumps listed above (subtle variations in DOM objects, etc.) Just the benefit from the perception that Woot is a little more in control of things would help.

If a much higher proportion of the BOC initial hits could segue into a bot-unfriendlier non-time-critical process on their first hit (or close to it), rather than retrying, then real people who get past that point would have more confidence. For sure it would be less hostile than the current situation. It might cut down on the background-noise-ambient-bot-rate that's going on all the time even under normal Woot-Off circumstances. And the bots would lay off the main page and sit in the queue with each other (and everyone else) where they have no advantage.

Hmmm... The concept "apartment-threaded" comes to mind. I wonder if the pattern is approximately useful? A useful core concept here is being able, after the first screen, to track accumulated total time in queue and be able to adjust to standard. As a bot-mitigation strategy, you would have a little bit of flexibility to maybe fudge the very earliest sessions by maybe 5-10 seconds; doing so would probably be undetectable, but would result in a richer non-bot purchase mix. I'm sure you have statistics to help evaluate stuff like this after the fact. Just for fun, you could (at least for one wootoff) put together your own bot that combines the best features you've seen, and then hand it out to everyone the day before. Then at least everyone would be equally armed. (Then duck ... incoming ...)

这里最重要的事情是改变系统，从你的服务器上移除负载，防止机器人在不让奶瓶商知道你在和他们玩游戏的情况下赢得这袋垃圾，否则他们会修改他们的策略。我认为如果你们不进行一些处理，就没有办法做到这一点。

So you record hits on your home page. Whenever someone hits the page that connection is compared to its last hit, and if it was too quick then it is sent a version of the page without the offer. This can be done by some sort of load balancing mechanism that sends bots (the hits that are too fast) to a server that simply serves cached versions of your home page; real people get sent to the good server. This takes the load off the main server and makes the bots think that they are still being served the pages correctly.

如果这个提议能以某种方式被拒绝就更好了。然后你仍然可以在假服务器上提供报价，但当机器人填写表格时，说“对不起，你不够快”:)然后他们肯定会认为他们还在游戏中。

使用JavaScript动态地将信息写入页面。如果没有JS渲染引擎，屏幕抓取器和机器人肯定无法读取信息。

你需要想办法让机器人购买价格过高的东西:12毫米的坚果:20美元。看看有多少机器人在编剧认为你在耍他们之前抢了过来。

用这些利润购买更多的服务器和支付带宽。

我同意OP在这里-请不要验证码-这不是一个非常woot的做事方式。

首先设置一些机器人陷阱。我会在主页上更经常地提到BOC，让机器人看起来不智能，所以每次措辞都不同。“中行投诉上升!”所以扫描关键词的机器人会被困住。

然而，我认为真正的问题是双重的，首先是你需要解决的性能问题，今天是机器人造成了一个问题，但它向我表明，有一个性能问题需要解决。

其次，这是一个商业机会，可以把一些真正的垃圾转化为利润。所以我将保持整体woot风格并声明“我们检查机器人”。如果我们认为你是机器人，你就会得到一盒垃圾。”

机器人检查将在销售完成后的某个时间离线完成，使用机器人陷阱，IP号码，cookie，会话，浏览器字符串等。对你获得的购买者数据做一些认真的分析，以决定谁得到了废话。如果你决定发布垃圾，那么你就可以把一些正常的垃圾卖给别人。

以下是你可以做的一些合理假设:

Any automated solution can and will be broken. Making the site completely require human input (eg CAPTCHA) will greatly increase the difficulty of logging in/checking out/etc. You have a limited number of Bandoliers of Cabbage to sell. You can track users by session via a client-side cookie. You aren't dealing with extremely hardcore criminals here; these are simply technical people who are bending, but not breaking, the law. Successful orders via bots will go to the person's home, and likely not some third-party mail drop.

解决方案不是技术上的。这是一个政策问题。

在web服务器上记录所有客户端会话id。 制定“限制机器人”政策;比如，每X秒刮一次屏幕，让使用普通浏览器的用户能够点击刷新。任何被发现超过这个限制的用户都不会被开除。 接下来，向已知的机器人所有者发送一堆leakfrog。