目标的一个可能的解决方案，不一定是问题的标题:

Instead of serving up the special deal to everyone, serve it to random sets of ip addresses at a time. For instance, partition the IP space into 256 unique blocks, and at time=0, only allow people with ip addresses in the first block, and at time=5 seconds, allow people from the first block and the second block... until the last time slot arrives, and allow everyone to see the deal. One idea to randomize it would be to take the least significant bits of the md5/sha of their IP plus some salt based on the deal.

这将允许脚本编写人员拥有接近于零的响应时间，以及拥有多个ip地址的优势，但这将意味着给定的机器人与其他因ip地址而比他们“幸运”的客户相比没有任何优势。

将这一点与其他一些想法结合起来似乎是个好主意。

以下是我的做法:

Require all bidders for bag of crap sales to register with the site. When you want to start a sale, post "BOC sale starting soon, check your email to see if you are eligible" on your main page. Send out invitations to a random selection of the registered players, with a url unique to that particular sale when sale starts. Ensure the URL used is different for each sales event. Tweak the random selection invitation algorithm to pull down elibiblity for frequent winners, based upon Credit Card used for purchase, paypal account, or shipping address.

这可以阻止机器人，因为你的主页只显示未决的BOC事件。机器人在没有收到邮件的情况下无法访问URL，也不能保证他们会收到。

如果你担心销售影响，你也可以通过为每笔销售赠送一到两个BOC来激励参与者。如果你在给定的时间间隔内没有看到足够的宣传，你会自动邮寄额外的注册用户，增加每个宣传的参与者池。

中提琴。公平的竞争环境，没有大量的启发式和网络流量分析。系统仍然可以通过设置大量电子邮件帐户的人来游戏，但通过CC#， paypal帐户，送货地址来调整参与者选择标准可以缓解这一点。

可能没有一个神奇的银弹来照顾机器人，但这些建议的组合可能有助于阻止他们，并将他们减少到一个更易于管理的数量。 如果您需要对这些建议进行任何澄清，请告诉我:

Any images that depict the item should be either always the same image name (such as "current_item.jpg") or should be a random name that changes for each request. The server should know what the current item is and will deliver the appropriate image. This image should also have a random amount of padding to reduce bots comparing image sizes. (Possibly changing a watermark of some sort to deter more sophisticated bots). Remove the ALT text from these images. This text is usually redundant information that can be found elsewhere on the pages, or make them generic alt text (such as "Current item image would be here"). The description could change each time a Bag of Crap comes up. It could rotate (randomly) between a number of different names: "Random Crap", "BoC", "Crappy Crap", etc... Woot could also offer more items at the "Random Crap" price, or have the price be a random amount between $0.95 and $1.05 (only change price once for each time the Crap comes up, not for each user, for fairness) The Price, Description, and other areas that differentiate a BoC from other Woots could be images instead of text. These fields could also be Java (not javaScript) or Flash. While dependent on a third-party plug-in, it would make it more difficult for the bots to scrape your site in a useful manner. Using a combination of Images, Java, Flash, and maybe other technologies would be another way to make it more difficult for the bots. This would be a little more difficult to manage, as administrators would have to know many different platforms. There are other ways to obfuscate this information. Using a combination of client-side scripting (javascript, etc) and server-side obfuscation (random image names) would be the most likely way to do it without affecting the user experience. Adding some obfuscating Java and/or Flash, or similar would make it more difficult, while possibly minimally impacting some users. Combine some of these tactics with some that were mentioned above: if a page is reloaded more than x times per minute, then change the image name (if you had a static image name suggested above), or give them a two minute old cached page. There are some very sophisticated things you could do on the back end with user behavior tracking that might not take too much processing. You could off-load that work to a dedicated server to minimize the performance impact. Take some data from the request and send it to a dedicated server that can process that data. If it finds a suspected bot, based on its behavior, it can send a hook to another server (front end routing firewall, server, router, etc OR back-end web or content server) to add some additional security to these users. maybe add Java applets for these users, or require additional information from the user (do not pre-fill all fields in the order page, making a different field empty each time randomly, etc).

通过IP或其他机制识别机器人。 总是把那些被识别为机器人的页面放在正常的首页。

被误识别为机器人的真人将得不到这些优惠，但他们也不会注意到。

机器人所有者不会意识到你已经识别了他们，所以他们会停止改编脚本。

我的想法(我还没有检查所有其他的，所以我不知道它是否新颖)

处理蜂群:

Convert the front-page matter for each day's stuff to be a flash/flex object. Yes, some people will complain, but we're looking for the common case here, not the ideal. You should also randomize the name of your flash objects, so they aren't in any predictable pattern of names. Using Akamai or another CDN, deploy this flash object in advance to the outside world. Akamai produces what appears to be random URLs, so it makes it hard to predict. When it is time for a new sale, you just have to change your URL locally to refer to the appropriate object at Akamai, and people will go fetch the flash object from them to discover if the deal is a BoC or not.

一天结束-你现在有Akamai处理你的午夜交通蜂群

处理购车事宜

Each of the flash objects you create can have lots and lots of content hidden inside - images, links, arbitrary ids, including 'bag of crap' in a thousand places. you should be able to obfuscate the flash as well. When the flash object "goes live", people will start to attack it. But there are so many false positives that a simple string scan is useless - they'll have to simulate running the flash locally. But the flash doesn't write text. It draws lines and shapes. Shapes in different colors, all connected to timers that make them appear and disappear at different times. If you've seen the Colbert Report, you know how the intro has hundreds of words describing Colbert. Imagine something like that for your intro, which will always include Bag O Crap. Now, imagine that the intro takes an arbitrary amount of time - sometimes a few seconds, sometimes as long as a minute or more (make it funny) Meanwhile, "Bag O Crap" is constantly showing up, but again, clearly as part of the intro. Finally, the actual deal of the day is revealed, with an active 'shimmer' effect that makes it difficult for any single snapshot of the canvas to reveal the actual product name. This is floating above an animated background that still says 'bag O crap' and is constantly in motion again, all of this is handled with lines and shapes, not with text strings

最终的结果是——你的黑客被迫拍摄交易的大量图像快照，弄清楚如何分离所有的假阳性和识别实际交易。与此同时，人类只是看着它，由于眼睛疲劳和我们填补文本空白的能力，我们可以原原本本地阅读交易。

这不会永远有效，但会在一段时间内有效。

另一个想法是简单地限制人们购买中行，除非他们以前用该账户购买过东西，并且永远不让他们再购买中行。

限定。将页面浏览量限制在每秒1次不会打扰人类用户。 通过JavaScript链接。简单的机器人不喜欢这个。 至于可用性，统计数据显示，不到1%的用户不使用JS。 2 a。以上的硬核版本。Flash中的链接。 参数存储在会话，而不是在查询字符串。大多数机器人是无状态的。