我不是一个网页开发人员，所以对此持保留态度，但这是我的建议-

每个用户都有一个cookie(包含一串随机数据)，决定他们是否看到当前的垃圾销售。

(如果你没有饼干，你就看不到它们。因此，不启用cookie的用户永远不会看到糟糕的销量;新用户在第一次浏览页面时永远不会看到它们，但之后会看到)。

每次用户刷新网站时，他都会将当前的cookie传递给服务器，服务器会根据这个cookie来决定是给他一个新的cookie还是保持当前的cookie不变;并以此为基础，决定是否在页面上展示垃圾促销。

为了保持服务器端的简单性，你可以说在任何时候，只有一个cookie会让你看到糟糕的销售情况;还有一些其他的cookie被标记为“在最近2秒内生成的”，这些cookie将始终保持不变。因此，如果刷新页面的速度快于此，则无法获得新的页面。

(…啊，好吧，我想这并不能阻止机器人恢复旧的饼干并把它传给你。不过，也许在某个地方还是有解决方案的。)

对未注册用户延迟5分钟发布所有产品公告。休闲用户不会真正注意到这一点，而非休闲用户还是会注册。

你知道，如果你使用pubsubhubbub发布你的RSS提要，人们就不必一遍又一遍地点击你的网页来查看Woot-off中的下一件事，他们只需要等待它出现在他们的谷歌Reader上。

也许你需要一种解决方案，让机器人完全无法区分垃圾销售和所有其他内容。

这是验证码主题的一种变体，但不是用户通过解决验证码来验证自己，验证码是销售的描述，以一种视觉上令人愉悦的方式呈现(但可能有些被背景掩盖)。

假定原则:

第一个屏幕必须是非常简单的低开销HTML，带有一个易于识别的按钮(游戏邦注:无论是机器人还是玩家)，以明确表示“我想要我的垃圾”。因为我们假设了最坏的情况-你有来自机器人和非机器人组合的DOS攻击，所有人都首先点击网站(就可识别性而言)。所以让我们尽快把这些从缓存，良性回声机器人等中分发出去。

(注:就追求者而言，这就是发生的事情;这对用户和Woot来说都是痛苦的，所以任何有助于吸收或缓解首次屏幕获取的内容都符合三方的利益。)

然后，对于非机器人来说，这个过程不需要比现在更糟糕，对于正版机器人来说，不需要额外的步骤(或痛苦)。(关于当前设计的背景说明:当前的wooters通常已经签约，或者可以在购买过程中签约。新买家需要在购买时进行注册。所以实际上已经注册和已经登录会更快。)

为了完成垃圾销售，需要导航一系列交易屏幕(比如5个正负，取决于具体情况)。获胜者是第一个完成全部导航的人。当前进程奖励那些最快完成整个5个屏幕序列的机器人(或其他人);但整个进程都偏向于快速响应(即机器人)。

毫无疑问，机器人将在第一个屏幕上占据优势;无论他们在这一点上取得了什么优势，他们都会在剩下的屏幕上保持下去，再加上身体在其他阶段提供的任何优势。

What if Woot were to intentionally decouple the queuing process after the first screen, and feed every session from that point into a sequence of fixed-minimum-time steps? The second screen wouldn't even be presented until 30 seconds had passed; after it was submitted, same for the following screens. I bet wooters would have no problem if they were told that, after the first screen, they would wait in a queue (which is already true) that would spread the load over time in a way that should take no longer than before, be more robust, and help weed out the bots. At this point you can throw in some of the bot speedbumps listed above (subtle variations in DOM objects, etc.) Just the benefit from the perception that Woot is a little more in control of things would help.

If a much higher proportion of the BOC initial hits could segue into a bot-unfriendlier non-time-critical process on their first hit (or close to it), rather than retrying, then real people who get past that point would have more confidence. For sure it would be less hostile than the current situation. It might cut down on the background-noise-ambient-bot-rate that's going on all the time even under normal Woot-Off circumstances. And the bots would lay off the main page and sit in the queue with each other (and everyone else) where they have no advantage.

Hmmm... The concept "apartment-threaded" comes to mind. I wonder if the pattern is approximately useful? A useful core concept here is being able, after the first screen, to track accumulated total time in queue and be able to adjust to standard. As a bot-mitigation strategy, you would have a little bit of flexibility to maybe fudge the very earliest sessions by maybe 5-10 seconds; doing so would probably be undetectable, but would result in a richer non-bot purchase mix. I'm sure you have statistics to help evaluate stuff like this after the fact. Just for fun, you could (at least for one wootoff) put together your own bot that combines the best features you've seen, and then hand it out to everyone the day before. Then at least everyone would be equally armed. (Then duck ... incoming ...)

我不能百分之百地确定这是否可行，至少不尝试一下是不行的。

But it seems as if it should be possible, although technically challenging, to write a server-side HTML/CSS scrambler that takes as its input a normal html page + associated files, and outputs a more or less blank html page, along with an obfuscated javascript file that is capable of reconstructing the page. The javascript couldn't just print out straightforward DOM nodes, of course... but it could spit out a complex set of overlapping, absolute-positioned divs and paragraphs, each containing one letter, so it comes out perfectly readable.

机器人将无法阅读它，除非它们使用完整的渲染引擎和足够的人工智能来重建人类将看到的内容。

然后，因为这是一个自动化的过程，您可以根据您的计算能力经常重新打乱站点-每分钟，或每十分钟，或每小时，甚至每次页面加载。

当然，写这样一篇含糊不清的文章会很困难，而且可能不值得。但这只是一个想法。