构建一个更好的机器人

市场告诉你一些事情。他们想要那袋垃圾。所以与其与脚本斗争(RIAA vs文件共享任何人?)构建一个更好的机器人。

为每个人提供一个安装的应用程序，它与脚本kidide可以组合的任何东西一样好，甚至更好。用户会安装你的品牌应用，而每次出现这种情况。应用程序会自动尝试购买。如果错过了当前的b-o-c，应用程序就有一张“门票”，让它有更好的机会进行下一次b-o-c销售。因此，如果用户滚动自己的脚本，他们就无法获得下一个b-o-c销售的“门票”，而官方应用程序的用户则可以。

在b-o-c销售之间，应用程序可以显示当前出售的物品。见鬼，让用户可以告诉woot应用程序寻找“记忆棒”

当官方的woot b-o-c+脚本应用程序一样好或不好时，谁会构建自己的脚本?

此外，woot还有另一种与客户联系的方式。

你的客户告诉你他们想要什么。

我所读到的大多数解决方案最终都退化为一种反移动的情况，并不能抑制人们按照“公平竞争规则”进行游戏的积极性。

你有没有想过有目的的性能限制/影子禁止?如果你检测到来自一个IP的大量命中，你的CGI脚本是否故意延迟响应-或者让他们没有资格赢得该物品?

So If you say set a cookie on the system and you see it hitting you more than X per interval of time, you start delaying the responses more and more. If you see cookie X continue this behavior for some interval of time, you set the dreaded 'Can not win today come back tomorrow flag' and dont tell them - that way, even if they win, they still loose. If you have several parameters like this that would be easily/randomly tweekable, you could be changing the rules all the time in such a way that it would keep out the bots - but humans wouldnt even notice. Maybe you could have a login have a delay of X seconds - where the delay is depended on that IP addresses history of hits/logins :)

只是一两个想法

创建一个简单的ip防火墙规则，如果检测到超过最大值，就将ip地址列入黑名单。每秒输入的请求数。

一些想法:

Simple: don't name it "Random Crap." Change the name of the item every time so that the bots will have a harder time identifying it. They may still look for the $1.00 items, in which case I suggest occasionally selling $1 sticks of gum for a few minutes. The $5 shipping should make it worth your while. Harder: don't make the users do anything extra - make the users' computers do something extra. Write a JavaScript function that performs an intensive calculation taking a good amount of processing power - say, the ten-millionth prime number - and have the user's computer calculate that value and pass it back before you accept the order (perhaps even to create the "place order" URL). Change the function for every BoC so that bots can't pre-calculate and cache results (but so that you can). The calculation overhead might just slow down the bots enough to keep them off your backs - if nothing else, it would slow the hits on your servers so that they could breathe. You could also vary the depth of the calculation - ten-millionth prime versus hundred-millionth - at random so that the ordering process is no longer strictly first-come, first served, and to avoid penalizing customers with slower computers. E

可能没有一个神奇的银弹来照顾机器人，但这些建议的组合可能有助于阻止他们，并将他们减少到一个更易于管理的数量。 如果您需要对这些建议进行任何澄清，请告诉我:

Any images that depict the item should be either always the same image name (such as "current_item.jpg") or should be a random name that changes for each request. The server should know what the current item is and will deliver the appropriate image. This image should also have a random amount of padding to reduce bots comparing image sizes. (Possibly changing a watermark of some sort to deter more sophisticated bots). Remove the ALT text from these images. This text is usually redundant information that can be found elsewhere on the pages, or make them generic alt text (such as "Current item image would be here"). The description could change each time a Bag of Crap comes up. It could rotate (randomly) between a number of different names: "Random Crap", "BoC", "Crappy Crap", etc... Woot could also offer more items at the "Random Crap" price, or have the price be a random amount between $0.95 and $1.05 (only change price once for each time the Crap comes up, not for each user, for fairness) The Price, Description, and other areas that differentiate a BoC from other Woots could be images instead of text. These fields could also be Java (not javaScript) or Flash. While dependent on a third-party plug-in, it would make it more difficult for the bots to scrape your site in a useful manner. Using a combination of Images, Java, Flash, and maybe other technologies would be another way to make it more difficult for the bots. This would be a little more difficult to manage, as administrators would have to know many different platforms. There are other ways to obfuscate this information. Using a combination of client-side scripting (javascript, etc) and server-side obfuscation (random image names) would be the most likely way to do it without affecting the user experience. Adding some obfuscating Java and/or Flash, or similar would make it more difficult, while possibly minimally impacting some users. Combine some of these tactics with some that were mentioned above: if a page is reloaded more than x times per minute, then change the image name (if you had a static image name suggested above), or give them a two minute old cached page. There are some very sophisticated things you could do on the back end with user behavior tracking that might not take too much processing. You could off-load that work to a dedicated server to minimize the performance impact. Take some data from the request and send it to a dedicated server that can process that data. If it finds a suspected bot, based on its behavior, it can send a hook to another server (front end routing firewall, server, router, etc OR back-end web or content server) to add some additional security to these users. maybe add Java applets for these users, or require additional information from the user (do not pre-fill all fields in the order page, making a different field empty each time randomly, etc).

我有一个解决方案(可能)没有列出(因为我还没有读完这里所有的……)

您可以通过浏览器的User Agent字符串跟踪唯一用户。从本质上讲，通过检查哪些信息是可用的“唯一”，你将能够获得足够的信息来区分不同的人(即使是在相同的IP地址上)。

看看EFF写的这篇文章 以及这个网站(也由EFF)，将“测试”你的独特只是基于你的用户代理从浏览器。

为了获得更好的唯一性，你可以在唯一性和ip地址的信息位之间进行比较，从而真正得到罪犯/机器人的可能性。

也从EFF签出这个pdf