有史以来最好的验证码!也许你需要像这样的东西来注册，以防止庸人进入。

如何显示9个随机的几何形状，并要求用户选择两个正方形，或两个圆或其他。应该很容易写，也很容易使用。

没有什么比你无法正确阅读短信更糟糕的了……

我喜欢在“大rom网络”中使用的验证码: 链接文本

点击彩色的微笑，它很有趣，每个人都能理解…除了机器人哈哈

这将是每次注册，而不是每次发布，对吧?因为这只会杀死站点，即使使用jQuery自动化。

你不只是想让人类发帖。你需要能够讨论编程主题的人。所以你应该有一个验证码，比如:

下面的C函数声明是什么意思:char *(*(**foo [][8])())[];?

=)

Make an AJAX query for a cryptographic nonce to the server. The server sends back a JSON response containing the nonce, and also sets a cookie containing the nonce value. Calculate the SHA1 hash of the nonce in JavaScript, copy the value into a hidden field. When the user POSTs the form, they now send the cookie back with the nonce value. Calculate the SHA1 hash of the nonce from the cookie, compare to the value in the hidden field, and verify that you generated that nonce in the last 15 minutes (memcached is good for this). If all those checks pass, post the comment.

This technique requires that the spammer sits down and figures out what's going on, and once they do, they still have to fire off multiple requests and maintain cookie state to get a comment through. Plus they only ever see the Set-Cookie header if they parse and execute the JavaScript in the first place and make the AJAX request. This is far, far more work than most spammers are willing to go through, especially since the work only applies to a single site. The biggest downside is that anyone with JavaScript off or cookies disabled gets marked as potential spam. Which means that moderation queues are still a good idea.

从理论上讲，这可以作为通过模糊性的安全，但在实践中，这是很好的。

我从未见过垃圾邮件发送者试图破解这种技术，尽管可能每隔几个月我就会收到一个手动输入的主题垃圾邮件条目，这有点怪异。