@ pc1oad1letter我也注意到在我的帖子。然而，这只是一个想法，而不是实际的实现。改变字体或使用不同的颜色，而不是粗体/斜体，可以很容易地解决可用性问题。

这将是每次注册，而不是每次发布，对吧?因为这只会杀死站点，即使使用jQuery自动化。

但要确保这不是谷歌能回答的问题。这也显示了一个问题——操作顺序!

如果你做一个有不同颜色字母的验证码，并且你要求用户只输入特定颜色的字母呢?

我知道没人会读这篇文章，但是狗和猫的验证码呢?

你需要分辨出哪个是猫，哪个是狗，机器做不到。 http://research.microsoft.com/asirra/

是一个很酷的…

Make an AJAX query for a cryptographic nonce to the server. The server sends back a JSON response containing the nonce, and also sets a cookie containing the nonce value. Calculate the SHA1 hash of the nonce in JavaScript, copy the value into a hidden field. When the user POSTs the form, they now send the cookie back with the nonce value. Calculate the SHA1 hash of the nonce from the cookie, compare to the value in the hidden field, and verify that you generated that nonce in the last 15 minutes (memcached is good for this). If all those checks pass, post the comment.

This technique requires that the spammer sits down and figures out what's going on, and once they do, they still have to fire off multiple requests and maintain cookie state to get a comment through. Plus they only ever see the Set-Cookie header if they parse and execute the JavaScript in the first place and make the AJAX request. This is far, far more work than most spammers are willing to go through, especially since the work only applies to a single site. The biggest downside is that anyone with JavaScript off or cookies disabled gets marked as potential spam. Which means that moderation queues are still a good idea.

从理论上讲，这可以作为通过模糊性的安全，但在实践中，这是很好的。

我从未见过垃圾邮件发送者试图破解这种技术，尽管可能每隔几个月我就会收到一个手动输入的主题垃圾邮件条目，这有点怪异。