admin管理员组

文章数量:1294687

I would like to know more about the solutions to restrict registering for a website for humans only.

Captcha may seem a proper solution but as it turns out it's not as good as it sounds. And it's not a problem if a solution is not an option for blind, deaf people etc..

I would like to know more about the solutions to restrict registering for a website for humans only.

Captcha may seem a proper solution but as it turns out it's not as good as it sounds. And it's not a problem if a solution is not an option for blind, deaf people etc..

  • javascript
  • security
  • registration
  • humanize
Share Improve this question asked Sep 18, 2012 at 18:20 Adam HalaszAdam Halasz 58.3k67 gold badges153 silver badges216 bronze badges 2
  • 1 CAPTCHA is evil! Usually takes me several tries to find something I stand a chance of reading. – Jeremy J Starcher Commented Sep 18, 2012 at 18:35
  • The best way to prevent fake registration is to not have registration. – Shmiddty Commented Sep 18, 2012 at 18:50
Add a ment  | 

5 Answers 5

Reset to default 4

My newest web app uses a process that makes this really easy for the user and secure for me.

  1. User goes to login page, enters their email address and clicks an "I am signing up" checkbox.
  2. The user clicks "register", their email address gets inserted to a temporary SQL table (called signups) and an email with a verification link is sent to the email address.
  3. The user clicks the verification link which takes them to a "create password" page.
  4. After the user creates his password, the email address and password are inserted into the users table–and the entry in the signups table is deleted.

This makes it easy and reliable.

The signups table also includes a random SHA1 hash (for the verification link), a timestamp set for 12 hours after the sign up, and IP Address.

All entries in the signups table that have an expired timestamp get removed at certain parts of the day.

Update

Since writing this answer, I have found that keeping a signup form secure from robots is a never-ending battle.

As time goes on, new technologies and methods are being developed to circumvent security measures. The best thing any dev team can do is periodically be checking the quality of signups, and thinking of ways to make their signup form both more secure and intuitive to use.

Yeah, it is a good bit of work and resources that go into it, but having confidence in your signup form and quality of signups is well worth the expense.

Depending on how targeted your site is, using a honeypot can be quite effective.

In short, you have a field on your form with a mon name -- let's say email. Your actual email field has some other random name like larp.

Hide the email field using CSS, and include a text label instructing users to leave that field blank, should they happen to see it.

If any registrations e in with the email field filled in, send a success message back then drop it.

Verifying the e-mail address and allowing only users who have verified their e-mails is the easiest and quickest solution.

You could have users listen to an audio file, and enter the word into a text box. That's what I wanted to do for phpBB3, but alas, they do not allow HTML markup for their verification questions. Alternatively, you can do defense in depth, and have a CAPTCHA be only part of the process.

Instead of captcha (typing in words displayed in an image) I've seen websites that require you to answer a question, usually basic math. I haven't implemented these, but I've seen them several places so it must be something that's a plugin for various CMSes and soforth.

Bottom line is, any system will eventually be circumvented. You can minimize bot-registrations, but I can tell you from experience that there are people out there who will pay other humans (who can pass just about any test) money to sign up for web sites - the pay is generally really poor, but there are always people who will find that acceptable.

So along with whatever solution you use, you'll want to periodically re-evaluate that solution, AND you'll want to have a human being review new registrations (maybe once a day?) to weed out the few 'bots that do get through.

本文标签: javascriptWhat are the best ways to prevent fake registrationsStack Overflow

版权声明:本文标题:javascript - What are the best ways to prevent fake registrations? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741605106a2387928.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。