NoBot employs a few different anti-bot techniques:
- Forcing the client's browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the DOM for added assurance that a browser is involved)
- Enforcing a configurable delay between when a form is requested and when it can be posted back. (Ex: a human is unlikely to complete a form in less than two seconds)
- Enforcing a configurable limit to the number of acceptable requests per IP address per unit of time. (Ex: a human is unlikely to submit the same form more than five times in one minute)
NoBot Properties
- OnGenerateChallengeAndResponse - Optional EventHandler
providing a custom implementation of the challenge/response code - ResponseMinimumDelaySeconds - Optional minimum number of seconds before which a response (postback) is considered valid
- CutoffWindowSeconds - Optional number of seconds specifying the length of the cutoff window that tracks previous postbacks from each IP address
- CutoffMaximumInstances - Optional maximum number of postbacks to allow by a single IP addresses within the cutoff window
Example (Thank sailajareddy for good article on his blog):
If all the checks are correct , then NoBotState will return “Valid” Message.
If within the time specified in "ResponseMinimumDelaySeconds" i.e 3 sec , if end user clicks on button more than once , it returns "InvalidResponseTooSoon".
“CutoffMaximumInstances” specifies number of post backs that can occur within time specified in "CutoffWindowSeconds" , so if end user clicks button more than 4 times
within 15 sec , then it returns "InValidAddressTooActive" message.
Happy coding,
0 nhận xét:
Đăng nhận xét