An interesting way to protect against bots
I stumbled here recently on the same site for a way to protect against bots without using captcha and javascript.
It's very simple - just add a hidden field with a character encoded in an HTML entity (for example, & amp; copy; & amp; # 151; etc.). The fact is that the browser having found such a symbol converts it before sending it to the usual one, and the robot using the form parser can send the encoded one (and I have my own form parser and he would do just that). When checking the form, it is enough just to see the length of the string in this field. If the person sent it, it will be equal to the number of characters in the string, and if there is not much more.
So such a solution, although not providing serious protection, may well be used in those cases if something more difficult cannot be used.
PS example
PPS It turns out I have an article in the drafts here about the methods of protection against bots and their workarounds, is it worth adding?
It's very simple - just add a hidden field with a character encoded in an HTML entity (for example, & amp; copy; & amp; # 151; etc.). The fact is that the browser having found such a symbol converts it before sending it to the usual one, and the robot using the form parser can send the encoded one (and I have my own form parser and he would do just that). When checking the form, it is enough just to see the length of the string in this field. If the person sent it, it will be equal to the number of characters in the string, and if there is not much more.
So such a solution, although not providing serious protection, may well be used in those cases if something more difficult cannot be used.
PS example
PPS It turns out I have an article in the drafts here about the methods of protection against bots and their workarounds, is it worth adding?
')
Source: https://habr.com/ru/post/66732/
All Articles