i am not a robot.jpg
本文隶属于 网站优化 分类,点击分类名称可以查看更多相关文章;


I. 主理人说

不出意外的话,大家都能在本博客任意网页右下角看到一个小标识,点击显示有 protected by reCAPTCHA 字眼;部署非常简单,但具体有什么用,我还未得到更多的数据。

II. 进阶学习

reCaptcha 即验证码;

还记得被 12306 支配的恐惧吗?
reCaptcha 亦是是一种图灵测试,简单来说是通过一系列行为验证以证明你是人(I'm not a robot);图灵测试,测的到底是什么?;(是啊,明明自己是造物主却要被自己所造之物反向验证...

验证码 验证逻辑:用户执行某个操作时(action),例如注册网站账户-系统(或API在你刷新网页的时候已经收集了足够的数据)根据一系列参数评测该操作风险系数-执行对应策略(例如输入验证码)-通过该策略则允许用户执行该操作;

图灵测试.pdf by 微软研究学院;
一文看懂图灵测试(附:图灵不为人知的5个故事);

III. reCaptcha v3 官方介绍

reCAPTCHA v3会为每个请求返回分数,而不会造成用户干扰。得分基于与您的网站的互动情况,使您能够对网站采取适当的措施。

官网https://www.google.com/recaptcha
管理员中心https://www.google.com/recaptcha/admin

reCAPTCHA: Easy on Humans, Hard on Bots

We are excited to introduce reCAPTCHA v3, which helps you detect abusive traffic on your website without any user friction. It returns a score based on the interactions with your website and provides you more flexibility to take appropriate actions. See blog for more details.

点击关闭说明

Over the last decade, reCAPTCHA has continuously evolved its technology. In reCAPTCHA v1, every user was asked to pass a challenge by reading distorted text and typing into a box. To improve both user experience and security, we introduced reCAPTCHA v2 and began to use many other signals to determine whether a request came from a human or bot. This enabled reCAPTCHA challenges to move from a dominant to a secondary role in detecting abuse, letting about half of users pass with a single click. Now with reCAPTCHA v3, we are fundamentally changing how sites can test for human vs. bot activities by returning a score to tell you how suspicious an interaction is and eliminating the need to interrupt users with challenges at all. reCAPTCHA v3 runs adaptive risk analysis in the background to alert you of suspicious traffic while letting your human users enjoy a frictionless experience on your site.

在过去的十年中,reCAPTCHA不断发展其技术。在reCAPTCHA v1中,要求每个用户通过阅读变形的文本并在框中键入内容来通过挑战。为了改善用户体验和安全性,我们引入了reCAPTCHA v2,并开始使用许多其他信号来确定请求是来自人类还是来自机器人。这样一来,reCAPTCHA挑战就可以在检测滥用情况中从主导角色转变为次要角色,只需单击一下就可以让大约一半的用户通过。现在,通过reCAPTCHA v3,我们从根本上改变了网站测试人类与机器人活动的方式,方法是返回一个分数以告诉您交互的可疑程度,而无需再打扰用户。 reCAPTCHA v3在后台运行自适应风险分析,以提醒您可疑的流量,同时让人类用户在您的网站上享受无摩擦的体验。

参考:https://webmasters.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html

IV. reCaptcha v3 部署

Typecho reCAPTCHAv3插件

https://github.com/D-Bood/reCAPTCHAv3

手动部署

简单三步,1.注册账号,2.注册新网站(为你的网站注册)以获取网站密钥密钥,3.在页面部署官方提供的API;

1.https://www.google.com/recaptcha/admin
2.右上角+号,点击即可创建(注册新网站);

查看图示

reCaptcha - 注册.png

reCaptcha 密钥.jpg

V. 前端集成

1.只需将这段代码部署在网页的 之间即可;
2.跟部署 Google analytics 的操作方法一样;

<script src="https://www.google.com/recaptcha/api.js?render=_reCAPTCHA_site_key"></script>
<script>
grecaptcha.ready(function() {
    grecaptcha.execute('_reCAPTCHA_site_key_', {action: 'homepage'}).then(function(token) {
       ...
    });
});
</script>

*注意action后的参数:homepage ,可在操作文档中查看更多可执行动作(即根据得分执行什么操作:低分用户将会收到验证码?还是只记录用户得分;)

参考操作文档:https://developers.google.com/recaptcha/docs/v3

点击展开查看更多参数

Interpreting the score

reCAPTCHA v3 returns a score (1.0 is very likely a good interaction, 0.0 is very likely a bot). Based on the score, you can take variable action in the context of your site. Every site is different, but below are some examples of how sites use the score. As in the examples below, take action behind the scenes instead of blocking traffic to better protect your site.

项目1 项目2
Use case Recommendation
homepage See a cohesive view of your traffic on the admin console while filtering scrapers.
login With low scores, require 2-factor-authentication or email verification to prevent credential stuffing attacks.
social Limit unanswered friend requests from abusive users and send risky comments to moderation.
e-commerce Put your real sales ahead of bots and identify risky transactions.

reCAPTCHA learns by seeing real traffic on your site. For this reason, scores in a staging environment or soon after implementing may differ from production. As reCAPTCHA v3 doesn't ever interrupt the user flow, you can first run reCAPTCHA without taking action and then decide on thresholds by looking at your traffic in the admin console. By default, you can use a threshold of 0.5.

Actions

reCAPTCHA v3 introduces a new concept: actions. When you specify an action name in each place you execute reCAPTCHA, you enable the following new features:

  • A detailed break-down of data for your top ten actions in the admin console
  • Adaptive risk analysis based on the context of the action, because abusive behavior can vary.

Importantly, when you verify the reCAPTCHA response, you should verify that the action name is the name you expect.

reCaptcha 后台记录.png

VI. handsome 主题用户

1.handsome 主题用户 - 设置外观 - 自定义输出head 头部的HTML代码 - 粘贴代码即可;

最后修改:2023 年 03 月 23 日 04 : 21 PM