topic

Protection of web-services against a spam

What see search engines at call on a site?

Reception of heading of the removed page

The script and processing of events in JavaScript

Processing of the events connected to windows, in language javascript

Concepts, terms and bases Java-skriptovanija

Protection of web-services against a spam

Many of you saw, that in guest books, forums, at registration of new users often in forms protection against robots - kriven`kie bukovki and ciferki is used. This kind of protection is called captcha., that in this occasion is said in Vikipedii:

CAPTCHA (English abbreviation from « Completely Automated Public Turing test to tell Computers and Humans Apart »...)-... The computer test, used to define{determine}, whether the person uses system... CAPTCHA is used to prevent if necessary use of Internet - services by bots, in particular, for prevention of automatic registration, uploading of files, mass dispatches, etc. more often.

I used this protection on the sites. However, somehow the link to a resource spamerov where it is resulted about 20 kinds captcha which their program can distinguish has got to me. On idea all is simple - to recollect programs of recognition of the text for scanners enough. An outline of the letter And as her{it} do not distort, all the same essentially do not change, differently the person writing the message in guest, too cannot learn{find out} her{it}.

Idea on creation something such, that the person can easily distinguish, and the robot never, is strong zasela in a head. To the first the example read once for a long time in the book, devoted has occurred to an artificial intellect: how to explain to the machine a difference between a cat and a dog. To the person enough one sight, and try to tell even, in what differences...

Pattern recognition - in what a computer will not yet soon be compared to the person. From here also there was an idea which now I bring to your attention.

We choose some pictures (the more - the better) on which various objects are represented. As in children's games - a ball, a floret, a tree, the machine. To each image we put in conformity his{its} name (text). Now it is necessary to show{present} the visitor of a site some pictures and with a number{line} to print the name of one of them with the request to click on her. In it also there is a main principle of this protection.

Understandably, that the robot can remember a picture (in fact them not infinite quantity{amount}) or simply to click yours in one of them until will guess - probability of hit very big. Cunnings here begin.

First, it is possible to show the whole picture, but only its{her} part. Agree, if you will see a mouth, a nose or an eye you unequivocally will understand, what is it the person. And for the machine are absolutely different a picture.

Second, to place our fragments on any background, to do{make} their translucent, it is possible even to block in part their friend the friend. The main thing that to the person all the same remained understandably where it is necessary to click.

And, thirdly, it is possible to ask to click not on one picture, and on some in the certain order. From it the probability of hit by the robot decreases for orders.

Example such captcha. I asked poklikat` all relatives, including children. Practically mistakes was not. Moreover, it looked as game (that, by the way, can involve in addition visitors on your site).

Some words about the technical party{side} of realization of this program - are used by me PHP with standard graphic library and absolutely a little bit Ajax. If there will be difficulties with a spelling of such script - can help.

I shall be glad to hear your opinions concerning such way of protection of web-forms from robots and a spam. Nibolee interesting from them will necessarily here are published.

Probably, someone knows about similar methods of protection - write. My searches on the Internet have not crowned success...

Also I shall be grateful, if you, having used this of ideas, will put the link to given clause{article}.

SSI - that, when, how?

The basic, the elementary, but at the same time extremely powerful tool of support of the big sets of documents is SSI (Server-Side Includes - inclusions on the party{side} of the server). If someone from you knows Si he quickly will understand, that SSI is extremely similar to the macrolanguage. With help SSI it is possible not only to deduce{remove} the certain parts of the document depending on some conditions, not only to form the document of beforehand certain slices, but also to insert result of job of the some CGI the script or the program directly into the document.

Not looking at a word order in heading (that when and as) we all over again shall tell "as, and then we shall already pass to "when".

In standard distribution kit Apache there is a module mod_include. Since version 1.2 he has the expanded quantity{amount} of directives and called - XSSI (eXtended SSI). By default he is switched on in compilation.

Inclusion of mechanism Server-Side Includes

Any document at which it will be established obrabotchik "server-parsed" will be scanned by this module if the option "Includes" is switched on. If you have small quantity{amount} of documents with SSI it is the best way httpd.conf to specify the following in a file:

AddType text/html .shtml

AddHandler server-parsed .shtml

And to establish at such files expansion .shtml. If all or nearly so all documents will have SSI directives it is better to specify in a file of a configuration:

AddHandler server-parsed .html

Also do not forget to switch on in options of a directory of the site option Includes:

Options +Includes

Certainly this line can be and other options necessary to you.

Base directives

SSI directives are included in HTML the document as comments (it does not prevent you to use usual comments). Sintaks commands has the following kind:

<! - *element attribute=value attribute=value...->

Very much often value is located in double inverted commas. Some commands allow to have only one pair attribute - value. Pay attention, that the final part of the comment (->) should be separated from the directive a blank, differently she will be perceived{recognized}, as its{her} part.

Let's consider certain{determined} in Apache elements SSI:

* config - supervises various aspects of scanning. His{its} attributes can be:

* errmsg - establishs communication, deduced{removed} at occurrence of a mistake; in most cases it is expedient to establish in an empty line;

* sizefmt - establishes a format in which the size of a file will be deduced{removed}. The format corresponds{meets} transmitted to a library function strftime;

* timefmt - establishes a format in which date will be deduced{removed}.

* echo - deduces value of established variable SSI. Allowable attribute is var.

* fsize - deduces the size of a file in certain{determined} with the help sizefmt a format. Allowable attributes:

* file - defines{determines} a way to a file, be relative skaniruemogo the document;

* virtual - defines{determines} standard coded URL, be relative skaniruemogo the document, or, at presence in the beginning of a slash (/) - concerning a root of documents of the site.

* flastmod - deduces date of last updating of a file in certain{determined} with the help timefmt a format. Attributes are similar to attributes fsize.

* include - includes the text of other document or a file in skaniruemyj a file. To an included file all established rules of restriction of access are applied. If for the catalogue from which the file is included, option IncludesNOEXEC is established, and inclusion of the given document would lead to to start of the program the document is not included, and the message on a mistake is deduced. CGI scripts are caused, as is usual with help URL which can contain the coded line of search (query string). Position of a file is underlined with the help of attributes:

* file - specifies a way, be relative skaniruemogo the document; the way cannot contain../Also cannot be absolute way; it is always more preferable to use attribute virtual;

* virtual - contains coded URL, relative or absolute; URL cannot contain a name of the report or the host name, and can contain a line of search.

* printenv - deduces contents of variables of an environment. It is caused without parameters.

* set - establishes value of a variable. Its{her} attributes are var, determining a name of a variable, and value, determining its{her} value.

Variable inclusions

In addition to standard environments CGI, module SSI does{makes} accessible to directives and conditions, and also for caused through SSI scripts the following variables:

* DATE_GMT - current time across Greenwich;

* DATE_LOCAL - current local (for the server) time;

* DOCUMENT_NAME - a name of a file (without catalogues) the document requested by the user;

* DOCUMENT_URI - decoded URL the document requested by the user;

* LAST_MODIFIED - date of last updating of the document requested by the user. That is in enclosed SSI this variable will contain a name of the "main" document, instead of enclosed.

Substitution of variables

Substitution of variables is made inside the quoted lines in the majority of arguments SSI of directives. In these cases the sign on dollar can be inserted, having anticipated it{him} sleshom:

<! - *if expr = " $ a = $test "->

For prevention of an ambiguity it is possible to conclude a name of a variable in braces:

<! - *set var = "Zed" value = " $ {a} bc _ $ {abc} "->

As a result of such assignment variable Zed will matter "Xbc_Y" if the variable a is equal X, and the variable abc is equal Y.

Conditional operators

Base elements of the control are:

<! - *if expr = "test_condition"->

<! - *elif expr = "test_condition"->

<! - *else->

<! - *endif->

Elements elif and else are unessential.

The element endif finishes an element if and is obligatory.

test_condition Can be one of the following:

string - it is true, if string it is not empty;

string1 = string2

string1! = string2

string1 <string2

string1 <= string2

string1> string2

string1> = string2

- Truly, if the condition of comparison satisfies. If string2 has the form/string / then she is interpreted as reguljatnoe expression. Their syntax is similar to syntax of regular expressions in Unix to egrep command;

(test_condition) - it is true, if test_condition it is true;

! test_condition - it is true, if test_condition it is false;

test_condition1 ** test_condition2 - it is true, if both test_condition1, and test_condition2 are true;

test_condition1 || test_condition2 - it is true, if even test_condition1 or test_condition2 it is true.

"=" and "! = " have the greater priority, than "*" and "||", and "!" Has the best priority.

Everything, that is not distinguished, as a variable, it is considered line. If the line has blanks or symbols of tabulation she{it} should be quoted.

Practical use SSI

First widespread application SSI is introduction in the document of the certain dynamic piece of a marking. As axioms counters of visitings, citations or banners of advertising networks can serve. In any case, whether it be the line of the text or the whole table, an insert is made with the help of include directive placed in that place where the piece of a marking should be inserted:

<html>

<body>

<p> The document with a banner in the bottom of page </p>

<! - *include virtual = "/cgi-bin/ibanner.pl? webclub "->

</body>

</html>

The program or script CGI, inserted with help SSI, differs nothing from standard CGI programs except that the whole document but only a piece of a marking should be given out not.

The text of the mentioned above script:

*!/usr/local/bin/perl

$login = $ ENV {"QUERY_STRING"};

print " Content-type: text/htmlnn ";

($IP) = ($ENV {"REMOTE_ADDR"} = ~s/. // g);

srand ($$ + $IP+time);

$seed=int rand (10000000);

print " <a href = " http: // www.reklama.ru/cgi-bin/href / $ login? $seed "> n ";

print " <img src = " http: // www.reklama.ru/cgi-bin/banner / $ login? $seed "

width=468 height=60 border=0> n ";

print " </a> n ";

Apparently from an example even in included scripts it is necessary to deduce{remove} HTTP heading.

As a result of scanning our elementary document to the user it will be returned approximately (to within a random variable) the following document:

<html>

<body>

<p> The document with a banner in the bottom of page </p>

<img src = " http: // www.reklama.ru/cgi-bin/banner/webclub? 348593 "

width=468 height=60 border=0>

</a>

</body>

</html>

Second widespread application SSI is formation of page from a pattern. In the elementary case is a document in the beginning and which end are inserted a cap and koncevik:

<html>

<head>

</head>

<! - *include virtual = "/ssi/header.html "->

<p> A certain text </p>

<! - *include virtual = "/ssi/global_menu.html "->

<! - *include virtual = "/ssi/footer.html "->

</body>

</html>

Inserted blocks not necessarily should be finished, for example, header.html can come to an end a tag <td>, and global_menu.html or footer.html to begin with a tag </td>. Thus, what navorochennymi would not be a cap and koncevik the document, the edited document looks extremely simply, and it{he} is easy for editing.

Only using SSI you can reserve in a few minutes appearance or update system of navigation on the site having hundreds or thousand of documents and so, what is it will pass without serious consequences for users of the site since you only is required need some files, and the rest for you will make the server.

In connection with all aforesaid one rule is born: it is desirable to build a semantic part of the document so that she did not rely in any way on contents of caps and koncevikov. In this case you can easily proceed{pass} from the tabulared organization of pages on consecutive or on sloevuju.

Now we shall result an example of the file inserted in the beginning of each document of the server http://www.citforum.ru/. Feature of the server is that each section has the base color, and all this is created by this unique file:

</head>

<! - *if expr = " $ DOCUMENT_URI = // internet // "->

<body bgcolor = " * FFFFFF " link = " * 099771 " vlink = " * 006741 "

alink = " * 800000 " text = " * 000000 ">