How do I make sure my website can block automation scripts, bots?_问答_开发者

How do I make sure my website can block automation scripts, bots?

开发者 https://www.devze.com 2023-01-09 05:29 出处：网络

I\'d like to make sure that my website blocks automation tools like Selenium and QTP. Is there a way to do that ?

I'd like to make sure that my website blocks automation tools like Selenium and QTP. Is there a way to do that ? What settings 开发者_如何学编程on a website is Selenium bound to fail with ?

With due consideration to the comments on the original question asking "why on earth would you do this?", you basically need to follow the same strategy that any site uses to verify that a user is actually human. Methods such as asking users to authenticate or enter text from images or the like will probably work, but this will likely have the effect of blocking google crawlers and everything else.

Doing anything based on user agent strings or anything like that is mostly useless. Those are trivial to fake.

Rate-limiting connections or similar might have limited effectiveness, but it seems like you're going to inadvertently block any web crawlers too.

While this questions seems to be strange it is funny, so I tried to investigate possibilities

Besides adding a CAPTCHA which is the best and the only ultimate solution, you can block Selenium by adding the following JavaScript to your pages (this example will redirect to the Google page, but you can do anything you want):

<script>
var loc = window.parent.location.toString();
if (loc.indexOf("RemoteRunner.html")!=-1) {
  // It is run in Selenium RC, so do something
  document.location="http://www.google.com";
}
</script>

I do not know how can you block other automation tools and I am not sure if this will not block Selenium IDE

to be 100% certain that no automated bots/scripts can be run against your websites, don't have a website online. This will meet your requirement with certainty.

CAPTCHA are easy to break if not cheap, thanks to crowdsourcing and OCR methods.

Proxies can be found in the wild for free or bulk are available at extremely low costs. Again, useless to limit connection rates or detect bots.

One possible approach can be in your application logic, implement ways to increase time and cost for access to the site by having things like phone verification, credit card verification. Your website will never get off the ground because nobody will trust your site at it's infancy.

Solution: Do not put your website online and expect to be able to effectively eliminate bots and scripts from running.