我正在创办一家基本上为网站服务的创业公司。对不起,我无法透露有关创业的细节。
我需要一些关于垃圾邮件发送者和cralwer开发者如何反对攻击某些网站的想法。如果可能的话,那么也是一种防止此类攻击的方法。
我们提出了一些基本想法:
1. Include a small JS file in the sites that would send an ACK on our servers ones all the assets are loaded. Like some crawlers/bots only come to websites and download specific stuff like images or articles. In such cases, our JS won't be triggered. And when we study our logs, which will have a record of resources requested by the particular IP and if out JS was triggered or not. We can then whitelist or blacklist IP's based on the study.
2. Like email services do, we will load a 1x1 px image on the client side via an API call. In simple words, we won't add the "img" tag directly in out HTML, but rather a JS that calls an API on our server that returns the image to the client.
3. We also have a method to detect Good bots like that of google which indexes our pages. So we can differentiate between good bots and bad bots that just waste our resources.
我们处于非常基础的水平。事实上,我们现在所做的所有代码都是在弹性搜索中记录该IP请求的IP和资产。 所以我们需要关于人们如何通过cralwers / bots /等垃圾邮件/抓取网站的想法。所以我们可以提出一些解决方案。如果可能的话,还请提及利弊以及如何防范您的想法。
提前致谢。如果你分享你的想法,你将会帮助一个创业公司做很多好事。