losirus — 2010-09-27T04:23:22-04:00 — #1
I am trying to write a php script to differentiate a real human visitor from a bot.
One idea I read about and what to use is having PHP print a page containing a invisible hyperlink to it's self.
This should make the links color purple or whatever a:visited color is set.
A bot does not render links, thus will not see color change. Therefore, if the links color changed we can be certain it is a real human and not a bot.
raffles — 2010-09-28T18:26:43-04:00 — #2
I don't think it'll just apply to colour, but everything. Basically, any properties for anchors will be reported by getComputedStyle as if the link hasn't been visited (i.e. ignoring any a:visited rules, whether in your stylesheet or the browser's default).
Also, your initial premise is not correct. Bots will frequently visit the same page more than once (I can tell from my server logs), sometimes just a few seconds apart.
I think you'd be better off using some other method. For example, using the onmousemove and onkeydown events to detect things only a human could be doing. But this will require some thought, including accessibility-wise. For example, you don't want to alienate people using screen readers.
raffles — 2010-09-27T17:12:32-04:00 — #3
I think you will run into problems with this. Mozilla has actually decided to stop people from being able to do this because malicious idiots were writing scripts that could exploit this in order to figure out what previous websites users had visited. Other browsers will/should probably do the same thing.
So I think you'd best think of something else. Still, kudos to you for trying to implement something that doesn't hinder the user experience, like captchas and such things do.
losirus — 2010-09-28T00:08:53-04:00 — #4
Thank you for responding. After reading, the article you linked to, I am convinced that Mozilla is throwing the baby out with the bath water.
Any ways, still is the basic premise of the idea still viable?