NoBot - DevExpress/AjaxControlToolkit GitHub Wiki
NoBot is a control that prevents CAPTCHA-like bot/spam without user interactions. This approach is easier to bypass than the implementation that requires actual human intervention, but NoBot has the benefit of being completely invisible. NoBot is probably most relevant for low-traffic sites where blog/comment spam is a problem and 100% effectiveness is not required.
NoBot employs a few different anti-bot techniques: * Forcing the client's browser to perform a configurable JavaScript calculation and verifying the result as part of a postback. For example, the calculation may be simple numeric or may involve the DOM for added assurance that a browser is involved * Enforcing a configurable delay between a request sent to a form and the time it can be posted back. For example, a human is unlikely to complete a form in less than two seconds * Enforcing a configurable limit to the number of acceptable requests for each IP address per unit of time. For example, a human is unlikely to submit the same form more than five times in a minute. NoBot can be tested by violating any of the above mentioned techniques: posting back quickly, posting back many times, or disabling JavaScript in the browser.
Properties
| Name | Description |
|---|---|
| CutoffMaximumInstances | Optional maximum number of postbacks to allow by a single IP address within the cutoff window |
| CutoffWindowSeconds | Optional number of seconds specifying the length of the cutoff window that tracks previous postbacks from each IP address |
| ResponseMinimumDelaySeconds | Optional minimum number of seconds before which a response (postback) is considered valid |
Methods
| Name | Description |
|---|---|
| EmptyUserAddressCache() | Clears the user address cache |
| GetCopyOfUserAddressCache() | Returns a copy of the user address cache |
| IsValid() | Returns whether or not the user is valid |
| IsValid(state) | Returns whether or not the user is valid |
Events
| Name | Description |
|---|---|
| GenerateChallengeAndResponse | An optional EventHandler providing a custom implementation of the challenge/response code |
Methods
EmptyUserAddressCache()
Clears the user address cache
GetCopyOfUserAddressCache()
Returns a copy of the user address cache
IsValid(state)
Returns whether or not the user is valid
Params:
- state
- Type: NoBotState
- Description: NoBot state
IsValid()
Returns whether or not the user is valid