BOT_vs_reCAPTCHA.pdf

Transcript

1. ©2018 Wantedly, Inc. BOT vs reCAPTCHA 05.July.2018 - Ұᑍ୺੅ and

   Human vs reCAPTCHA

2. ©2018 Wantedly, Inc. ࣗݾ঺հ Ұᑍ
   ୺੅
   !IB[VNJSS
   !SFSPTU
   8FC
   "QQMJDBUJPO
   &OHJOFFS
   3BJMT
   3FBDU
   ʜ
   

   ۴࿏ߴઐ
   
   ஜ೾େֶ
   
   8BOUFEMZ

3. ©2018 Wantedly, Inc. BOTͷରࡦͯ͠·͔͢ʁ

4. ©2018 Wantedly, Inc. BOTʹΑΔ߈ܸ ໨త: ECαΠτͳͲ΁ͷSEO໨త ஫ҙ: emailೝূ΋௨ΔBOT͕͍Δ

5. ©2018 Wantedly, Inc. BOTʹΑΔ߈ܸ ໨త: ECαΠτͳͲ΁ͷSEO໨త ஫ҙ: emailೝূ΋௨ΔBOT͕͍Δ https://en.wikipedia.org/wiki/CAPTCHA

6. ©2018 Wantedly, Inc.

7. ©2018 Wantedly, Inc. SF$"15$)"

8. ©2018 Wantedly, Inc.

9. ©2018 Wantedly, Inc. ϑϩϯτΤϯυ https://developers.google.com/recaptcha/docs/invisible#auto_render <html> <head> <title>reCAPTCHA demo: Simple

   page</title> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <script> function onSubmit(token) { document.getElementById("demo-form").submit(); } </script> </head> <body> <form id='demo-form' action="?" method="POST"> <button class="g-recaptcha" data-sitekey="your_site_key" data-callback='onSubmit'>Submit</button> <br/> </form> </body> </html>

10. ©2018 Wantedly, Inc. ϑϩϯτΤϯυ https://developers.google.com/recaptcha/docs/invisible#auto_render <html> <head> <title>reCAPTCHA demo: Simple

    page</title> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <script> function onSubmit(token) { document.getElementById("demo-form").submit(); } </script> </head> <body> <form id='demo-form' action="?" method="POST"> <button class="g-recaptcha" data-sitekey="your_site_key" data-callback='onSubmit'>Submit</button> <br/> </form> </body> </html>

11. ©2018 Wantedly, Inc. JSͰόϦσʔγϣϯ͍ͨ͠ͱ͖͸ʁ

12. ©2018 Wantedly, Inc. ϑϩϯτΤϯυ ࢀߟ: https://developers.google.com/recaptcha/docs/invisible#programmatic_execute <html> <head> <title>reCAPTCHA demo:

    Simple page</title> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <script> function onSubmit(token) { document.getElementById("demo-form").submit(); } function onClick() { // όϦσʔγϣϯΛߦ͏ grecaptcha.execute(); } </script> </head> <body> <form id='demo-form' action="?" method="POST"> <div class="g-recaptcha" data-sitekey="your_site_key" data-callback="onSubmit" data-size="invisible"> </div> <button onClick="onClick" /> </form> </body> </html>

13. ©2018 Wantedly, Inc. ϑϩϯτΤϯυ ࢀߟ: https://developers.google.com/recaptcha/docs/invisible#programmatic_execute <html> <head> <title>reCAPTCHA demo:

    Simple page</title> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <script> function onSubmit(token) { document.getElementById("demo-form").submit(); } function onClick() { // όϦσʔγϣϯΛߦ͏ grecaptcha.execute(); } </script> </head> <body> <form id='demo-form' action="?" method="POST"> <div class="g-recaptcha" data-sitekey="your_site_key" data-callback="onSubmit" data-size="invisible"> </div> <button onClick="onClick" /> </form> </body> </html>

14. ©2018 Wantedly, Inc. αʔόαΠυ ࢀߟ: https://developers.google.com/recaptcha/docs/verify conn = Faraday.new(:url =>

    'https://www.google.com/') res = conn.post '/recaptcha/api/siteverify', { :secret => ‘RECAPTCHA_SECRET_KEY’, :response => ‘RECAPTCHA_TOKEN’ } is_bot = JSON.parse(res.body)["success"]

15. ©2018 Wantedly, Inc. αʔόαΠυ https://github.com/ambethia/recaptcha/

16. ©2018 Wantedly, Inc. αΫοͱಋೖͰ͖Δʂʁ

17. ©2018 Wantedly, Inc. αΫοͱಋೖͰ͖Δʂʁ => ಋೖͨ͠

18. ©2018 Wantedly, Inc. https://support.google.com/recaptcha/?hl=en#6081880

19. ©2018 Wantedly, Inc. ਓؒ΋஄͔Εͯ͠·͏

20. ©2018 Wantedly, Inc. wਓͰ΋#PUͱٙΘΕΔ͕࣌͋Δ
    w Ϣʔβʔʢਓʣ͕཭୤͢Δ
    w ஄͔Εͨͷ͕CPU͔ਓ͔ؒΘ͔Βͳ͍
    w#PUͷ਺Λࣄલʹௐࠪ͢Δ͜ͱ͕ࠔ೉ ͦͷޙɾɾɾ

21. ©2018 Wantedly, Inc. wਓͰ΋#PUͱٙΘΕΔ͕࣌͋Δ
    w Ϣʔβʔʢਓʣ͕཭୤͢Δ
    w ஄͔Εͨͷ͕CPU͔ਓ͔ؒΘ͔Βͳ͍
    w#PUͷ਺Λࣄલʹௐࠪ͢Δ͜ͱ͕ࠔ೉ ͦͷޙɾɾɾ

    SF$"15$)"
    WͰશͯղܾʂʁ

22. ©2018 Wantedly, Inc. SF$"15$)"
    W https://github.com/rerost/recaptcha_v3_demo

23. ©2018 Wantedly, Inc. SF$"15$)"
    W %&.0

24. ©2018 Wantedly, Inc. SF$"15$)"
    W // ਓؒ {"success"=>true, "challenge_ts"=>"2018-07-05T06:35:35Z", "hostname"=>"localhost", "score"=>0.9,

    “action"=>"demo"} // BOT {"success"=>true, "challenge_ts"=>"2018-07-05T06:36:36Z", "hostname"=>"localhost", "score"=>0.1, "action"=>"demo"}

25. ©2018 Wantedly, Inc. SF$"15$)"
    W // ਓؒ {"success"=>true, "challenge_ts"=>"2018-07-05T06:35:35Z", "hostname"=>"localhost", "score"=>0.9,

    “action"=>"demo"} // BOT {"success"=>true, "challenge_ts"=>"2018-07-05T06:36:36Z", "hostname"=>"localhost", "score"=>0.1, "action"=>"demo"}

26. ©2018 Wantedly, Inc. ·ͱΊ wSF$"15$)"ͷํ͕Ϣʔβʔͷख͕ؒݮΔ
    wW͸#PU͕஄͚Δ͕ίϯόʔδϣϯ͕Լ͕Γ͔Ͷͳ͍
    w ਓखͰ཭୤͕#05͔ਓ͔ؒͲ͏͔֬ೝ͠΍͍͢෦෼ʹಋೖͯ͠νΣοΫͨ͠
    w ݪҼ͸ը૾λΠϧ͕ग़Δ͜ͱʹΑΔϒϩοΫ
    

    wW͸#FUB൛͕ͩίϯόʔδϣϯ͸Լ͕Βͳ͍