"
ASP.NET (snapshot 2017) Microsoft documentation and samples

Fighting Bots (VB)

by Christian Wenz

Download Code or Download PDF

Automated bots plaster weblogs and other websites with spam, submitting comment forms without any user interaction. The NoBot control in the ASP.NET AJAX Control Toolkit can help fight those bots.

Overview

Automated bots plaster weblogs and other websites with spam, submitting comment forms without any user interaction. The NoBot control in the ASP.NET AJAX Control Toolkit can help fight those bots.

Steps

One common approach to defeat bots is to use CAPTCHAs Completely Automated Public Turing test to tell Computers and Humans Apart. A Turing test was originally a test where someone needed to decide whether a communication partner is a human or a machine. In the web, a CAPTCHA usually consists of an image with some distorted letters on it. The idea is that only a human can read the letters on the image, whereas OCR algorithms will fail.

There are several advantages and disadvantages to this approach, but a discussion of this is beyond the scope of this tutorial. There is however a control in the ASP.NET AJAX Control Toolkit which provides a similar approach: NoBot. It is easier to overcome than a CAPTCHA, but is very easy to use and fares extremely well on websites like blogs where it is considered a success if most spam attempts are defeated, which the NoBot control can do.

NoBot intercepts the postback of the current ASP.NET web form if at least one of these conditions is met:

In order to check for these conditions, the NoBot control requires these attributes (all of them optional):

The following markup demands that at least two seconds elapse between postbacks and that there are only five postbacks or less within a 30 seconds interval:

[!code-aspxMain]

   1:  <ajaxToolkit:NoBot ID="nb" runat="server" CutoffMaximumInstances="5"
   2:   CutoffWindowSeconds="30" ResponseMinimumDelaySeconds="2" />

Then as usual make sure to include the ScriptManager in the page so that the ASP.NET AJAX library is loaded and the Control Toolkit can be used:

[!code-aspxMain]

   1:  <asp:ScriptManager ID="asm" runat="server" />

Since most of the checks NoBot is doing occur on the server side, you need to check the result of these validations. This can be done by calling NoBot’s IsValid() method. It has one argument (as an out parameter/ByRef parameter) which is of type NoBotState. Its string representation contains the reason when the check fails and Valid otherwise. The following code outputs a message according to NoBot’s result:

[!code-aspxMain]

   1:  <script runat="server">
   2:   Sub Page_Load()
   3:   If Page.IsPostBack Then
   4:   Dim state As NoBotState
   5:   If Not nb.IsValid(state) Then
   6:   Label1.Text = "Data refused (" + HttpUtility.HtmlEncode(state.ToString()) + ")"
   7:   Else
   8:   Label1.Text = "Data entered."
   9:   End If
  10:   End If
  11:   End Sub
  12:  </script>

Finally, you need a form to submit and a label element to output the message, and you are done!

[!code-aspxMain]

   1:  Your comment:
   2:  <asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine"/><br />
   3:  <input type="submit" id="Submit1" runat="server" value="Submit Form" /><br />
   4:  <asp:Label ID="Label1" runat="server" />

When you run this script and deactivate JavaScript or submit the form within the first two seconds or submit the form seven times within thirty seconds, you will get an error message. However use this control wisely, since only about 90-95% of users have JavaScript activated, therefore 5-10% of users will fail NoBot’s test.

This error message could have been caused by a bot

This error message could have been caused by a bot (Click to view full-size image)

Previous



Comments ( )
Link to this page: //www.vb-net.com/AspNet-DocAndSamples-2017/aspnet/web-forms/overview/ajax-control-toolkit/nobot/fighting-bots-vb.htm
< THANKS ME>