3

I'm developing a robot click protection. Of course, it is far from perfect. It is just an extra layer of security as the main protection involves server side log analysis.

Have you any ideas how I could use javascript to detect a fake click fired using javascript? And also, how could a user simulate a perfect, realistic and undetectable human click using javascript?

Paweł Obrok
  • 22,568
  • 8
  • 74
  • 70
Bellum
  • 175
  • 1
  • 10
  • 2
    Calculate the time between mousedown and mouseup, if too regular : bot. – Florian F. Apr 04 '14 at 13:03
  • Why would he use javascript for that? The browser cannot determine whether the system click even comes from a bot or the mouse. – Bergi Apr 04 '14 at 13:03
  • @FlorianF.: I'd assume even mousedown-mouseup triggered by a human are pretty regular for a single or double click. They might not be for drag&drop actions. Also, clicks triggered by taps on touchpads etc. have a constant timing as well. – Bergi Apr 04 '14 at 13:06
  • in javascript, a bot can easily just say: `$("#selector").click();` and it will click stuff. Since deviation between users (humans) are too sporatic, you would want to check to see if mousedown and up are under something like 5ms or something rediculously fast. – Fallenreaper Apr 04 '14 at 13:06
  • 4
    @Fallenreaper: You could easily distinguish that by using [`e.isTrusted`](http://www.w3.org/TR/DOM-Level-3-Events/#trusted-events) – Bergi Apr 04 '14 at 13:12
  • 1
    See http://stackoverflow.com/questions/6674669/in-jquery-how-can-i-tell-between-a-programatic-and-user-click – simon Apr 04 '14 at 13:15
  • i never heard of that before. AWESOME! Thanks for that. – Fallenreaper Apr 04 '14 at 13:16
  • 1
    @Bergi Actually, [not really](http://jsfiddle.net/floo51/fXUT3/2/). Though `e.isTrusted` seems to be a lot more accurate to the situation. – Florian F. Apr 04 '14 at 13:33
  • @FlorianF.: By fast-clicking, I got to produce sequences like `51, 47, 22, 22, 47, 47, 47, 46, 34, 47, 47, 22, 47, 59, 46, 47, 34, 34, 35, 47, 57, 34, 34, 34, 34, 34, 88, 35, 35, 23, 35, 47`. Not exactly constant, but a detection system would not be trivial (and bots could simply use random timing). Btw, when tapping on my laptop's touchpad I'm getting constant times between `122` and `123`. – Bergi Apr 04 '14 at 13:51

0 Answers0