blocks|key|3696015|text|由WebKit或其他浏览器核心的代码包装器组成的垃圾邮件可以强制DOM+"submit()“运行，或者(更激进的)只是启动它自己的POST事务。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3696016|最好将垃圾邮件想象成一个功能强大的邪恶机器人，它的浏览器不遵守任何通过原子能束附加到其机器人大脑的规则。但它是一个阅读能力不强的机器人。|3696017|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

A spambot that consists of a code wrapper around WebKit or some other browser core can just force the DOM "submit()" to be run, or (even more radical) just launch a POST transaction of its own.

It's best to think of a spambot as a massively powerful evil robot with a browser that follows no rules attached by atomic energy beams to its robot brain. But it's a robot that can't read very well.

blocks|key|5808961|text|一个机器人肯定能找到你的post按钮，即使是很少见的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5808962|一种非常流行的方法有点像您正在尝试的是创建一个蜜罐表单元素。表单上的可编辑蜜罐字段对用户是不可见的(您可以使用jQuery/CSS隐藏这些表单元素)。它们在表单数据发布时进行验证，如果它们包含任何输入，则提交者必须是某种机器人。|5808963|使用模糊的字段名称和验证也可以阻止这些机器人。如果电子邮件字段必须有@符号，而机器人无法区分哪个字段是电子邮件，哪个字段不是，那么它成功发帖的机会就大大降低了。|5808964|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

A bot most definitely will be able to find your post button, if only infrequently. 

A very popular method sort of like what you are trying is to create a honeypot form element. The editable honeypot fields on the form are invisible to people (you can use jQuery/CSS to hide these form elements). They are validated when the form data is posted and if they contain any input then the submitter must be a bot of some sort.

Using obscured field names, and validation can also stop these bots. If the email field must have an @ sign, and the bot can't tell which field is email and which isn't, the chances it will make a successful post have been greatly reduced.

blocks|key|2462828|text|是的，这是可能的，机器人不需要提交按钮。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2462829|如果你有(伪have+)：|2462830|<form+action="POST"+target="posting.php">
<input+name="something"/>

</form>|code-block|syntax|javascript|2462831|机器人可以简单地解析表单中的form标记和字段名称，并自行发出POST，而无需触摸submit按钮。|offset|length|style|CODE|2462832|entityMap^0|0|0|0|E|4|V|4|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|R|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|S|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|T|8|@$K|U|L|V|M|N]|$K|W|L|X|M|N]]|9|@]|A|$]]|$1|O|3|-4|5|6|7|Y|8|@]|9|@]|A|$]]]|P|$]]

Yes, it would be possible, a bot doesn't need a submit button.

If you have (pseudohtml):

<pre><code>&lt;form action="POST" target="posting.php"&gt;
&lt;input name="something"/&gt;
&lt;!-- some logic for the submit button --&gt;
&lt;/form&gt;
</code></pre>

The bot could simply parse the <code>form</code> tag and the names of the fields in the form and issue the <code>POST</code> on its own, without ever touching the submit button.

blocks|key|3696051|text|是的，他们可以。按钮并不是完全需要的：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3696052|$('#form_id').submit();+/*+This+is+a+jQuery+trigger+*/|code-block|syntax|javascript|3696053|但机器人可能会很麻烦，会向您的服务器发出自己的POST请求，因为这并不难做到。|3696054|但是，如果您使用jQuery创建了一个带有保密值(服务器知道并为每个会话动态检索)的<input+type="hidden"+/>，并且只有在该值存在的情况下才接受提交，那么您将停止所有不支持JS的bot。|offset|length|style|CODE|3696055|缺点是你会阻止不支持JS的用户使用你的网页。但这是一场持续不断的战斗，要杀死垃圾邮件发送者...|3696056|entityMap^0|0|0|0|16|N|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|T|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|U|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|V|8|@$K|W|L|X|M|N]]|9|@]|A|$]]|$1|O|3|P|5|6|7|Y|8|@]|9|@]|A|$]]|$1|Q|3|-4|5|6|7|Z|8|@]|9|@]|A|$]]]|R|$]]

Yes, they can. The button isn't completely needed:

<pre><code>$('#form_id').submit(); /* This is a jQuery trigger */
</code></pre>

But the bot could be nasty and issue its own POST request to your server, as it's not that hard to do.

But if you created an <code>&lt;input type="hidden" /&gt;</code> with a secret-ish value (known by the server and retrieved dynamically for each session) with jQuery and only accepted submits if that value was present, you'd stop all non-JS enabled bots.

The downside is that you'd prevent non-JS enabled users from using your webpage. But that's the constant battle you have to fight to kill the spammers...

blocks|key|2469663|text|通常，我们会创建一个隐藏字段，并使用"FirstName“这样的”吸引人的“名称。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2469664|然后，在代码背后，我们运行类似这样的代码：|2469665|if+FirstName.text+<>+""+Then

++++<insert+your+"what+I+want+to+happen"+code.+maybe+a+popup+saying+"oops+an+error+has+been+made"+or+just+not+submit+the+form.++maybe+redirect+to+a+fake+error+page.+like

++++response.redirect("thisisabot.aspx")

endif|code-block|syntax|javascript|2469666|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|L|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|M|8|@]|9|@]|A|$G|H]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

Typically we make a hidden field with a "juicy attractive" name like "FirstName".

Then in codebehind we run something like:

<pre><code>if FirstName.text &lt;&gt; "" Then

 &lt;insert your "what I want to happen" code. maybe a popup saying "oops an error has been made" or just not submit the form. maybe redirect to a fake error page. like

 response.redirect("thisisabot.aspx")

endif
</code></pre>

blocks|key|558805|text|由于我从来没有编写过垃圾邮件机器人，所以我只能做一些假设。但是我假设提交按钮的存在并不会有多大的不同。更有可能的是，它正在查看<form>-tag，并根据它来确定应该在哪里发出POST/GET请求。一个更好的选择(但绝不是万无一失的)是不使用<form>，而是在您选择的按钮或链接被单击时手动执行一个$.post+(因为您提到使用jQuery)，从元素中动态收集后期数据。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|558806|entityMap^0|1R|6|3D|6|0^^$0|@$1|2|3|4|5|6|7|H|8|@$9|I|A|J|B|C]|$9|K|A|L|B|C]]|D|@]|E|$]]|$1|F|3|-4|5|6|7|M|8|@]|D|@]|E|$]]]|G|$]]

Having never coded a spam bot, I can only make assumptions. But I would assume the presence of a submit button wouldn't really make much difference. More likely, it's looking at the <code>&lt;form&gt;</code>-tag and determining based on that where if should make a POST/GET request. A better bet (but by no means fool-proof) would be to not use a <code>&lt;form&gt;</code>, but manually do a $.post (since you mentioned using jQuery) when a button or link of your choice is clicked, collecting POST-data from elements on the fly.

blocks|key|5809019|text|不需要呈现submit按钮，因为数据通常是从远程服务器发送的，而不是从页面本身填写的。验证码是可怕的，有时它是如此的不清楚，以至于我不明白它在说什么。我同时使用了三种方法来阻止机器人。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5809020|ignored.|5809021|Another+|unordered-list-item|5809022|
|5809023|将表单的源IP地址与目标IP地址进行比较，如果它们不匹配，则不会进行进一步的处理。|5809024|5809025|由CSS隐藏并留空的字段，如果已填写，则它是机器人，并且是在提交表单时由JavaScript接收预定值的bot字段。不匹配，不做进一步处理。|5809026|5809027|我还将IP地址的尝试记录到一个数据库表中。尝试失败了一次、两次或所有测试。|5809028|然而，阻止血汗工厂垃圾邮件发送者完全是另一回事。血汗工厂垃圾邮件发送者是被廉价雇用来手动发送垃圾邮件的人。如果你有一个较大的网站，使用处理这种垃圾邮件的服务可能是值得的。一些服务也可以处理辱骂语言。|5809029|entityMap^0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|V|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|W|8|@]|9|@]|A|$]]|$1|G|3|H|5|6|7|X|8|@]|9|@]|A|$]]|$1|I|3|J|5|F|7|Y|8|@]|9|@]|A|$]]|$1|K|3|H|5|6|7|Z|8|@]|9|@]|A|$]]|$1|L|3|M|5|F|7|10|8|@]|9|@]|A|$]]|$1|N|3|-4|5|6|7|11|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|12|8|@]|9|@]|A|$]]|$1|Q|3|R|5|6|7|13|8|@]|9|@]|A|$]]|$1|S|3|-4|5|6|7|14|8|@]|9|@]|A|$]]]|T|$]]

There is no need to render the submit button as often the data is sent from a remote server rather than filled out from the page itself. CAPTCHA is horrible, sometimes it is so unclear that I don't understand what it says. I use three methods at once to stop bots.

<ol>
<li>Comparing the forms source IP address with the destination IP address, if they don't match, then no further processing will take place.</li>
<li>A field hidden by CSS that is left blank, if filled in, it's a bot and is ignored.</li>
<li>Another field that receives a predetermined value by JavaScript when the form is submitted. No match, no further processing.</li>
</ol>

I also recorded the attempts with the IP addresses to a database table. The attempts failed one, two or all of the tests.

However, stopping sweatshop spammers is another story altogether. Sweatshop spammers are people cheaply employed to manually send spam. If you have a larger site, it may be worth using a service that deals with this kind of spam. Some services also deal with abusive language as well.

Just wondered if anyone knows if a spam bot will be able to submit a form if there is no submit button on the page. Just trying to do some very basic spam prevention without using CAPTCHA. The thought is to use jQuery to render the submit button if the user interacts with the form in some way. Any thoughts would be appreciated.

Will a spam bot be able to submit a form if there is no submit button on the page?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

我想知道，如果页面上没有提交按钮，是否有人知道垃圾邮件机器人是否能够提交表单。只是尝试在不使用CAPTCHA的情况下进行一些非常基本的垃圾邮件预防。其思想是，如果用户以某种方式与表单交互，则使用jQuery呈现提交按钮。任何想法都将不胜感激。

问如果页面上没有提交按钮，垃圾邮件机器人是否能够提交表单？
EN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如果页面上没有提交按钮，垃圾邮件机器人是否能够提交表单？EN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如果页面上没有提交按钮，垃圾邮件机器人是否能够提交表单？
EN