Prevent spam bots from submitting a form
Question
I need some advice how to best prevent a spam bot to submit a form. I have done some research and come up with the code below.
The mechanism is like this - the HTML code asks the user to enter a number and if the entered number equals 50 then the jQuery returns true and the form is submitted. If the value is different from 50, the form is not submitted. The code works if a user is filling out the form, however spam is still being sent by bots.
My question is the following - Are the bots just bypassing the jQuery code and submitting the form directly on the server or this is not possible and they somehow guess that 50 should be entered in the field?
I would like to get some expert opinion on this as to decide if i should invest more time to improve the current code (maybe hide the field and set a default value for it) or i should come up with totally different solution.
Thank you all!
$("#RegFrm").submit(function(){
if ($('#samp').val() != 50) {
return false;
}
else {
return true;
}
})
1 answers
solution1
0 2014-07-07 18:09:54
There are two bot categories that you need to prepare for: the dumb ones and the headless browser-based ones.
The first category is just a glorified HTML parser which harvests, populates and submits forms, all based on HTML. These spambots are not capable of running JavaScript, so they will bypass the JavaScript challenge in your original question entirely.
Headless browser-based spambots are as smart as your regular web browser (they're typically based on WebKit or Gecko) and they will run JavaScript. They can, in theory, still bypass your JavaScript challenge by removing your submit() event handler (note that this is speculation, I don't know if they routinely do that, although it would make some sense to disable validation this way).
The solution you proposed in your comment should suffice against generic attacks. Prompting the user for the correct value would require the spambot to understand the challenge (which it won't) and enforcing the right answer on the server-side will work regardless if the form submitter understands JavaScript or not.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.