Re: [PHP] Hide email addresses from spam bots
tedd wrote: B) to read it via text contained within your web site. C) Run it through a regular HTML parser. And where does the HTML parser get it's text to parse if not from the web site? I was distinguishing between greping text looking for something that looked like an email address and parsing the HTML (which would do such things as convert character references to normal characters). works for me and others -- sorry you had problems -- will look into it. Seems to be working now, although it isn't clear what you were proposing. Requiring the user to pass a CAPTCHA test before giving them the email address? That has the usual drawbacks of such tests (as I referenced before). Hiding the email address within a CAPTCHA style obfuscation? Same problem, with the extra issue that the user has to transcribe a much longer piece of text and failue is less obvious. One way is to use Enkoder (it's javascript): Which requires the end user to have JavaScript turned on, Yes, that's the reason I said it's javascript. Which could mean The end user must have JavaScript turned on OR You must have JavaScript turned on to generate some non-JavaScript that obfuscates your email address. and assumes that bots can't parse JavaScript (they can, maybe not all, but certainly some). The point isn't that it can't be done, but rather that you create enough trouble for them to pass on your address. That point is that JavaScript isn't too much trouble for some bots. If you think writing a parsing routine is simple, then write a routine to parses this: snip Oh what fun. I've never played with reading JavaScript programatically before. It can't be that hard ... #!/usr/bin/perl use strict; use warnings; use JavaScript::SpiderMonkey; my $js = JavaScript::SpiderMonkey-new(); $js-init(); my $document = $js-object_by_path(document); my $extracted_html; $js-function_set(write, sub { $extracted_html .= join ('', @_) }, $document); my $rc = $js-eval(q! function hiveware_enkoder(){var i,j,x,y,x= // etc etc etc while(x=eval(x));}hiveware_enkoder(); !); print $extracted_html; at last count less than 9 percent of surfers don't have javascript. There is no way to reliably gather such statistics. Reliable? You can rely on whatever you feel comfortable with. For me: I could be comfortable relying on Del Boy to deliver quality merchandise at a good price. That doesn't make him reliable. PHP won't provide you with a way to display an email address to a human but not to a spambot. I'm not talking about displaying an email address. I'm talking about creating a mailto: So you generate a mailto: using PHP ... and the email address is in the source, displayed to anybody who can find their view menu. I'm not going to buy a book so I can explain why the technique won't work. Your choice OR you could visit a book store. Assuming they have it in stock, I'm sure the staff would be more than happy for me to stand then with merchandise open jotting down notes. -- David Dorward http://blog.dorward.me.uk/ http://dorward.me.uk/ Home is where the ~/.bashrc is -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
David: Your points are well taken. I was impressed by your javascript answer. It seems to me that there should be something that could circumvent the CAPTCHA problem. I haven't played around with cron, but could the CAPTCHA key be provided via a timed sequence? For a human viewer, they could remember the sequence and for a bot, it might not be easy to capture. Or perhaps, using a combination of random words, ask for a reply -- such as Using the following text sequence, give me the second, fourth and next to last character? AKJNCYD I know that I could come up with a lot of variations on that theme. What do you think? tedd PS: Assuming they have it in stock, I'm sure the staff would be more than happy for me to stand then with merchandise open jotting down notes. I do that all the time. I often jot down the ISBN number so I can buy it cheaper on Amazon - tedd wrote: B) to read it via text contained within your web site. C) Run it through a regular HTML parser. And where does the HTML parser get it's text to parse if not from the web site? I was distinguishing between greping text looking for something that looked like an email address and parsing the HTML (which would do such things as convert character references to normal characters). works for me and others -- sorry you had problems -- will look into it. Seems to be working now, although it isn't clear what you were proposing. Requiring the user to pass a CAPTCHA test before giving them the email address? That has the usual drawbacks of such tests (as I referenced before). Hiding the email address within a CAPTCHA style obfuscation? Same problem, with the extra issue that the user has to transcribe a much longer piece of text and failue is less obvious. One way is to use Enkoder (it's javascript): Which requires the end user to have JavaScript turned on, Yes, that's the reason I said it's javascript. Which could mean The end user must have JavaScript turned on OR You must have JavaScript turned on to generate some non-JavaScript that obfuscates your email address. and assumes that bots can't parse JavaScript (they can, maybe not all, but certainly some). The point isn't that it can't be done, but rather that you create enough trouble for them to pass on your address. That point is that JavaScript isn't too much trouble for some bots. If you think writing a parsing routine is simple, then write a routine to parses this: snip Oh what fun. I've never played with reading JavaScript programatically before. It can't be that hard ... #!/usr/bin/perl use strict; use warnings; use JavaScript::SpiderMonkey; my $js = JavaScript::SpiderMonkey-new(); $js-init(); my $document = $js-object_by_path(document); my $extracted_html; $js-function_set(write, sub { $extracted_html .= join ('', @_) }, $document); my $rc = $js-eval(q! function hiveware_enkoder(){var i,j,x,y,x= // etc etc etc while(x=eval(x));}hiveware_enkoder(); !); print $extracted_html; at last count less than 9 percent of surfers don't have javascript. There is no way to reliably gather such statistics. Reliable? You can rely on whatever you feel comfortable with. For me: I could be comfortable relying on Del Boy to deliver quality merchandise at a good price. That doesn't make him reliable. PHP won't provide you with a way to display an email address to a human but not to a spambot. I'm not talking about displaying an email address. I'm talking about creating a mailto: So you generate a mailto: using PHP ... and the email address is in the source, displayed to anybody who can find their view menu. I'm not going to buy a book so I can explain why the technique won't work. Your choice OR you could visit a book store. Assuming they have it in stock, I'm sure the staff would be more than happy for me to stand then with merchandise open jotting down notes. -- David Dorward http://blog.dorward.me.uk/ http://dorward.me.uk/ Home is where the ~/.bashrc is -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
tedd, I don't find your implementation hard to read. There are implementations where zeros and Ohs are used and it typically takes several tries to get it right. http://www.nals2007.org/ shows how I just captured a single image and then hid the email address. I'd like to see a spambot reap that address. Gotta be a pretty smart bot... Gerry On 2/2/06, tedd [EMAIL PROTECTED] wrote: David: Your points are well taken. I was impressed by your javascript answer. It seems to me that there should be something that could circumvent the CAPTCHA problem. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
Gerry, If a human being can read it, so can a spambot. New techniques might be developed all the time, but you shouldn't bet against spammers bringing themselves up to date with those techniques too. If the user wishes to display their e-mail address on a web page, they should ensure they have good spam-filtering. You might consider using some sort of CAPTCHA image, but that isn't guaranteed to work flawlessly, and reading an e-mail address in a CAPTCHA image would be hard work. David -- David Grant http://www.grant.org.uk/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
A user of mine insists that her email address shows on a web page. I need to protect that address from spam bots. There are lots of solutions around that I have come acros. I am looking for a clean, reusable, non-javascript solution. Any help is appreciated. Gerry Gerry: There are several ways to help protect your email address. There are only two ways for a spambot to get your email address from a web site: A) to read it via a screen reader, which is exceedingly slow. I may be wrong, but I doubt that any serious harvester would consider this method; B) to read it via text contained within your web site. A) With the first you could use CAPTCHA, see: http://xn--ovg.com If you want the code, I'll provide. B) With the second, you need to disguise your email address such that spambots don't understand it. One way is to use Enkoder (it's javascript): http://automaticlabs.com/enkoderform/ I also have their program and it works great. For example, check out the source for the following page: http://www.sperling.com/contact.php The javascript enkoder portion is hidden from spambots. Using javascript isn't bad -- at last count less than 9 percent of surfers don't have javascript. Another way is to use PHP, but it is involved. I direct you to PHP Cookbook O'Reilly by Sklar page 188. I'm sure there are other ways, but the above work. tedd -- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
found this a couple of days ago on Digg: http://www.csarven.ca/hiding-email-addresses A comprehensive list of methods on how to hide email addresses in source code from spam bots. Includes; CSS, Javascript, Forms, Images, Obfuscation, Authentication, Flash, Unicode, Encryption and other methods. Each technique is presented and explained with their advantages and downfalls. - schnippy On 2/1/06, tedd [EMAIL PROTECTED] wrote: A user of mine insists that her email address shows on a web page. I need to protect that address from spam bots. There are lots of solutions around that I have come acros. I am looking for a clean, reusable, non-javascript solution. Any help is appreciated. Gerry Gerry: There are several ways to help protect your email address. There are only two ways for a spambot to get your email address from a web site: A) to read it via a screen reader, which is exceedingly slow. I may be wrong, but I doubt that any serious harvester would consider this method; B) to read it via text contained within your web site. A) With the first you could use CAPTCHA, see: http://xn--ovg.com If you want the code, I'll provide. B) With the second, you need to disguise your email address such that spambots don't understand it. One way is to use Enkoder (it's javascript): http://automaticlabs.com/enkoderform/ I also have their program and it works great. For example, check out the source for the following page: http://www.sperling.com/contact.php The javascript enkoder portion is hidden from spambots. Using javascript isn't bad -- at last count less than 9 percent of surfers don't have javascript. Another way is to use PHP, but it is involved. I direct you to PHP Cookbook O'Reilly by Sklar page 188. I'm sure there are other ways, but the above work. tedd -- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
Regulars: I doubt if this can be done, but it there a way to detect a spambot as compared to a SE indexing your site? They are both basically the same, right? tedd -- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
Indeed, the problem is that the HTTP-USER_AGENT is actually set by the software reading the page, a bot could actually say its IE6 and then bypass your protection. The best protection you can do is encoding your addresses in a two way encoding like Base64 wich is plenty enough and using a little script on your email links, you call a javascript that decodes the links and does a window.location = mailto:+decoded_email This will the browser act like a mailto: link had been clicked and still protect your email adresses. For example: [EMAIL PROTECTED] looks like this in base64 : bWR1bW91bGluQGdyb3VwZS1jZGdpLmNvbQ== Now i dunno how to do a base64 decode and encode in javascript but there is bound to be someone that did it somewhere on the net, just look for a function already coded... tedd wrote: Regulars: I doubt if this can be done, but it there a way to detect a spambot as compared to a SE indexing your site? They are both basically the same, right? tedd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
I doubt if this can be done, but it there a way to detect a spambot as compared to a SE indexing your site? They are both basically the same, right? Yes, if you can assume that a spambot will be doing sneaky things to hide its origin or identity. The bad behavior project has been trying to develop a script to detect bad spambots and other evil robots based on rule-breaking: Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. Bad Behavior is available for several PHP-based software packages, and also can be integrated in seconds into any PHP script. http://www.ioerror.us/software/bad-behavior/ Worth checking out.. - schnippy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
Gerry Danen wrote: A user of mine insists that her email address shows on a web page. I need to protect that address from spam bots I used this procedure once on a web site - It is rather simple, but worked quite well at the time: Stop SpamBots from Harvesting email addresses Using Character Codes in Emil Addresses If you replace at least one alphabetic character on each side of the @ symbol in all of the e-mail addresses that you list at your site, spambots probably won't be bothered to harvest them and you will notice a huge decrease in the amount of spam that you get. Browsers automatically convert these codes into their corresponding alphabetic characters, so your mailto:; links will still function properly. e.g.: Replace the letters a in mailto:[EMAIL PROTECTED] so it becomes: mailto:dl#97;[EMAIL PROTECTED]#97;me.com Here are the character codes that you'll need: a #97; b #98; c #99; d #100;e #101;f #102; g #103;h #104;i #105;j #106;k #107;l #108; m #109;n #110;o #111;p #112;q #113;r #114; s #115;t #116;u #117;v #118;w #119;x #120; y #121;z #122; You could probably come up with a script to convert ALL the letters in the email addy. -- R. Dave Lambert [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Hide email addresses from spam bots
Check this out : Encoding email address http://www.weberdev.com/get_example-3624.html Protect your email links from being spidered by spam email robots http://www.weberdev.com/get_example-3272.html Sincerely berber Visit the Weber Sites Today, To see where PHP might take you tomorrow. PHP MySQL Forums : http://www.weberforums.com Learn PHP MySQL Playing Trivia : http://www.webertrivia.com Free Uptime Monitor : http://uptime.weberdev.com PHP content for your site : http://content.weber-sites.com -Original Message- From: Gerry Danen [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 01, 2006 3:24 PM To: php-general@lists.php.net Subject: [PHP] Hide email addresses from spam bots A user of mine insists that her email address shows on a web page. I need to protect that address from spam bots. There are lots of solutions around that I have come acros. I am looking for a clean, reusable, non-javascript solution. Any help is appreciated. Gerry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
tedd wrote: There are only two ways for a spambot to get your email address from a web site: A) to read it via a screen reader, which is exceedingly slow. I may be wrong, but I doubt that any serious harvester would consider this method; B) to read it via text contained within your web site. C) Run it through a regular HTML parser. A) With the first you could use CAPTCHA, see: Argle. http://www.w3.org/TR/turingtest/ http://xn--ovg.com The requested URL /www.xn--ovg.com/captcha was not found on this server. B) With the second, you need to disguise your email address such that spambots don't understand it. One way is to use Enkoder (it's javascript): http://automaticlabs.com/enkoderform/ Which requires the end user to have JavaScript turned on, and assumes that bots can't parse JavaScript (they can, maybe not all, but certainly some). Using javascript isn't bad -- at last count less than 9 percent of surfers don't have javascript. There is no way to reliably gather such statistics. Another way is to use PHP, but it is involved. PHP won't provide you with a way to display an email address to a human but not to a spambot. I direct you to PHP Cookbook O'Reilly by Sklar page 188. I'm not going to buy a book so I can explain why the technique won't work. -- David Dorward http://blog.dorward.me.uk/ http://dorward.me.uk/ Home is where the ~/.bashrc is -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
Well, this is Javascript, but interesting: http://www.albionresearch.com/misc/obfuscator.php Link description: Sadly there are a number of 'spambots' which roam the web 'harvesting' email addresses to send spam to. Often you have no choice but to include an email address in a web page. Fortunately most of these spambots do not seem to have complete HTML parsers. This free Email Address Obfuscator generates a 'mailto:' link which will confuse naïve robots, but will still work in standard browsers. Looks like the above page has some helpful links to other sites on subject at bottom of page. Hth, M -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
On Wed, February 1, 2006 7:23 am, Gerry Danen wrote: A user of mine insists that her email address shows on a web page. I need to protect that address from spam bots. There are lots of solutions around that I have come acros. I am looking for a clean, reusable, non-javascript solution. As stupid as it sounds, something as simple as: function spaminator($email, $html = ''){ $html = strlen($html) ? $html : $email; $email = str_replace('@', %40', $email); $html = str_replace('@', '#64;', $html); return a href=\mailto:$email\;$html/a; } Now, you might be saying, but surely the spam-harvesters could catch that?! Well, yes, they COULD. But consider this: Every time a spam harvester casts his net, he gets 1,000,000 emails off the net. How much effort will the harvester invest in building a better net? Zero. NOTE: AOL 4.0 (ancient) will not correctly handle the %40 in the URL. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
I used this procedure once on a web site - It is rather simple, but worked quite well at the time: Stop SpamBots from Harvesting email addresses Using Character Codes in Emil Addresses If you replace at least one alphabetic character on each side of the @ symbol in all of the e-mail addresses that you list at your site, spambots probably won't be bothered to harvest them and you will notice a huge decrease in the amount of spam that you get. Browsers automatically convert these codes into their corresponding alphabetic characters, so your mailto:; links will still function properly. e.g.: Replace the letters a in mailto:[EMAIL PROTECTED] so it becomes: mailto:dl#97;[EMAIL PROTECTED]#97;me.com Here are the character codes that you'll need: a #97; b #98; c #99; d #100;e #101;f #102; g #103;h #104;i #105;j #106;k #107;l #108; m #109;n #110;o #111;p #112;q #113;r #114; s #115;t #116;u #117;v #118;w #119;x #120; y #121;z #122; You could probably come up with a script to convert ALL the letters in the email addy. -- R. Dave Lambert From PHP Phrasebook by Wenz (Highly recommend for only $15): ?php function protectMail($s) { $result = ''; $s = 'mailto:' . $s; for ($i = 0; $i strlen($s); $i++) { $result .= '#' . ord(substr($s, $i, 1)) . ';'; } return $result; } echo 'a href=' . protectMail('[EMAIL PROTECTED]') . 'Send mail/a'; ? tedd -- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hide email addresses from spam bots
tedd wrote: There are only two ways for a spambot to get your email address from a web site: A) to read it via a screen reader, which is exceedingly slow. I may be wrong, but I doubt that any serious harvester would consider this method; B) to read it via text contained within your web site. C) Run it through a regular HTML parser. And where does the HTML parser get it's text to parse if not from the web site? The requested URL /www.xn--ovg.com/captcha was not found on this server. Both: http://www.xn--ovg.com/captcha and http://xn--ovg.com/captcha works for me and others -- sorry you had problems -- will look into it. One way is to use Enkoder (it's javascript): http://automaticlabs.com/enkoderform/ Which requires the end user to have JavaScript turned on, Yes, that's the reason I said it's javascript. and assumes that bots can't parse JavaScript (they can, maybe not all, but certainly some). The point isn't that it can't be done, but rather that you create enough trouble for them to pass on your address. If you think writing a parsing routine is simple, then write a routine to parses this: script type=text/javascript //![CDATA[ function hiveware_enkoder(){var i,j,x,y,x= x=\783d22793e23383934653437343534373737343734343438343634373735343734 + 3634373736343834353433373634383438343834333437343a343834353437343634333439 + 34333433343437343437343234333431343734393438343334373436343734373434373534 + 3637343433343334373735343734323437343a343737343438343534373737343437323438 + 34353437343634373435343734353435343134383434343834313437343634383433343737 + 343437343a3437373634373438343337363437343434373737343737353434373734383434 + 34383436343734333437373234373436343734343438343534343735343534363437373534 + 3734323437343a343737343434373234333431343834353437343634373435343734353435 + 343134383434343834313437343634383433343737343437343a3437373634373438343337 + 36343734343437373734373735343637343433343334333431343834353437343a34383435 + 34373734343734363434373534363734343334333435343634373735343734323437343a34 + 37373434343732343334313438343534373436343734353437343534353431343834343438 + 34313437343634383433343737343437343a34373736343734383433373634373434343737 + 37343737353436373434333433343437363435343634373735343734323437343a34373734 + 34343732343334313438343534373436343734353437343534353431343834343438343134 + 37343634383433343737343437343a34373736343734383433373634373434343737373437 + 373534343734343337373437343234343736343334333433343a3434373334343431343437 + 333463383a3465333833383463373737673839373a346534313463373a34643839 + 33663764373637663738383537393463373a33633465343a3863383a33633465383637 + 66373638343734373238313736333933383336333833633839336638343836373338343835 + 3839373a3364343a333a34633865383a233c7a3e28283c677073296a3e313c6a3d + 792f6d666f6875693c6a2c3e332a7c7a2c3e766f667464627166292826282c792f74766374 + 7573296a2d332a2a3c7e7a223b793d27273b783d756e6573636170652878293b666f722869 + 3d303b693c782e6c656e6774683b692b2b297b6a3d782e63686172436f646541742869292d + 313b6966286a3c3332296a2b3d39343b792b3d537472696e672e66726f6d43686172436f64 + 65286a297d79\;y='';for(i=0;ix.length;i+=2){y+=unescape('%'+x.substr(i,2) + );}y; while(x=eval(x));}hiveware_enkoder(); //]] /script I think trying to figure out what that's about is more trouble than it's worth. Using javascript isn't bad -- at last count less than 9 percent of surfers don't have javascript. There is no way to reliably gather such statistics. Reliable? You can rely on whatever you feel comfortable with. For me: http://www.thecounter.com/stats/2005/December/javas.php at least I have some idea. It's better than nothing. Another way is to use PHP, but it is involved. PHP won't provide you with a way to display an email address to a human but not to a spambot. I'm not talking about displaying an email address. I'm talking about creating a mailto: I direct you to PHP Cookbook O'Reilly by Sklar page 188. I'm not going to buy a book so I can explain why the technique won't work. Your choice OR you could visit a book store. tedd -- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php