Emails harvested through PHP code?

[BLiZZaRD]

I am in an all out war with the spam bots and email harvesters.

I have deleted ALL email links from my site. I set up a contact form, and that is it as far as the end user can tell.

Here is my question, as I know little about bot harveters or whatever you call them:

The contact form is all PHP, and relies on 2 files, one holds all the email addresses and is placed outside my root folder, so it is on the same level as my public_html folder, not inside it. The other is the "instructions" for the form and has no reference to the other file.

I also have a php page I made that will check my inbox and display the current number of emails in my various inboxes. Through the source code no email address is visible. You can see the page here

These are the only 2 spots where I have all these email addresses on my server. I am still getting a lot of spam to all the addresses, but I don't know the "life" of these spam bots. I just deleted and made the changes over the last couple days. Is it possible for the bots to get to either of these email addresses (specifically worried about the one outside the root folder), and if not does that mean that spam bots have gotten my email address earlier in the week or month and still send mail to it?

[djr33]

This is like abstinence after getting AIDS. (Tried to come up with a better analogy, but I'm tired... gimme a break )

Hiding the emails won't fix it once it's a problem.

They can't get it from the php source or the file outside the public_html directory.

However, they already have your email. Done.

You have two options--
live with spam, since they now have your email and it's getting spread around to various spammers, companies, etc... it's on some big list.
Or, get a new email address and be more careful next time. I got rid of an old address for this reason.

Welcome to the wonderful world of spam. Ew.

I'd recommend gmail... it has a great spam filter, so you really don't get that much. //sidenote.


By the way, I suppose that over enough time, your email might fade away, but it also seems that once they have it, it'll just keep spreading and keep getting worse. Not really sure what you can do.

[BLiZZaRD]

Well, it isn't bad yet, which is why I started the whole process. New emails are an option for some/most of the address there, but I wanted to stop the new ones from coming in.

If they can't get it through php then I feel a lot better about it.

I understand about the lists and all that, just wanted to nip as much in the bud as I could, and wasn't sure if what I have done is the best way to go. Seems it is though, and I feel comfortable with that.

I have gmail, and all my mail is forwarded to that and that spam filter is great, but I still have all my site only addys on the server and I have to go clean them out once in a while, just wanting to lessen that burden a little

Thanks.

[djr33]

Yep. Sounds good. From what I can tell, you're doing the right thing with all of that.

[BLiZZaRD]

Thats good to hear! I am still way behind the learning curve on the web design thing, but I am learning and for only doing it for about 1 1/2 years I think I am catching on pretty quick. Of course I would rather not make mistakes, but what better way to learn?

[Acey99]

You could consider hiding the form from bots

Code:

  $ua = getenv("HTTP_USER_AGENT");

  $bot = (preg_match("/bot/i",$ua)) ? 1 : 0;;

  if (!$bot) {
   # show form
  }
  else {
   # show nothing
  }

Attached is a great browser class that'll help.

[Twey]

Because, of course, every spambot sends a user agent string that says "I'M A SPAMBOT! BLOCK ME!"

[Acey99]

no every bot either sends a useragent or not
and since we can make a "Valid" list we can kinda make an "invalid" list

look at most bots
http://en.wikipedia.org/wiki/Useragent#Bots
what do they have in common?
look at the browsers, what do they have in common ?

Yeah I know The Mozilla Browsers can Spoof them, but isn't that a good thing to see if this script can block bots?


according to wikipedia thy all have a useragent string.

[Acey99]

add his code to the browser class (near the end)

Code:

   function isValidBrowser(){
     return ( ($this->isIE() || $this->isMoz() || $this->isOpera()) && !$this->isBot() ) ? 1 : 0; 
   }

[Twey]

Those are innocent do-gooder bots Nasty spambots won't be so nice. There's no comprehensive listing of them because they tend to send user-agent strings that mimic those of popular browsers.