Emails harvested through PHP code?

**djr33** · 11-17-2006, 08:45 PM

Viruses don't play nice. They don't let you block them. That assumption is naïve and wrong.
(Is it the double dots over the i in naive? I always forget...)

**Twey** · 11-17-2006, 09:07 PM

It is

We're not technically talking "viruses" here. But yes, same concept applies. These aren't "nice" bots. They're not going to tell you what they are or what they're going to do, and they will try everything they can to look like a normal user.

**mwinter** · 11-17-2006, 10:36 PM

Originally Posted by Acey99

Attached is a great browser class that'll help.

No server-side user agent detection code could ever be called "great"; it's even less reliable than attempting it client-side.

Mike

**Acey99** · 11-17-2006, 10:53 PM

the other alternative is to have a "validation" image
Thus needing a db (MySQL)
and the GD Library (installed/compiled) ?

& ok, so it's a decent browser detection class.

**Twey** · 11-17-2006, 11:49 PM

Again, read my post on effective CAPTCHAs.

**djr33** · 11-18-2006, 04:22 AM

Acey, CAPTCHAs are totally irrelevant here.
We're talking about a document containing email address. It would be accessed by a bot. No user would be supposed to see it either, so no need to include a CAPTCHA that would then allow them to see it.
The question is just how to store the emails on the server and have them available for his needs but not allow spam bots to collect them (or malicious users, for that matter).
The probelm was solved in the first post; he was simply asking if what he did was correct. And it was.

**BLiZZaRD** · 11-18-2006, 08:18 AM

Aye, and I felt pretty secure storing the file with the email addys outside the /root/ but I wanted to verify this was indeed inaccessable (without server admin passwords of course)

**Acey99** · 11-21-2006, 05:04 PM

ah, I understand
try html encoding them
or they some encoding method of your own I use this :

function EncryptText($iVal,$hex=""){
$out = "";
$sl = strlen($iVal)-1;
for($i=0;$i<=$sl;$i++){
$ch = substr($iVal,$i,1);
if ($hex) $out .= "&#x".dechex(ord($ch)).";";
else $out .= "&#".ord($ch).";";
}
return $out;
}

bot's don't understand &#xNN; or &#NN;
or what to do with them - yet;

you could also write your own encoder/decoder that would accomplish the same thing.

**Acey99** · 11-21-2006, 05:33 PM

other things you can try:

if using a linux/unix box, hide the emails in a . file (like .htaccess)
don't use a file called emails (or have email in the filename)

also hide the file somewhere bot's can't get to (like /var/ or /etc), those are bad, but you get the idea.

use base64_encode() / base64_decode() on the text file.
use a database to store the emails, also encrypted with base64_encode() / base64_decode()

I have tons of other Ideas.

**djr33** · 11-23-2006, 01:23 AM

Many bots DO understand that.

Anything you do that you then undo can also be undone by bots.

The problem is solved.

Directories above 'public_html' cannot be accessed.

Easy answer too.

Thread: Emails harvested through PHP code?

Thread Tools

Search Thread

Bookmarks

Bookmarks

Posting Permissions