Emails harvested through PHP code?

[mwinter]

if using a linux/unix box, hide the emails in a . file (like .htaccess)
don't use a file called emails (or have email in the filename)

Obfuscation is not security, and using daft names only makes maintenance harder.

also hide the file somewhere bot's can't get to (like /var/ or /etc), those are bad, but you get the idea.

That's one of the things djr33 suggested at the start of this thread, and BLiZZaRD had already done that, anyway.

use base64_encode() / base64_decode() on the text file.

Why? What's that supposed to accomplish?

use a database to store the emails, also encrypted with base64_encode() / base64_decode()

Base64 encoding is not a form of encryption. It is a means of transmitting 8-bit data across 7-bit protocols (like SMTP). Though it does so without regard for human readability, that is far from calling it a cipher. Again, obfuscation is not security.

Mike

[Twey]

function EncryptText($iVal,$hex=""){
$out = "";
$sl = strlen($iVal)-1;
for($i=0;$i<=$sl;$i++){
$ch = substr($iVal,$i,1);
if ($hex) $out .= "&#x".dechex(ord($ch)).";";
else $out .= "&#".ord($ch).";";
}
return $out;
}

This is better than nothing, and has no disadvantages like a CAPTCHA does, but will still be ineffective against most bots.

The problem is solved.

Directories above 'public_html' cannot be accessed.

"Usually" Also, it must be noted that this "solution" falls apart if the email addresses are ever actually output

[Acey99]

Obfuscation is not security, and using daft names only makes maintenance harder.


That's one of the things djr33 suggested at the start of this thread, and BLiZZaRD had already done that, anyway.


Why? What's that supposed to accomplish?


Base64 encoding is not a form of encryption. It is a means of transmitting 8-bit data across 7-bit protocols (like SMTP). Though it does so without regard for human readability, that is far from calling it a cipher. Again, obfuscation is not security.

Mike

Hopefully the last post on this..


ZnJhbmtAZnVydGVyLmNvbQ==

do you think a bot will look at that & say - oh look, an email address ?
I Don't. & agree, put in in a non accessable place like say /myfolder & make that folder

or you think a bot will look in a DB like Postgres or MySQL for emails and again with the above (ZnJhbmtAZnVydGVyLmNvbQ==) encrypted into it ?


I personally hide them in a wierd place. - not on my server !

[djr33]

If a bot knows where to look, it will be inefective, just like if a bot knows a password.
However, I do agree that if the obfuscation of the email address makes it not look like an email address, that may help, unless the word "email" appears on the page, in which case the bot will search for it.
Also, in the case of converting to html characters ("encrypting") as opposed to straight text, bots may very well see that as clearly as we/they see plain text, so that isn't doing much.