Re: Hide email from spammers
From: John C (jcliff_at_delete.email.com)
Date: 11/23/03
- Next message: Jochen Daum: "Re: Any luck getting PHP/Linux to talk to MS SQL 2K?"
- Previous message: Stéphane Mégy: "Re: email, text files and accents"
- In reply to: Geoff Berrow: "Re: Hide email from spammers"
- Next in thread: Geoff Berrow: "Re: Hide email from spammers"
- Reply: Geoff Berrow: "Re: Hide email from spammers"
- Reply: Allodoxaphobia: "Re: Hide email from spammers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 23 Nov 2003 12:30:29 -0600
On Sun, 23 Nov 2003 11:44:24 +0000 Geoff Berrow posted:
> I noticed that Message-ID:
> <MPG.1a2a23436884e31e9896e8@news.sunflower.com> from John C contained
> the following:
>
> >> Use a form and the mail() function
> >> <title>Simple PHP Mail Form</title>
> >> //put your email address in here
> >> $mailTo = "you@yourdomain.dom";
> >> </form>
> >
> >I am also PHP noob who'd like to use formmail to defeat spambots but I
> >must be missing something elemental. Your above form spells out the email
> >address, just the same as the mailto: spells out the email address. Is
> >the theory that spambots only harvest addresses that are *visible* in the
> >browser, but ignore addresses that are contained in scripts? I would
> >think spambots can harvest any text in the file, whether visible or
> >hidden, and will spot an email address in either instance.
> >
> >I've been thinking it would be necessary to use a variable in the script
> >that would pull the email address from a database, or some other kind of
> >code for the email address that would not be contained in the html file
> >(or any other file in the "public" directory that might get spidered).
> >
> >What am I missing?
>
> You snipped rather too much
>
> $mailTo = "you@yourdomain.dom"; is within a <?php ?> tag. Hence it is
> processed by the server before it leaves.
>
> Check out the source of http://www.ckdog.co.uk/php/mail.php See any
> email addresses?
>
Sorry I misjudged snipping, but I guess you figured out what I was
saying.
Yes, (or, rather, no) I see no email address in the source for *that*
page. But the email address *is* text within the <?php ?> tag in another
file that is on the server, is it not? I assume that other file is either
a *.html or *.php file in the public directory. Is that an incorrect
assumption? And I assume that spambots spider *all* files in any
directory that is accessible, looking for any text that matches a *@*
mask for an email address.
There are other scripts that take email address hiding to a higher level,
such as <http://www.bitfolge.de/?l=en&s=botproof>. I understood that they
did so because it was necessary to put the actual email address beyond
the spidering capabilities of the spambots.
So it still looks to me like the method you posted is vulnerable to
spambots, or else I'm still missing something. Of course, as I said,
being a noob I don't even understand how a file named "mail.php" with a
form containing <form name="form1" method="post" action="mail.php"> works
when it refers to itself and contains no php code. I thought "mail.php"
would be a different file that contains the php code, which would include
the email address, and if I looked at the source of *that* file I would
see the email address. If not, then as I said, I'm still missing
something. I have all this education and supposed IQ but when it comes to
programming I have a wondrous incapacity to see the biggest tree in the
forest when I'm standing right under it!
-- John C
- Next message: Jochen Daum: "Re: Any luck getting PHP/Linux to talk to MS SQL 2K?"
- Previous message: Stéphane Mégy: "Re: email, text files and accents"
- In reply to: Geoff Berrow: "Re: Hide email from spammers"
- Next in thread: Geoff Berrow: "Re: Hide email from spammers"
- Reply: Geoff Berrow: "Re: Hide email from spammers"
- Reply: Allodoxaphobia: "Re: Hide email from spammers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
