PHP and Protecting Email

Re: PHP and Protecting Email

"Jim139" wrote:[color=blue]
> I have contact info including email address in MySQL. If I use php[/color]
to[color=blue]
> extract them into online directory, can a spambot harvest the[/color]
address?[color=blue]
> or
> does the spambot read the raw php code?
>
> I previously used javascript to hide my email addresses but more[/color]
and[color=blue]
> more
> people are disabling javascripting for security reasons. I need to
> find a
> way to keep my email address from being harvested.
>
> Does encoding the email with Ultimate Mailto (hex and dec code)[/color]
help?[color=blue]
>
> How can I protect the emails in MySQL when they are displayed on a
> page?
>
> Thanks[/color]

spambot is not going to read php, and is only going to read the html
rendered page.

The rest of your question really does not pertain to a php newsgroup,
and you should be able to find your answer elsewhere. In my case, I
hide it behind a button and a text box. A certain text string has to
be inserted in the text box, and the button pushed until the email
address becomes visible. Something beyond the reach of a bot.

There are also many other solutions.

--
http://www.dbForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-Protecti...ict130515.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=435421

Re: PHP and Protecting Email

>I have contact info including email address in MySQL. If I use php to[color=blue]
>extract them into online directory, can a spambot harvest the address? or
>does the spambot read the raw php code?[/color]

Clients do not read raw php code. The server won't send it.
(Unless you manage to break PHP, e.g. briefly while upgrading it,
or misconfigure it, e.g. naming a PHP script foo.pjp, which the
server treats as text.) If you're concerned about harvesting
email addresses, also worry about your database password, which
could give away the mother lode of spam targets.

If the email address is sent to a client, you can assume that a
spambot *WILL* harvest it, unless you limit access to that page to
a small group of trusted people with passwords or some other
authentication method. The mere idea of having an "online directory"
invites spam.
[color=blue]
>I previously used javascript to hide my email addresses but more and more
>people are disabling javascripting for security reasons. I need to find a
>way to keep my email address from being harvested.[/color]

Javascript is nearly worthless for hiding email addresses from
spambots (aside from the fact that it is Turned Off(tm) and a
Security Hole(tm)). Spambots likely just do a regular-expression-match
on email addresses in amongst the HTML and Javascript code; they
don't actually bother to format any of it, much less run any
Javascript. (If it shows up looking like an email address with
View Source, it's vulnerable). Whether or not actual people with
browsers run Javascript is not very relevant here. They aren't
your main threat. However, if you ARE worried about them, remember
that cut 'n paste or eyeball-and-keyboard can harvest stuff designed
to be 'bot-proof.
[color=blue]
>Does encoding the email with Ultimate Mailto (hex and dec code) help?[/color]

I don't know what this is.
[color=blue]
>How can I protect the emails in MySQL when they are displayed on a page?[/color]

If they are displayed on a page, anyone who can view that page
can harvest them. The solutions are (a) DON'T display them, or
(b) severely limit who you display them to. One approach is to
only display email addresses the user already knows (his own).

One possibility is to render the email address into an image
using an unusual font (say, the Kidnap font) and transfer it
as an image. That's still vulnerable if any spammer manages
to convince one of your people with access to transcribe it
for them with promises of $$$.

Gordon L. Burditt