I'm trying to scramble email when posting a topic with HTML, but when I click OK it becomes unscrambled and is stored as plain text.
However, should I even worry about it? Or will the email be stored in the database and unavailable for harvesting by robots anyway?
I'm lost here!
Thanks,
Leo
Zevrix Solutions
http://zevrix.com
UseBB Community
UseBB support, discussion and development
Scrambling email
Moderators: Gaia.
Page: 1
| Author | Post |
|---|---|
|
#1 Sat Jun 05, 2010 1:49 pm
|
|
|
Member
Registered: Jun 2010
Posts: 7
|
|
|
#2 Sun Jun 06, 2010 7:24 am
|
|
|
Developer
Registered: Apr 2004
Posts: 2230
Location: Belgium
|
What do you mean with "scrambling"?
|
|
#3 Sun Jun 06, 2010 11:23 am
|
|
Member
 Registered: May 2005
Posts: 386
Location: US WA. St.
|
Dietrich here is an example...
http://www.golivecentral.com/pages/scramble.shtml _______________ My board started January 03, 2012 and is powered by UseBB. - wimc message board |
|
#4 Sun Jun 06, 2010 12:02 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2230
Location: Belgium
|
If you mean converting it to entities...
I tried this here and on my local sources and it "works", in the sense that the entities are being retained. But, only if you are posting it directly. If you perform a preview or edit (and the posted text gets in the text area) the entities won't be shown again but shown as the characters they represent. This could be solved by escaping them when shown in a text area, and not escape them when shown elsewhere, BUT this gives huge problems with other character sets. Quite a lot of people are using UseBB in its default language and encoding to post messages with other character sets, i.e. Russian, Chinese etc and this depends on the entities always being shown as the characters they represent. (You see, browsers send entities when the text sent has a different encoding than the page's.) Which is ofcourse the opposite behaviour as what you expect when using the text area. Thus I'm afraid I can't really fix this except for adding a checkbox saying the entities must be escaped, which would be something 90% of users will not understand. This is just another issue with the entities usage and the different character sets that will be fixed with v2 when everything (hopefully) will use UTF-8. |
|
#5 Sun Jun 06, 2010 7:21 pm
|
|
|
Member
Registered: Jun 2010
Posts: 7
|
Thanks for the detailed explanations, Dietrich. (And for the great software, btw. I probably checked some 20 other PHP forums, yours was the last one and the only one I really liked).
I'm still trying to understand: should I worry about posting email addresses on the forum? Can they be harvested by spam robots or not? (I'm clueless here). Thanks, Leo |
|
#6 Sun Jun 06, 2010 8:08 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2230
Location: Belgium
|
You could still "scramble" the addresses if you enter them in the text field and submit immediately, and rescramble them everytime the post is edited. However, when someone quotes the text you will have the same problem.
I'm also not really sure if it does help against spam bots, which are getting increasingly more sophisticated and might already translate entities or interpret JavaScript. I think the best would still be making a graphic file yourself with the email address in and posting this inside the text. |
|
#7 Sun Jun 06, 2010 8:17 pm
|
|
|
Member
Registered: Jun 2010
Posts: 7
|
Thanks!
Just to make sure - I guess you mean to post just the image of the email address without the actual mailto: link. « Last edit by zevrix on Sun Jun 06, 2010 8:25 pm. » |
|
#8 Sun Jun 06, 2010 9:57 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2230
Location: Belgium
|
Yes indeed.
 |
|
#9 Mon Jun 07, 2010 11:02 am
|
|
|
Member
Registered: Apr 2007
Posts: 19
Location: Amsterdam, Netherlands
|
"Scrambling" text into entities does indeed not help against email address harvesting bots, they read the entities just as easily as the plain characters. |
|
#10 Mon Jun 07, 2010 3:50 pm
|
|
|
Member
Registered: Jun 2010
Posts: 7
|
so - i know it's beyond the scope of this discussion - but what does helps again the harvesting bots? could you point me to any sources?
(well i'll search for the info too) Thanks, Leo |
|
#11 Mon Jun 07, 2010 8:29 pm
|
|
|
Member
Registered: Apr 2007
Posts: 19
Location: Amsterdam, Netherlands
|
Simple: Don't use email addresses, in readable text or in mailto links, on freely accessible web pages or in forum postings that can be read by anyone.
|
|
#12 Tue Jun 08, 2010 9:13 am
|
|
|
Developer
Registered: Apr 2004
Posts: 2230
Location: Belgium
|
A common approach is to use a contact form instead, and secure the form with means that are effective today. CAPTCHA is used a lot, but it depends on how good (and often how unknown) the code image generating is. It's a continuous struggle and changes every once in a while. And when you notice email address harvesting bots have broken through it's ofcourse already too late.
|
|
#13 Tue Jun 08, 2010 10:36 am
|
|
|
Member
Registered: Jun 2010
Posts: 7
|
Actually, I found an interesting solution here:
http://www.maxi-pedia.com/prevent+email+address+harvesting Break down e-mail address into parts and use JavaScript to combine it. |
|
#14 Wed Jun 09, 2010 9:41 am
|
|
|
Developer
Registered: Apr 2004
Posts: 2230
Location: Belgium
|
As long as a bot doesn't have an interpreter for JavaScript. Even a simple one just for parsing these write() calls.
|
|
#15 Wed Jun 09, 2010 2:11 pm
|
|
|
Member
Registered: Jun 2010
Posts: 7
|
damn!
|
|
#16 Fri Jul 30, 2010 12:34 pm
|
|
|
Member
Registered: Jul 2010
Posts: 2
|
Thanks for the detailed explanations, Dietrich. (And for the great software, btw. I probably checked some 20 other PHP forums, yours was the last one and the only one I really liked).
|
Page: 1
UseBB Community is powered by UseBB 1 Forum Software