View Full Version : Robust way of hiding phone number, email, etc?

01-10-2012, 03:03 PM
It's the bane of the web developer's life, trying to hide phone numbers and email addresses from low-lifes who write robots to harvest contact information for spamming purposes.

So I came up with the following function which hides email, phone, etc, inside a bit of javascript, as follows:

function hideIt($string)
$chars = str_split($string);

$data = "";
foreach ($chars as $char)
$data .= '\\x'.sprintf("%02X", ord($char));

$javascript = "<script><!-- document.write(\"$data\"); --></script>";

And so for example,



<script><!-- document.write("\x6D\x65\x40\x6D\x79\x64\x6F\x6D\x61\x69\x6E\x2E\x63\x6F\x6D"); --></script>

Would that be enough to deter robots? Or do you suppose that the lowlife scum spammers would actually go out of their way to write code to try to read that? (which, admittedly, is not hard to do!)

The other alternative is to use an image, but that is a pain in the arse and not easily modifyable.

01-10-2012, 03:17 PM
Is this a user based system? If it is, you could just hide phone and email information from public use.

If that's not the case, it's obviously a bit harder :P . I like the idea of your method - hope someone will comment about it.

01-10-2012, 03:28 PM
Yeah, it's a user-based system, hence the problem!

01-10-2012, 03:37 PM
Yeah, it's a user-based system, hence the problem!

I don't see a problem here. Just don't display it. Problem solved.
Use forms instead for any contact required.
As for Javascript, I guess that simply depends on how sophisticated the bots are. If its part of the HTML, it can be pulled out even if the JS is required to be parsed. If you want the data to remain public, use images like a captcha instead, although some of those are starting to get pretty good at identifying glyphs too.

01-10-2012, 03:38 PM
Yeah, it's a user-based system, hence the problem!

Like Fou-Lu said - why not have the contact information hidden for non-registered users?

01-10-2012, 04:00 PM
Certainly I can do that with email addresses, but phone numbers do need to be displayed. I won't go into why, by suffice it to say that phone numbers do need to be displayed. I think the javascript solution is probably OK, anything can be cracked if the lowlife scum really want to, depends how much they want to though, I suppose!

01-10-2012, 08:26 PM
Of course it isn't really hidden using JavaScript. Some of the lowlives simply hire a few million peasants from some fifth world country for a few pennies a week to go through all the pages and so will obtain the version visible in the page regardless of how it is encoded.

A more secure way would be to display it as an image rather than using JavaScript. At least then it can't be broken by those not employing peasants who rely on automated processes to crack your script.