...

View Full Version : :: will this script stop spambots? ::



babelfish
08-21-2002, 05:54 PM
<script>

function emaillink(person,domain,subject,text) {
document.write('<a href=\"mailto:' + person + '@' + domain + '?subject=' + subject + '\">' + text + '</a>');
}

</script>

<script>emaillink('mickeymouse','disney.com','minny','click here to email a fictional character')</script>

i wrote this as im sick of getting spam from my websites - will it work tho? (im talking spambots rather than ppl)

thanks peeps!

joh6nn
08-21-2002, 07:22 PM
you can fool some of the bots all of the time, and you can fool all of the bots some of the time, but you can't foll all of the bots all of the time.

when i get a better handle on server side languages, i'm going to set up a FormMail script, and replace all my mailto links with the form. that's the only way that i know of, to keep the bots off you, because the address is completely invisible on the client side.

Mr J
08-21-2002, 08:50 PM
Try doing your email address in Decimal Code

Might work ?

Mr J
08-21-2002, 08:51 PM
can spiders read decimal ??

brothercake
08-21-2002, 08:53 PM
Originally posted by joh6nn
because the address is completely invisible on the client side.

Yeah but is it? Even with a formail program, the recipient address still needs to be visible in the form. Or are you hard-coding it into the script?

I use a similair technique to babelfish' but I add php discrimination as well. So - define a $browsers group use user agent info, which gets rid of non-spoofing bots, and then inside that put the javascript info to write the form element.

As a no-script alternative, i;ve used a gif image of my email address with no alt tag :)

But still ... probably not 100% reliable :rolleyes:

joh6nn
08-21-2002, 09:47 PM
yeah, i had actually intended on hard coding the address into the server side script. another benefit of that is that i only have one thing to change if i change email addresses.

zoobie
08-22-2002, 01:26 AM
No.

Spambots are now starting to read js.

Unfortunately, if you're using mailto:, there's not much you can do about this.

One solution would be to use a mailer with PHP's built in mail() function or another server side language.

Another, if a action isn't really needed, would be to just use plain text = joe at yahoo dot com

I wouldn't be suprised if spambots soon 'learn' to read text...:D

whammy
08-22-2002, 01:31 AM
Yeah but is it? Even with a formail program, the recipient address still needs to be visible in the form. Or are you hard-coding it into the script?
Nah... if you're using server-side scripting, the client's browser never needs to see that stuff.

Either that or you're doing something wrong! If you have the ability to use server-side scripting to send emails, you should never have a "mailto" link unless you're lazy or don't care.

Tip to john: make your email address an application variable - (in ASP, that would be in the global.asa file) then you only have to change it in one place, no matter how many pages you've put it on!

That goes for pretty much anything you may use throughout a site.

:D

brothercake
08-22-2002, 02:09 AM
Originally posted by whammy
Either that or you're doing something wrong! If you have the ability to use server-side scripting to send emails, you should never have a "mailto" link unless you're lazy or don't care.

I was mainly thinking of generic programs like FormMail.pl - where you pass it the information in a GET request. But sure, for a custom script then there's no need.

Having said that .. I still use mailto: for a thing where visitors can mail themselves a link to the page they're on; but that's for liability reasons, so that it can't be used to spam someone who wasn't expecting it.

I guess I could get past liability by making it seem like the email came from noone, but that just seems devious. Dunno. Maybe i'm being hypersensitive.

whammy
08-22-2002, 10:22 PM
I worry about the same thing actually - which is why for any kind of formmail thing that someone COULD abuse, I make sure to include their IP address (and warn them of such).

Graeme Hackston
08-23-2002, 12:15 AM
I'm just thinking outloud here, feel free to shoot it down or add to it.

If I understand this correctly, for a spambot to harvest your email it would have to be able to follow links and read javascript.

If spambots can do that could mouse movement be detected prior to allowing the link to be followed?

joh6nn
08-23-2002, 12:25 AM
no, because spam bots work by reading the source of a page, and pulling the email address out of the source. so if the address is anywhere on the page, then the spambot can read it.

Graeme Hackston
08-23-2002, 12:28 AM
OIC, thanks John

babelfish
08-23-2002, 09:45 AM
Originally posted by joh6nn
no, because spam bots work by reading the source of a page, and pulling the email address out of the source. so if the address is anywhere on the page, then the spambot can read it.

so u mean when reading the source it would actually see the output of the document.write? or just the code to produce the output?

brothercake
08-23-2002, 10:58 AM
I doubt if a spambot would process and compile the output of a document.write ... but maybe there are some that do

babelfish
08-23-2002, 11:02 AM
well, as long as i cut down 90% i would be happy - but atm im sick of clearing out carp spam every day

BrainJar
08-23-2002, 05:09 PM
I've got a feeling most spam bot software is pretty lame considering the type of people who are in the spam business.

I've used the "document.write" approach for some time and haven't seen any spam from it.

Having multiple email addresses for tracking and using throw-away addresses seems to work well to.

Mr J
08-23-2002, 08:45 PM
Would a spam bot be able to read this:


&#121&#111&#117&#64&#121&#111&#117&#114&#46&#99&#111&#109

Which says:

you@yours.com

Mr J
08-23-2002, 08:48 PM
The above did not render correctly:

The follwoing reads "you@yours.com"

&amp;#121&amp;#111&amp;#117&amp;#64&amp;#121&amp;#111&amp;#117&amp;#114&amp;#46&amp;#99&amp;#111&amp;#109

whammy
08-24-2002, 02:04 AM
Is "carp spam" anything like "fish food" ? ;)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum