anti spambot email harvesting - email contact form
Moderator: General Moderators
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
anti spambot email harvesting - email contact form
hello.
I hope you can help me, i've been reading through the forums and have not been able to find anything really that might be able to help me stop email harvesting from my holiday property booking website.
I have a contact form on every property owners page that calls the owners email details from the database, the form i have uses 'hidden' as i dont really want to display the email on the page. (although this appears in the source code)
echo "<input type=\"hidden\" name=\"recipient\" value=\"$listing_emailAddress\">\n";
this is my problem, the email harvesters are having a field day, does anyone know how i might be able to create a form that can encrypt the email address in the source or point me in the direction of a form that i can customise.
my users arent impressed getting 'enlargement' adverts posted to their holiday cottage reservations
many thanks
David
I hope you can help me, i've been reading through the forums and have not been able to find anything really that might be able to help me stop email harvesting from my holiday property booking website.
I have a contact form on every property owners page that calls the owners email details from the database, the form i have uses 'hidden' as i dont really want to display the email on the page. (although this appears in the source code)
echo "<input type=\"hidden\" name=\"recipient\" value=\"$listing_emailAddress\">\n";
this is my problem, the email harvesters are having a field day, does anyone know how i might be able to create a form that can encrypt the email address in the source or point me in the direction of a form that i can customise.
my users arent impressed getting 'enlargement' adverts posted to their holiday cottage reservations
many thanks
David
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
thanks
hairyjim - i think this link is close, i will try this and post back, although the instructions are in german it doesnt help me too much, i guess i just create this and call it into my page where the email is appearing in the source code? hopefully this will scramble it all up into a big mess?
http://vextron.mirrors.phpclasses.org/b ... /1873.html
pickle - youve lost me there, im afraid its not a link but a form i have which sends the email.
thanks
http://vextron.mirrors.phpclasses.org/b ... /1873.html
pickle - youve lost me there, im afraid its not a link but a form i have which sends the email.
thanks
Yep, I did lose you.
Instead of storing the email address itself in the form, could you maybe store the ID of the entry from the DB. So, instead of storing "client@domain.com", store "2". Then in your page that handles the form, pull out the email associated with the index "2".
Instead of storing the email address itself in the form, could you maybe store the ID of the entry from the DB. So, instead of storing "client@domain.com", store "2". Then in your page that handles the form, pull out the email associated with the index "2".
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
nope
its close but not close enough, i dont understand the instructions and my php is well lets say still at basic level.
thanks.
thanks.
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
pickle
wouldnt that still make the email address appear in the code?, ill have a think along those lines though.
thanks.
thanks.
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Re: pickle
No, the email wouldn't be stored in any code. The form would look kind of like this:original89 wrote:wouldnt that still make the email address appear in the code?, ill have a think along those lines though.
thanks.
Code: Select all
<form ... >
<input type = "hidden" name = "address_index" value = "2">
<input type = "text" name = "message">
<input type = "submit">
</form>Code: Select all
$passed_index = $_POST['address_index'];
$address_query = "SELECT address FROM table WHERE index = '$passed_index'";
$result = mysql_query($address_query);
$row = mysql_fetch_assoc($result);
$email_to_send_to = $row['address'];Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
kettle drum - im using a form (well trying to) and i hide the information and i use the mail function so the email is sent direct to the property owner. this is seen by the harvesters in my source code, when they execute the page.
pickle - i think youve found me - but i think im out of my depth here as im not sure if this would actually produce different results on my page. . would it help if i pasted my code? so i can explain it a bit better? or is that a bit cheeky.
thanks.
pickle - i think youve found me - but i think im out of my depth here as im not sure if this would actually produce different results on my page. . would it help if i pasted my code? so i can explain it a bit better? or is that a bit cheeky.
thanks.
Check this one out: http://www.zapyon.de/spam-me-not/index.html
It's a simple, but clever method of encrypting the mailto link (or any link, for that matter), and it works as far as I can tell. I've used it on a number of websites and so far, no problems. They also offer the script to obfuscate mailto-links in PHP.
Do bear in mind that once an email has been harvested, it's "tainted" and will remain so for a long while.
It's a simple, but clever method of encrypting the mailto link (or any link, for that matter), and it works as far as I can tell. I've used it on a number of websites and so far, no problems. They also offer the script to obfuscate mailto-links in PHP.
Do bear in mind that once an email has been harvested, it's "tainted" and will remain so for a long while.
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
hi
Patrick
thanks for that, id actually seen that one and it works well if it is a hard coded mailto link and the hex is exactly what i want to see, but i am using a form with a bit of the php that goes like this. So you see i only hide the email returned from the query so it still appears in the source, so it gets spammed.
Weirdan | Help us, help you. Please use
thanks for that, id actually seen that one and it works well if it is a hard coded mailto link and the hex is exactly what i want to see, but i am using a form with a bit of the php that goes like this. So you see i only hide the email returned from the query so it still appears in the source, so it gets spammed.
Code: Select all
// get the email address for the person who posted a listing
global $conn, $lang, $config, $listing_emailAddress;
$listingID = make_db_extra_safe($listingID);
$sql = "SELECT ".$config['table_prefix']."listingsDB.Title, ".$config['table_prefix']."UserDB.emailAddress, " .$config['table_prefix']."UserDB.user_name FROM ".$config['table_prefix']."listingsDB, ".$config['table_prefix']."UserDB WHERE ((".$config['table_prefix']."listingsDB.ID = $listingID) AND (".$config['table_prefix']."UserDB.ID = " . $config['table_prefix']."listingsDB.user_ID))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
// return the email address
while (!$recordSet->EOF)
{
$listing_emailAddress = make_db_unsafe ($recordSet->fields[emailAddress]);
$listing_ID = make_db_unsafe ($recordSet->fields[ID]);
$listing_username = make_db_unsafe ($recordSet->fields[user_name]);
$listing_Title = make_db_unsafe ($recordSet->fields[Title]);
$recordSet->MoveNext();
} // end while
echo "<div align="center">";
echo "<form name="mailman" method="post" action="email_agent.php" onsubmit="return formCheck(this);">\n";
echo "<input type="hidden" name="recipient" value="$listing_emailAddress">\n";
echo "<input type="hidden" name="action" value="mail">\n";
echo "<input type="hidden" name="listing_username" value="$listing_username">\n";
echo "<input type="hidden" name="listingID" value=$listingID />\n";
echo "<input type="hidden" name="headline" value="$listing_Title" />\n";
echo "<tr><td colspan="2" align="center"><input type="submit" value="Send"></td></tr></table>";
echo "</form>"
?>Code: Select all
andCode: Select all
tags where approriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]yes but if you follow a little of what pickle suggested and put the uniqueId of the row that stores the email into your recipient input type then when the page gets submitted do another query to extract the email address then send create and send the email.
Pickle gave you a very good example of how it should work that way it won't be stored in the form.
Pickle gave you a very good example of how it should work that way it won't be stored in the form.
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
yes
Hi
yes i think thats the route i need to take i will try and figure out how to implement it.
thanks v m.
yes i think thats the route i need to take i will try and figure out how to implement it.
thanks v m.
-
original89
- Forum Newbie
- Posts: 22
- Joined: Wed Nov 17, 2004 8:25 am
i think im getting there.
okay ive been pondering on this and my head is really hurting now, i am a bit of a newbie at this so its a bit tricky for me to get my head around this, apologies.
so i would only extract the email after the form has been submitted, replacing my existing code with the listing id. currently on submit this trigegrs my email_agent php and this actually does the post.
So if i remove remove the query to extract the email should i put this into my email agent php? so the source wouldnt show the listing email just the id? is this right.
here is my email_agent code.
so i would only extract the email after the form has been submitted, replacing my existing code with the listing id. currently on submit this trigegrs my email_agent php and this actually does the post.
So if i remove remove the query to extract the email should i put this into my email agent php? so the source wouldnt show the listing email just the id? is this right.
here is my email_agent code.
Code: Select all
<?php
include("include/common.php");
include("$config[template_path]/user_top.html");
global $conn, $config, $lang;
$listingID = $_POST[listingID];
if (!empty($_POST)) {
extract($_POST);
} else if (!empty($HTTP_POST_VARS)) {
extract($HTTP_POST_VARS);
}
if (!empty($_GET)) {
extract($_GET);
} else if (!empty($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS);
}
if ($action == "mail")
{
if ($recipient == "")
{
die ("<h3>$lang[friend_listing_provide_email]</h3>");
}
if ($sender == "")
{
die ("<h3>$lang[friend_listing_enter_name]</h3>");
}
if ($sender_email == "")
{
die ("<h3>$lang[friend_listing_enter_email_address]</h3>");
}
if ($comment == "")
{
die ("<h3>Please post some comments</h3>");
}
$message = $lang[friend_listing_default_message];
$message = stripslashes($message);
$headers .= "From: ".$sender." <".$sender_email.">" . "\r\n";
$headers .= "Bcc: <".$admin_email.">\r\n";
$temp = mail($recipient, $lang[friend_listing_default_subject], $message, $headers) or print "<h3>Sorry, could not send your message. Please try again later.</h3>";
if ($temp == true)
{
echo "$lang[friend_listing_sent]<p><a href="listingview.php?listingID=$listingID">Please return to listing $listing</a></p>";
}
}//end if
else
{
echo "<h3>You must have something to email!</h3>";
}
include("$config[template_path]/user_bottom.html");
?>
?>