Page 1 of 1
anti spambot email harvesting - email contact form
Posted: Wed Nov 17, 2004 8:46 am
by original89
hello.
I hope you can help me, i've been reading through the forums and have not been able to find anything really that might be able to help me stop email harvesting from my holiday property booking website.
I have a contact form on every property owners page that calls the owners email details from the database, the form i have uses 'hidden' as i dont really want to display the email on the page. (although this appears in the source code)
echo "<input type=\"hidden\" name=\"recipient\" value=\"$listing_emailAddress\">\n";
this is my problem, the email harvesters are having a field day, does anyone know how i might be able to create a form that can encrypt the email address in the source or point me in the direction of a form that i can customise.
my users arent impressed getting 'enlargement' adverts posted to their holiday cottage reservations
many thanks
David
Posted: Wed Nov 17, 2004 9:30 am
by hairyjim
Posted: Wed Nov 17, 2004 9:57 am
by pickle
You could use MING to make a flash file of each email address. You can setup the file to behave just like an ordinary link, but the code of the website won't actually contain the email address.
thanks
Posted: Wed Nov 17, 2004 10:03 am
by original89
hairyjim - i think this link is close, i will try this and post back, although the instructions are in german it doesnt help me too much, i guess i just create this and call it into my page where the email is appearing in the source code? hopefully this will scramble it all up into a big mess?
http://vextron.mirrors.phpclasses.org/b ... /1873.html
pickle - youve lost me there, im afraid its not a link but a form i have which sends the email.
thanks
Posted: Wed Nov 17, 2004 10:09 am
by pickle
Yep, I did lose you.
Instead of storing the email address itself in the form, could you maybe store the ID of the entry from the DB. So, instead of storing "
client@domain.com", store "2". Then in your page that handles the form, pull out the email associated with the index "2".
nope
Posted: Wed Nov 17, 2004 10:16 am
by original89
its close but not close enough, i dont understand the instructions and my php is well lets say still at basic level.
thanks.
pickle
Posted: Wed Nov 17, 2004 10:31 am
by original89
wouldnt that still make the email address appear in the code?, ill have a think along those lines though.
thanks.
Posted: Wed Nov 17, 2004 10:33 am
by kettle_drum
Why not use php to send the emails instead of the user. Make a form on the site that accepts the message and then use mail() to send it to the client. Or save them to a database so that you can check them before they are sent.
Re: pickle
Posted: Wed Nov 17, 2004 10:44 am
by pickle
original89 wrote:wouldnt that still make the email address appear in the code?, ill have a think along those lines though.
thanks.
No, the email wouldn't be stored in any code. The form would look kind of like this:
Code: Select all
<form ... >
<input type = "hidden" name = "address_index" value = "2">
<input type = "text" name = "message">
<input type = "submit">
</form>
Then your page that handles it could look like this:
Code: Select all
$passed_index = $_POST['address_index'];
$address_query = "SELECT address FROM table WHERE index = '$passed_index'";
$result = mysql_query($address_query);
$row = mysql_fetch_assoc($result);
$email_to_send_to = $row['address'];
Posted: Wed Nov 17, 2004 11:20 am
by original89
kettle drum - im using a form (well trying to) and i hide the information and i use the mail function so the email is sent direct to the property owner. this is seen by the harvesters in my source code, when they execute the page.
pickle - i think youve found me - but i think im out of my depth here as im not sure if this would actually produce different results on my page. . would it help if i pasted my code? so i can explain it a bit better? or is that a bit cheeky.
thanks.
Posted: Wed Nov 17, 2004 12:30 pm
by patrikG
Check this one out:
http://www.zapyon.de/spam-me-not/index.html
It's a simple, but clever method of encrypting the mailto link (or any link, for that matter), and it works as far as I can tell. I've used it on a number of websites and so far, no problems. They also offer the script to obfuscate mailto-links in PHP.
Do bear in mind that once an email has been harvested, it's "tainted" and will remain so for a long while.
hi
Posted: Wed Nov 17, 2004 12:55 pm
by original89
Patrick
thanks for that, id actually seen that one and it works well if it is a hard coded mailto link and the hex is exactly what i want to see, but i am using a form with a bit of the php that goes like this. So you see i only hide the email returned from the query so it still appears in the source, so it gets spammed.
Code: Select all
// get the email address for the person who posted a listing
global $conn, $lang, $config, $listing_emailAddress;
$listingID = make_db_extra_safe($listingID);
$sql = "SELECT ".$config['table_prefix']."listingsDB.Title, ".$config['table_prefix']."UserDB.emailAddress, " .$config['table_prefix']."UserDB.user_name FROM ".$config['table_prefix']."listingsDB, ".$config['table_prefix']."UserDB WHERE ((".$config['table_prefix']."listingsDB.ID = $listingID) AND (".$config['table_prefix']."UserDB.ID = " . $config['table_prefix']."listingsDB.user_ID))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
// return the email address
while (!$recordSet->EOF)
{
$listing_emailAddress = make_db_unsafe ($recordSet->fields[emailAddress]);
$listing_ID = make_db_unsafe ($recordSet->fields[ID]);
$listing_username = make_db_unsafe ($recordSet->fields[user_name]);
$listing_Title = make_db_unsafe ($recordSet->fields[Title]);
$recordSet->MoveNext();
} // end while
echo "<div align="center">";
echo "<form name="mailman" method="post" action="email_agent.php" onsubmit="return formCheck(this);">\n";
echo "<input type="hidden" name="recipient" value="$listing_emailAddress">\n";
echo "<input type="hidden" name="action" value="mail">\n";
echo "<input type="hidden" name="listing_username" value="$listing_username">\n";
echo "<input type="hidden" name="listingID" value=$listingID />\n";
echo "<input type="hidden" name="headline" value="$listing_Title" />\n";
echo "<tr><td colspan="2" align="center"><input type="submit" value="Send"></td></tr></table>";
echo "</form>"
?>
Weirdan | Help us, help you. Please use Code: Select all
tags where approriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Posted: Thu Nov 18, 2004 3:40 am
by phpScott
yes but if you follow a little of what pickle suggested and put the uniqueId of the row that stores the email into your recipient input type then when the page gets submitted do another query to extract the email address then send create and send the email.
Pickle gave you a very good example of how it should work that way it won't be stored in the form.
yes
Posted: Thu Nov 18, 2004 4:53 am
by original89
Hi
yes i think thats the route i need to take i will try and figure out how to implement it.
thanks v m.
i think im getting there.
Posted: Thu Nov 18, 2004 5:55 am
by original89
okay ive been pondering on this and my head is really hurting now, i am a bit of a newbie at this so its a bit tricky for me to get my head around this, apologies.
so i would only extract the email after the form has been submitted, replacing my existing code with the listing id. currently on submit this trigegrs my email_agent php and this actually does the post.
So if i remove remove the query to extract the email should i put this into my email agent php? so the source wouldnt show the listing email just the id? is this right.
here is my email_agent code.
Code: Select all
<?php
include("include/common.php");
include("$config[template_path]/user_top.html");
global $conn, $config, $lang;
$listingID = $_POST[listingID];
if (!empty($_POST)) {
extract($_POST);
} else if (!empty($HTTP_POST_VARS)) {
extract($HTTP_POST_VARS);
}
if (!empty($_GET)) {
extract($_GET);
} else if (!empty($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS);
}
if ($action == "mail")
{
if ($recipient == "")
{
die ("<h3>$lang[friend_listing_provide_email]</h3>");
}
if ($sender == "")
{
die ("<h3>$lang[friend_listing_enter_name]</h3>");
}
if ($sender_email == "")
{
die ("<h3>$lang[friend_listing_enter_email_address]</h3>");
}
if ($comment == "")
{
die ("<h3>Please post some comments</h3>");
}
$message = $lang[friend_listing_default_message];
$message = stripslashes($message);
$headers .= "From: ".$sender." <".$sender_email.">" . "\r\n";
$headers .= "Bcc: <".$admin_email.">\r\n";
$temp = mail($recipient, $lang[friend_listing_default_subject], $message, $headers) or print "<h3>Sorry, could not send your message. Please try again later.</h3>";
if ($temp == true)
{
echo "$lang[friend_listing_sent]<p><a href="listingview.php?listingID=$listingID">Please return to listing $listing</a></p>";
}
}//end if
else
{
echo "<h3>You must have something to email!</h3>";
}
include("$config[template_path]/user_bottom.html");
?>
?>