Page 1 of 1
email address harvesters
Posted: Sat Mar 06, 2004 3:01 am
by juls
My contact.php page uses php to extract and display email addresses from a mysql database. If these email addresses reside within a database, and are only displayed when the page is called, are they vulnerable to email harvester programs? If so, how do I protect them!
Thanks in advance...
Posted: Sat Mar 06, 2004 4:41 am
by qads
many email harvesters work like spiders, going from one link to another, if you have a link to contact.php page in another page then it will show up thinking its a user requesting the information.
you can use javascript to keep each part of email in diffrenet var and then print it on page, but it wont work for users without javascript, the only safe(ish) way to do is to have a contact form which the user the use to email you, then you can reply, atleast this way, someone will have to add your email address manualy

Posted: Sat Mar 06, 2004 4:53 am
by juls
Thanks Qads! So email harversters CAN access the data in the database by displaying the php page! I will follow your advice and use the javascript solution.
Posted: Sat Mar 06, 2004 12:43 pm
by timvw
Mind that ppl with JavaScript disabled will so nothing... Other option would be to provide an image with the e-mail address in.... or use a form that delegates the e-mails without exposing the address to others...
Posted: Sun Mar 07, 2004 12:48 pm
by JAM
Adding to the discussion;
You can also use header()'s in this form:
Code: Select all
<?php
// email.php
$userid = $_GET['userid'];
$result = mysql_query("select email from table the userid = $userid");
$mail = mysql_result($result,0);
header("Location: mailto:$mail");
?>
Calling the file above using /email.php?userid=4 will get you the email addy of person #4 (in theory) in your database, and initiate 'mailto-popup' acoordingly...
Yes, it needs editing, it's just ideas of another ways to bypass spiders/harvesters.