Page 1 of 1

Can bots scan code?

Posted: Sun Jan 31, 2010 4:59 am
by skytreader
Hello all. As I'm aware, bots scourge the net for email adds to spam. Hence, people has been implementing measures against such bots such as giving out their email adds on webpages in the form, someoneNOSPAM@NOBOTexample.com, or some other distortion readily recognizable to humans (and not to bots). However, I've been thinking lately, can bots scan the source code? (Or do they really scan the source code and it is only me who's got the impression that they scan, not the source code, but the "page" which humans see?)

Specifically, I'm concerned about this: I'm creating a guestbook for my website and I used PHP's mail() function. If someone reads my source code, he can easily obtain my email add and spam-attack me. I know that humans would have to download the PHP file itself (not just display it on their browser and click "View Source). But can bots scourge my code? Also, since I'm implementing a captcha on my website, I signed up for reCaptcha.

At http://recaptcha.net/plugins/php/, item 4 tells me on what code will my private key be used. However, as reCaptcha told me upon giving me my keys, I should keep my private key, well, private. I've been thinking on directly typing the code template of item 4 into the "processor" page of my forms but won't that expose my private key?

What should I do to secure myself?

Advance thanks to anyone who can enlighten me on this.

Re: Can bots scan code?

Posted: Sun Jan 31, 2010 6:09 am
by greyhoundcode
Generally, depending on how your server is configured, it is not possible for bots or anyone else to view the contents of a .php file, only the output.

Code: Select all

 $im = imagecreatefrompng("image.png");
 
header('Content-type: image/png');
 
imagepng($im);
imagedestroy($im); 
In the case of the script above for instance it should not be possible for bots or visitors to see the underlying PHP code, only the image. Of course, if you start using file extensions such as .inc then you might want to be a bit more careful and check all the settings, etc.

Re: Can bots scan code?

Posted: Sun Jan 31, 2010 6:18 am
by kaisellgren
Bots read the HTML source code. They can't access your PHP source code (unless there's a security hole in your system), if that's what you asked. So, emails in the HTML/CSS/JavaScript (or any other client-side language) are visible to bots, but not the ones that are on server-side languages such as PHP.