PDA

View Full Version : Spam prevention 2004



Baldy
03-20-2004, 04:43 PM
Having read the following with regards to spam & email harvesting...
http://www.open-realty.org/phpBB2/viewtopic.php?t=1524&highlight=spam

Is there a more up-todate way of prevention or cure that can protect all OR users from this problem if so What is it please?

RealtyOne
03-20-2004, 05:02 PM
uptodate?

if this is a worry to you or your users it is not hard to use &#64 in the email address when putting it into the database (just not sure how the mailto tag will read it.) since there is no email format check done.
or by useing something like this on output of email address
$email = str_replace("&#64", "@", $emailAddress);
to do it automaticly.

jared
12-07-2004, 08:13 PM
Listen; in my extensive and almost rebuild of open-realty I decided to solve this spam issue once and for-all.

Do this: Do not put agent email or any other email in your pages. Download any good FREE email or contact script that allows multiple email support. You can start at http://php.resourceindex.com

I use a simple contact manager form that on EACH AND EVERY agents page is a simple form that a visitor can submit and its processed to the php script called mailer.php The agent gets an email in their email box (which some have stupid hotmail accounts) and no-one is the wiser.

Jared.

Mick
12-07-2004, 08:20 PM
Um.. if your contact form uses a hidden to field then chances are the email address is in the page source and thus just as easily harvested by spammers.

Also.. wow.. bringing back an old topici ain't we??

jared
12-07-2004, 10:03 PM
Actually the email address is in the php script not in the html. Users can view source all they want and not see an email address.


Also.. wow.. bringing back an old topici ain't we??

My sincere appologies if this is an old issue.
Is there a place in the forum that addresses this as being solved?

Jared

Mick
12-08-2004, 02:39 AM
Not sure about solved for sure but I've seen several solutions in the past few weeks being discussed in other areas... don't have links handy but I've been following them loosely as they've developed.

jared
12-08-2004, 11:38 AM
Yes Mick;
After spending the evening in the forums I found several solutions.
Thanks for your cander.
Jared

greengiant
12-08-2004, 12:29 PM
As a note.. I am takign core of the email harvesting and spam problem in 2.0. Will all be in alpha 2.

original89
12-08-2004, 12:51 PM
the main areas are

the contact us.php
and
listingview mailto:
and
listingview agent contact form hidden recipient (or 'recipeint' if you use the mod)

its the last one that causes the most grief (i know its a mod) as it has the highest number of emails to farm returned from the listing db.

Will Alpha 2 have an listing view agent contact form?

ereed
12-08-2004, 02:35 PM
I thought that an email harvester wouldn't find the addresses until the query was completed, and since they wouldn't be completing any queries, the address wouldn't be visible to them.

Is that correct? I'm curious enough to download and run one against my own site to see what can be found.

greengiant
12-08-2004, 03:04 PM
Alpha 2 will have a contact agent form. Also the email firend form will be rewritten to help stop spam. I should get this all in early next week. Wrapping up one other thing here this week, then i am back to 2.0 full bore.

jared
12-09-2004, 08:21 AM
ereed;
As I understand it, they bots harvest email addresses from the web page itself. I could be wrong but thats what I've come to understand. Please correct me if I'm wrong.

Jared

Mick
12-09-2004, 03:10 PM
Yes the harvesters can harvest directly from the page's source code.

Which means if you use a contact form with the address embedded in the source in a hidden field it is still suscepible to being harvested.

The way to get around this is with a database query. If you make a contact form which only specifies the userID that the email is ment for then on a database query when the form is submitted it can pull the user's email address at that point and send the email address.. all without revealing the email address.

kdawber
12-17-2004, 04:13 AM
Properly done, having a form available for people to correspond will reduce spam to almost zero. The problem remains that there are good reasons to have a real email address shown on a web site. These include:
- Customers have greater respect for companies that include full phone numbers, real address and real email address.
- Some people prefer to use their email programs so that they can maintain records of email that they have sent or maintain records of email received attached to email that was sent.
- Most forms don't allow the user to send attachments and sometimes attachments (word documents etc) are the best way to communicate.

I don't know of 100 per cent full proof way of stopping spam but the following is a multi tier approach that I use.

1) Using my hosting providers CPanel interface I am able to create multiple email addresses, each being redirected to other email address. I am able to create myname101@myhost.com and have the email redirected to my normal email address.

2) The Cpanel interface also gives me various options for spam protection.

3) I have an include file which is called from most of my web pages that shows the email address. This include file looks like the following:

<em>
<p> We can be contacted at ph (09) 9999 999 or Mobile 0999 999 999
<script language=javascript><!--
var vers = "101"
var vma = "ma"
var vil = "il"
var vto = "to"
var vtf = " the following: "
var vc = ":"
var vhr = " <a hr"
var usr1 = "myname"
var hst1 = "myhos"
var hst2 = "t.c"
var hst3 = "om"
var eaddr = usr1 + vers + "@" + hst1 + hst2 + hst3
document.write(" or by e" + vma + vil + " " + vto + vtf + " <a " + vhr + "ef=" + vma + vil + vto + vc + eaddr + ">" + eaddr + "</" + "a>")
//--></script>
.
</p>
</em>

I am expecting that most email harvesters work on the source code so the above is what is seen rather than the final displayed and linked email address.

I have found that very little spam gets through all this but should it start getting through this then I will just have to keep changing the 101 to 202 to 303 etc

Hope this helps
Ken

awddesign
12-17-2004, 08:08 AM
Yes the harvesters can harvest directly from the page's source code.

Which means if you use a contact form with the address embedded in the source in a hidden field it is still suscepible to being harvested.

The way to get around this is with a database query. If you make a contact form which only specifies the userID that the email is ment for then on a database query when the form is submitted it can pull the user's email address at that point and send the email address.. all without revealing the email address.

Hi
Yup thats the one I am working on for 1.1.5b, taking the userID from the database and sending on the mail.

Apart from that All the other pages in 1.1.5b I have been up dated.
see demo at ORE site.

Al