Jon D. Slater wrote:
If this question is off topic (or there's a better place to ask it), please
let me know.
I'm running Apache 2.0.54 under FC4 2.6.14-1.1656.
I *think* I've successfully java scripted all of my e-mail address links to
prevent SPAM bots from harvesting them.
I wonder whether spambots have implemented javascript yet? Surely, if a
web browser can be written to display content, and a screen scraper
written to speak it, then a spambot can get the real text.
Question 1: How do I know? (Is there some script or test I can run that
will look for vulnerable e-mail addresses exposed on my web site?)
I rather like the idea of email addresses like this:
enquiries+99@xxxxxxxxxxx
Replace the nines with a number that indicates to you the age of the
email address. Change the number as often as you need.
Most MTAs (some use a minus) will deliver to enquiries regardless of the
number, and you can then use filtering.
Depending on the application, I'd also preset the subject: a Real Estate
agency getting email about "Property number 995917633" wont have any
problem writing a filter to distringuish it "Three steps to the software
you require."
Question 2: If a .cgi script generates a web page on-the-fly (like many
packages do), and if that generated page includes an e-mail link to
support@xxxxxxxxxxxxxxxx, is that e-mail address also vulnerable? Or does
it have to be in an ".html" file to be bot'ed?
If google can find it so can a spambot.
Google for "dive into mark." As I recall he has some thoughts on
defeating spambots (and other interesting topics).
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
