[FX.php List] RE: Security Concerns with FileMaker Website
Edward L. Ford
elford at cs.bu.edu
Wed Jan 24 08:58:32 MST 2007
Stephen does raise a good point about possibly blocking legitimate
users, which is a major concern. My goal is to allow search engine
bots access to the site, but to tell other bots to "go away." This
is a public website, so login is not an option. I already have a
robots.txt file that tells the known search engines where to not go
-- it's just those danged spam bots that ignore robots.txt.
I may have to forego trying to handle URLs that go outside of this
site and let the bots do what they do. However, I absolutely do need
to prevent email harvesting, so here are some different options I'm
considering -- which one is the best choice? The tradeoff between
spam bot prevention and user friendliness is a major point:
1) "Email Jane Doe" which is a link to a HTML form that sends the
message to Jane Doe without showing her email address. No Captcha here.
2) No. 1, but with a captcha (then we have problems with
accessibility to the visually impaired)
3) Display Jane Doe's email address as an image using GD, maybe with
small "confetti" in the back to make it hard to OCR (Facebook does
something like this), forcing users who want to mail the person to
type the address
4) A marriage between 1/2 & 3
Thoughts?
--Ed
---------------------
http://www.edwardford.net
On Jan 24, 2007, at 10:23 AM, Stephen Knight wrote:
> Hi Edward and John,
>
> The reality is that while you can take precautions (JS de-
> obfuscation of
> email addresses for instance or even hyperlinks), there is no way
> to stop
> serving pages only to bots without blocking some percentage of real
> users.
> There are bot detecting scripts for PHP (based on the self-reported
> USER_AGENT variable) but some bots will masquerade as real browsers
> or just
> not report a user agent at all. Therefore at the current state of
> the web,
> the only reliable solution that has been found is the usage of a
> CAPTCHA (
> see http://en.wikipedia.org/wiki/CAPTCHA ) and there are some PHP
> packages
> such as PEAR::CAPTCHA to implement the image based authentication
> for you. I
> would suggest using something like this either before displaying
> your search
> results or when the user selects a link but instead of a redirect
> he has to
> verify that he is a real user.
>
>
> In Kindness
> Stephen K Knight
> http://www.fmwebschool.com
> 800.353.7950 / 386.453.5843
> FMWebschool, we bring the web to life
> FX.PHP PHP XML MySQL CDML ASP
>
> -----Original Message-----
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of John Moed
> Sent: Wednesday, January 24, 2007 10:18 AM
> To: fx.php_list at mail.iviking.org
> Subject: [FX.php List] RE: Security Concerns with FileMaker Website
>
> Edward,
>
> To prevent the Search Engines from indexing your pages, you need to
> add the
> following line to your HTML:
>
> <meta name="robots" content="noindex,nofollow">
>
> If your site is Password protected, the only people that would be
> able to
> "harvest your site" are ones with passwords. Bot's need passwords too.
>
> If anyone has any additional information, I would be interested in
> hearing
> it!
>
> Thanks,
> John
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070124/43839c4e/attachment.html
More information about the FX.php_List
mailing list