[FX.php List] RE: Security Concerns with FileMaker Website

Gjermund Gusland Thorsen ggt667 at gmail.com
Wed Jan 24 09:10:02 MST 2007


My few cents worth: let them crawl you,
but avoid showing email addresses.

ggt667

On 1/24/07, Edward L. Ford <elford at cs.bu.edu> wrote:
> Stephen does raise a good point about possibly blocking legitimate users,
> which is a major concern.  My goal is to allow search engine bots access to
> the site, but to tell other bots to "go away."  This is a public website, so
> login is not an option.  I already have a robots.txt file that tells the
> known search engines where to not go -- it's just those danged spam bots
> that ignore robots.txt.
>
>
> I may have to forego trying to handle URLs that go outside of this site and
> let the bots do what they do.  However, I absolutely do need to prevent
> email harvesting, so here are some different options I'm considering --
> which one is the best choice?  The tradeoff between spam bot prevention and
> user friendliness is a major point:
>
> 1) "Email Jane Doe" which is a link to a HTML form that sends the message to
> Jane Doe without showing her email address.  No Captcha here.
> 2) No. 1, but with a captcha (then we have problems with accessibility to
> the visually impaired)
> 3) Display Jane Doe's email address as an image using GD, maybe with small
> "confetti" in the back to make it hard to OCR  (Facebook does something like
> this), forcing users who want to mail the person to type the address
> 4) A marriage between 1/2 & 3
>
> Thoughts?
> --Ed
>
>
> ---------------------
> http://www.edwardford.net
>
>
>
> On Jan 24, 2007, at 10:23 AM, Stephen Knight wrote:
>
> Hi Edward and John,
>
> The reality is that while you can take precautions (JS de-obfuscation of
> email addresses for instance or even hyperlinks), there is no way to stop
> serving pages only to bots without blocking some percentage of real users.
> There are bot detecting scripts for PHP (based on the self-reported
> USER_AGENT variable) but some bots will masquerade as real browsers or just
> not report a user agent at all. Therefore at the current state of the web,
> the only reliable solution that has been found is the usage of a CAPTCHA (
> see http://en.wikipedia.org/wiki/CAPTCHA ) and there are
> some PHP packages
> such as PEAR::CAPTCHA to implement the image based authentication for you. I
> would suggest using something like this either before displaying your search
> results or when the user selects a link but instead of a redirect he has to
> verify that he is a real user.
>
>
> In Kindness
> Stephen K Knight
> http://www.fmwebschool.com
> 800.353.7950 / 386.453.5843
> FMWebschool, we bring the web to life
> FX.PHP PHP XML MySQL CDML ASP
>
> -----Original Message-----
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of
> John Moed
> Sent: Wednesday, January 24, 2007 10:18 AM
> To: fx.php_list at mail.iviking.org
> Subject: [FX.php List] RE: Security Concerns with FileMaker Website
>
> Edward,
>
> To prevent the Search Engines from indexing your pages, you need to add the
> following line to your HTML:
>
> <meta name="robots" content="noindex,nofollow">
>
> If your site is Password protected, the only people that would be able to
> "harvest your site" are ones with passwords. Bot's need passwords too.
>
> If anyone has any additional information, I would be interested in hearing
> it!
>
> Thanks,
> John
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>


More information about the FX.php_List mailing list