[FX.php List] RE: Security Concerns with FileMaker Website

Stephen Knight stephen at fmwebschool.com
Wed Jan 24 09:15:55 MST 2007 

Hi Edward,
 
A few comments:
 
The usage of:
"<meta name="robots" content="noindex,nofollow">" is great for respectable
bots such as search engines but just like robots.txt it does not prevent
spam bots from harvesting.
 
The method you have brought up was in fact used our previous projects: 
3) Display Jane Doe's email address as an image using GD, maybe with small
"confetti" in the back to make it hard to OCR (Facebook does something like
this), forcing users who want to mail the person to type the address
 
This is indeed a good method but leaves the email address not clickable and
as you said can be an obstacle for the visually impaired. If you have the
time and budget, then you can combine that same method with an audio
dictation of the email address (we have not experimented with this in the
past but I think there are some open source solutions around). 

 

In Kindness
Stephen K Knight
http://www.fmwebschool.com <http://www.fmwebschool.com/> 
800.353.7950 / 386.453.5843
FMWebschool, we bring the web to life
FX.PHP PHP XML MySQL CDML ASP




  _____  

From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Edward L. Ford
Sent: Wednesday, January 24, 2007 10:59 AM
To: FX.php Discussion List
Subject: Re: [FX.php List] RE: Security Concerns with FileMaker Website


Stephen does raise a good point about possibly blocking legitimate users,
which is a major concern. My goal is to allow search engine bots access to
the site, but to tell other bots to "go away." This is a public website, so
login is not an option. I already have a robots.txt file that tells the
known search engines where to not go -- it's just those danged spam bots
that ignore robots.txt. 

I may have to forego trying to handle URLs that go outside of this site and
let the bots do what they do. However, I absolutely do need to prevent email
harvesting, so here are some different options I'm considering -- which one
is the best choice? The tradeoff between spam bot prevention and user
friendliness is a major point:

1) "Email Jane Doe" which is a link to a HTML form that sends the message to
Jane Doe without showing her email address. No Captcha here. 
2) No. 1, but with a captcha (then we have problems with accessibility to
the visually impaired)
3) Display Jane Doe's email address as an image using GD, maybe with small
"confetti" in the back to make it hard to OCR (Facebook does something like
this), forcing users who want to mail the person to type the address
4) A marriage between 1/2 & 3

Thoughts?
--Ed

---------------------
http://www.edwardford.net


On Jan 24, 2007, at 10:23 AM, Stephen Knight wrote:


Hi Edward and John,

The reality is that while you can take precautions (JS de-obfuscation of
email addresses for instance or even hyperlinks), there is no way to stop
serving pages only to bots without blocking some percentage of real users.
There are bot detecting scripts for PHP (based on the self-reported
USER_AGENT variable) but some bots will masquerade as real browsers or just
not report a user agent at all. Therefore at the current state of the web,
the only reliable solution that has been found is the usage of a CAPTCHA (
see http://en.wikipedia.org/wiki/CAPTCHA ) and there are some PHP packages
such as PEAR::CAPTCHA to implement the image based authentication for you. I
would suggest using something like this either before displaying your search
results or when the user selects a link but instead of a redirect he has to
verify that he is a real user. 


In Kindness
Stephen K Knight
http://www.fmwebschool.com
800.353.7950 / 386.453.5843
FMWebschool, we bring the web to life 
FX.PHP PHP XML MySQL CDML ASP

-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of John Moed
Sent: Wednesday, January 24, 2007 10:18 AM
To: fx.php_list at mail.iviking.org
Subject: [FX.php List] RE: Security Concerns with FileMaker Website

Edward,

To prevent the Search Engines from indexing your pages, you need to add the
following line to your HTML:

<meta name="robots" content="noindex,nofollow">

If your site is Password protected, the only people that would be able to
"harvest your site" are ones with passwords. Bot's need passwords too.

If anyone has any additional information, I would be interested in hearing
it!

Thanks,
John

_______________________________________________
FX.php_List mailing list
FX.php_List at mail.iviking.org
http://www.iviking.org/mailman/listinfo/fx.php_list

_______________________________________________
FX.php_List mailing list
FX.php_List at mail.iviking.org
http://www.iviking.org/mailman/listinfo/fx.php_list


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070124/a7e755e7/attachment-0001.html

More information about the FX.php_List mailing list