[FX.php List] RE: Security Concerns with FileMaker Website

Tom Sepper tsepper at dctandt.com
Wed Jan 24 09:08:21 MST 2007 

You could go the route of using PHPs GD library to create images on the
fly based off the email addresses.
 
--- 
Tom Sepper 
Director of Information Technology 
Director's Choice Tour & Travel 

P 806.762.6354 
F 806.763.7637 

tsepper at dctandt.com 
www.directorschoicetourandtravel.com 

 


________________________________

	From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Edward L.
Ford
	Sent: Wednesday, January 24, 2007 9:59 AM
	To: FX.php Discussion List
	Subject: *****SPAM***** Re: [FX.php List] RE: Security Concerns
with FileMaker Website
	
	
	Stephen does raise a good point about possibly blocking
legitimate users, which is a major concern.  My goal is to allow search
engine bots access to the site, but to tell other bots to "go away."
This is a public website, so login is not an option.  I already have a
robots.txt file that tells the known search engines where to not go --
it's just those danged spam bots that ignore robots.txt. 

	I may have to forego trying to handle URLs that go outside of
this site and let the bots do what they do.  However, I absolutely do
need to prevent email harvesting, so here are some different options I'm
considering -- which one is the best choice?  The tradeoff between spam
bot prevention and user friendliness is a major point:

	1) "Email Jane Doe" which is a link to a HTML form that sends
the message to Jane Doe without showing her email address.  No Captcha
here. 
	2) No. 1, but with a captcha (then we have problems with
accessibility to the visually impaired)
	3) Display Jane Doe's email address as an image using GD, maybe
with small "confetti" in the back to make it hard to OCR  (Facebook does
something like this), forcing users who want to mail the person to type
the address
	4) A marriage between 1/2 & 3

	Thoughts?
	--Ed

	
	---------------------
	http://www.edwardford.net


	On Jan 24, 2007, at 10:23 AM, Stephen Knight wrote:


		Hi Edward and John,

		The reality is that while you can take precautions (JS
de-obfuscation of
		email addresses for instance or even hyperlinks), there
is no way to stop
		serving pages only to bots without blocking some
percentage of real users.
		There are bot detecting scripts for PHP (based on the
self-reported
		USER_AGENT variable) but some bots will masquerade as
real browsers or just
		not report a user agent at all. Therefore at the current
state of the web,
		the only reliable solution that has been found is the
usage of a CAPTCHA (
		see http://en.wikipedia.org/wiki/CAPTCHA ) and there are
some PHP packages
		such as PEAR::CAPTCHA to implement the image based
authentication for you. I
		would suggest using something like this either before
displaying your search
		results or when the user selects a link but instead of a
redirect he has to
		verify that he is a real user.  


		In Kindness
		Stephen K Knight
		http://www.fmwebschool.com
		800.353.7950 / 386.453.5843
		FMWebschool, we bring the web to life 
		FX.PHP PHP XML MySQL CDML ASP

		-----Original Message-----
		From: fx.php_list-bounces at mail.iviking.org
		[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf
Of John Moed
		Sent: Wednesday, January 24, 2007 10:18 AM
		To: fx.php_list at mail.iviking.org
		Subject: [FX.php List] RE: Security Concerns with
FileMaker Website

		Edward,

		To prevent the Search Engines from indexing your pages,
you need to add the
		following line to your HTML:

		<meta name="robots" content="noindex,nofollow">

		If your site is Password protected, the only people that
would be able to
		"harvest your site" are ones with passwords. Bot's need
passwords too.

		If anyone has any additional information, I would be
interested in hearing
		it!

		Thanks,
		John

		_______________________________________________
		FX.php_List mailing list
		FX.php_List at mail.iviking.org
		http://www.iviking.org/mailman/listinfo/fx.php_list

		_______________________________________________
		FX.php_List mailing list
		FX.php_List at mail.iviking.org
		http://www.iviking.org/mailman/listinfo/fx.php_list


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070124/45f17489/attachment-0001.html

More information about the FX.php_List mailing list