[FX.php List] Security Concerns with FileMaker Website

Edward L. Ford elford at cs.bu.edu
Fri Jan 26 00:57:46 MST 2007


Per Chris' suggestion, here is a summary of my solution:

I've come up with a 4-layer solution to prevent the spam bots from  
getting emails and phone numbers from my site:
1. User Agent detection: calls PHPs exit ( ) if I've deemed the UA to  
be "bad" based on my own server logs
2. Removing mailto links
3. Providing email address as an image (using PHP's GD)
4. Linking image to a contact form

I went with user friendliness over all else -- no one wants to deal  
with captcha's.  Putting the email address in an image is bad enough  
without a mailto: link.  But, this is the only user visible  
inconvenience -- everything else is hidden away with PHP detection  
and never seen by valid website users.

I think this was a good discussion on this list, so I thank everyone  
who contributed.  Since this has involved many messages already, is  
technically off-topic at this point, I don't wish to spam the list  
(the irony!) with the exacting details of my choices.  If you are  
indeed intrested in my choices, including some code samples of what  
I've done, I'm going to refer everyone to a lengthy blog entry I just  
posted on the nitty gritty:
http://edwardford.net/blog/?p=17   And as always, feedback is welcomed.

Cheers,
--Ed
------------------------------------
http://www.edwardford.net

On Jan 24, 2007, at 1:23 PM, Chris Hansen wrote:

>  I'd be interested in seeing your final decision posted to the list  
> (i.e. this is what I decided I needed, and here's how I did it.)   
> This is a common enough situation that I think lots of folks would  
> benefit.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070126/4599aff3/attachment-0001.html


More information about the FX.php_List mailing list