[FX.php List] Security Concerns with FileMaker Website
Edward L. Ford
elford at cs.bu.edu
Fri Jan 26 00:57:46 MST 2007
Per Chris' suggestion, here is a summary of my solution:
I've come up with a 4-layer solution to prevent the spam bots from
getting emails and phone numbers from my site:
1. User Agent detection: calls PHPs exit ( ) if I've deemed the UA to
be "bad" based on my own server logs
2. Removing mailto links
3. Providing email address as an image (using PHP's GD)
4. Linking image to a contact form
I went with user friendliness over all else -- no one wants to deal
with captcha's. Putting the email address in an image is bad enough
without a mailto: link. But, this is the only user visible
inconvenience -- everything else is hidden away with PHP detection
and never seen by valid website users.
I think this was a good discussion on this list, so I thank everyone
who contributed. Since this has involved many messages already, is
technically off-topic at this point, I don't wish to spam the list
(the irony!) with the exacting details of my choices. If you are
indeed intrested in my choices, including some code samples of what
I've done, I'm going to refer everyone to a lengthy blog entry I just
posted on the nitty gritty:
http://edwardford.net/blog/?p=17 And as always, feedback is welcomed.
Cheers,
--Ed
------------------------------------
http://www.edwardford.net
On Jan 24, 2007, at 1:23 PM, Chris Hansen wrote:
> I'd be interested in seeing your final decision posted to the list
> (i.e. this is what I decided I needed, and here's how I did it.)
> This is a common enough situation that I think lots of folks would
> benefit.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070126/4599aff3/attachment-0001.html
More information about the FX.php_List
mailing list