UBB.Developers Forums UBB.threads 6 V6 Modifications V6 Mod Ideas Protecting users email from SPAM

Spambots can easily get emails at our boards, it just has to go to the userlist, and then on the individual profiles displaying the emails.

Just came across a cool javascript AntiSpambotMailto() that could prevent this.

This is what an email to me would look like to a spam bot:
[:"blue"] <script>AntiSpambotMailto('131|138|133|86|121|136|139|121|123|122|123|121|119|131|127|132|133|137|68|121|133|131', 'Contact Mateo')</script> [/]

What do you think? Any other suggestions?

I guess that's better than nothing. It requires that the user's browser have Javascript enabled to view the email address manually, but I think Javascript is needed anyway to use threads.

Do spambots actually pick up output from .php scripts?

Another approach would be for the threads script to conceal the public email address, and send the email itself. But that's probably redundant, since the private message feature already does basically the same thing.

I still havent seen anyone with javascript disabled for the last year and a half...

Do spambots actually pick up output from .php scripts?
I guess you mean of dynamically generated pages... I dont really know, though I guess it doesnt care. But if I was looking for emails, thats the direction I would point it to in order to find more emails. Forums, guestbooks, communities, dynamic pages that have more chances of having hundreds of emails than static pages.

This looks like a good idea.

Yes I think "bots" get the PHP pages.... many of our users have done searches for their username on search engines. And while it doesn't bring up a specific post, it will usually bring up postlist.php.

Also, we give certain users on our site an email at our domain. Many display it in their footer. They have then reported receiving spam, and viruses... yet our board is the only place they use or display that email address.

I'm going to try this script. Thanks!

Yes, spam bots/spiders are able to view a .php page as if it were a static page as the information is generated at the server level before being sent to the visitor. Pages dynamicly generated with javascript is another story. This requires the page to be built by the visitor's browser and as far as I know the bots/spiders are not javascript capable.

I remember seeing a javascript a couple years back that hides the mailto link by placing the username and address into varaibles and then dynamicly displaying the link with a document.write call. It would look something like this:

<script language="javascript" type="text/javascript">
mailname = "joeposter";
mailaddy = "somedomain.com";
document.write('<a href="mailto:'+mailname+'@'+mailaddy+'">Contact Us</a>');
</script>


You could edit the php scripts that display email addresses and have them break the address down and plug this javascript into the area of the mailto link.

I know spambots are becoming pretty smart, for example, some can detect something like "mto[AT]domain[DOT]com" and decode it into an email. Search and replace thing...
So I wonder if using the same technique they can remove the [:"blue"]+[/] from +mailname+'@'+mailaddy+ and so on...


That one is very similar to this other one I just found. Though this one is a little more complicated, take a look.

The actual information is stored in the javascript variables though so "mailname" is all they see yet it will be printed to the browser as "joeposter". But as things progress there may be bots out there with javascript ability that will be able to read from text created with javascript.

OK, then that sounds good enough for me.
If more email protection is needed, users should not display email and only use PMs.