hiding from spammers
August 27, 2012 9:16 AM Subscribe
Does obscuring email address and telelphone numbers using hexadecimal notation or other techniques in the source code still inhibit spambots? And does blocking IP addresses that the spambots use have any effect?
What do you mean "in the source code"? To what degree do you want to "inhibit"? Can you give an example?
Anything that is a simple encoding can be simply decoded if someone decides it's worth targeting specifically. Adding rules to spam bots is easy.
posted by jeffamaphone at 10:41 AM on August 27, 2012
Anything that is a simple encoding can be simply decoded if someone decides it's worth targeting specifically. Adding rules to spam bots is easy.
posted by jeffamaphone at 10:41 AM on August 27, 2012
Response by poster: An IT guy for a company I'm working with wants to encode the email addresses on their website so that I put unicode in the html code. It displays normally to people visiting the site, but when you reveal the source code, it's looks like gibberish. I tried to point out that I didn't think it would make any difference, but since he's the client, I did it anyway. For my own edification, I want confirmation that I am right, but I'd also like to know if there's a technique that is effective, short of putting the email addresses and phone numbers in as jpegs.
And for that matter, on my own personal blog, I added a plugin that keeps track of the ip addresses that comment spammers are using and blocks them in the .htaccess file, and I note when there are runs of repetitive IPs, and I manually ban whole blocks of IP addresses, but I'm wondering if I'm just wasting my time.
posted by crunchland at 10:50 AM on August 27, 2012
And for that matter, on my own personal blog, I added a plugin that keeps track of the ip addresses that comment spammers are using and blocks them in the .htaccess file, and I note when there are runs of repetitive IPs, and I manually ban whole blocks of IP addresses, but I'm wondering if I'm just wasting my time.
posted by crunchland at 10:50 AM on August 27, 2012
Uh, you're correct. If you want to stop this sort of thing you should obscure it in the webpage that is transmitted to the client and have the user solve a captcha and then make an additional request to get the full email / phone number on successful completion.
posted by jeffamaphone at 10:54 AM on August 27, 2012
posted by jeffamaphone at 10:54 AM on August 27, 2012
I dunno about the IP thing. I would say correct access control to the data in question makes it irrelevant, but it may help. *shrug*
posted by jeffamaphone at 10:55 AM on August 27, 2012
posted by jeffamaphone at 10:55 AM on August 27, 2012
In my (extrelemy limited) experience, spammers nowadays guess e-mail addresses for any domain that gets their attention rather than harvesting them from your pages. Addresses like webmaster@domain, postmaster@domain or info@domain are likely to be spammed even when they're not mentioned on the site, as are addresses like [three-digit-user-id]@domain. Addresses like webmster1209@domain or [ten-digit-user-id]@domain are far less likely to get spam. For one of my domains, I stopped a flood of 100+ spam e-mails per day by replacing webmaster@domain by webmstr@domain, while both were displayed on the same page in the same way.
posted by rjs at 11:06 AM on August 27, 2012 [1 favorite]
posted by rjs at 11:06 AM on August 27, 2012 [1 favorite]
This thread is closed to new comments.
posted by bink at 10:40 AM on August 27, 2012