Topic: Possible solution to the e-mail harvester issue

We've previously discussed the problem with e-mail harvesters. If people select the non-default option "Display your e-mail address." in their profile, the address is displayed in plaintext in viewtopic.php and profile.php. I just had an idea regarding this. How about keeping it that way, but never displaying any e-mail addresses for guests? That way, harvesters will not be able to catch them.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

2

Re: Possible solution to the e-mail harvester issue

Or displaying them as images for guests? That would increase server-load though.. maybe a very simple scrambling thing in javascript that unscrambles it on onLoad (maybe the robots can handle that, but probably not)

3

Re: Possible solution to the e-mail harvester issue

Question is why would guests need to see emails. If they are that desperate to contact somebody they can register.

Re: Possible solution to the e-mail harvester issue

Myran wrote:

Or displaying them as images for guests? That would increase server-load though.. maybe a very simple scrambling thing in javascript that unscrambles it on onLoad (maybe the robots can handle that, but probably not)

That is exactly what the discussion we had was about. An endless line of JavaScript hacks and GD tricks to try to solve a problem that can instead be avoided.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

5

Re: Possible solution to the e-mail harvester issue

Oh..  well, i dont really see a problem in just removing it for guests, maybe have every user be able to choose three things
- Never show
- Show for registered members only
- Always show

Re: Possible solution to the e-mail harvester issue

Done in 1.2.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

7

Re: Possible solution to the e-mail harvester issue

But ... another solution : if the admin doesn't want to show adress ?

Instead of showing simply adress (which can be catched by robots for example), redirect people who want to write with option "always show" to misc.php ??

I have done it on my site, even if I consider guests have not to write to users.

Re: Possible solution to the e-mail harvester issue

Rod: Not sure what you mean.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

9 (edited by D9r 2004-09-25 11:16)

Re: Possible solution to the e-mail harvester issue

Rickard wrote:

How about keeping it that way, but never displaying any e-mail addresses for guests? That way, harvesters will not be able to catch them.

Not displaying emails for guests sounds good to me if it isn't too hard for you to do that.

What about munging the address?  meATmysiteDOTcom, or some variation like that.

10

Re: Possible solution to the e-mail harvester issue

Hum Rickard ...

so ...

instead showing email (problem for robot, spammers and others ...)
redirect guest who want to write to an user on misc.php?email=[USERID]

...

Re: Possible solution to the e-mail harvester issue

D9r wrote:

What about munging the address?  meATmysiteDOTcom, or some variation like that.

As i said earlier, that is a way of trying to solve the problem instead of avoiding it all together.

Rod wrote:

Hum Rickard ...

so ...

instead showing email (problem for robot, spammers and others ...)
redirect guest who want to write to an user on misc.php?email=[USERID]

...

But they'll just get the "No permissions" screen?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

12

Re: Possible solution to the e-mail harvester issue

No ... in my case, YES smile but in your case ... no.

Via admin, you control it :
Allow guest to send emails
> misc.php?email=[userid] > OK

Don't allow guest to send emails
> nothing appears (any link of email anywhere)

Re: Possible solution to the e-mail harvester issue

But why? It doesn't really add any value.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

14

Re: Possible solution to the e-mail harvester issue

I don't understand your "why" ...

15 (edited by D9r 2004-09-25 16:56)

Re: Possible solution to the e-mail harvester issue

I won't speak for Rickard, but for me it doesn't add any value to let guests send email.  I personally don't care if a guest can't send email - in fact they shouldn't be allowed to.  If they want to send email they should register and login like everyone else - it only takes 2 or 3 minutes.  If they don't want to register, why should I let them email members of the forum?

Back to the original question, "never displaying emails for guests" sounds like a good solution.  It sounds simple too.

There's another related problem still.  I've heard there are scripts (ie, not people) going around that automatically register themselves into php forums, then spam the site with links back to their sites.  They also might harvest emails.  The solution for that could be to do the bit with a generated image containing a random string that has to be entered by the user.

Re: Possible solution to the e-mail harvester issue

Rod: My "why" was: Why would you want guests to be able to send e-mail to your members?

D9r wrote:

There's another related problem still.  I've heard there are scripts (ie, not people) going around that automatically register themselves into php forums, then spam the site with links back to their sites.  They also might harvest emails.  The solution for that could be to do the bit with a generated image containing a random string that has to be entered by the user.

But that requires GD and then about half (wild guess) of all PHP systems will have to disable it.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

17

Re: Possible solution to the e-mail harvester issue

Rickard wrote:

Rod: My "why" was: Why would you want guests to be able to send e-mail to your members?

Me ? I don't want ! smile
Try on my site ... it's impossible like guest, to post a mail smile

I thought you "wanted" a guest did it. Mistake from me (excuse me, I'm French and english and me = 14)

18

Re: Possible solution to the e-mail harvester issue

Just my two cents, but I feel that guest should *never* be allowed to send email unless they register.

Personally, I *really* like the internal email system punbb provides, and if left up to me, I would hide/mask all the other options in my install so the only way to send email is through the system, thus, not exposing any email addresses at all, unless of course the user sends email, which then would expose it.  I recognize there may be problems for some folks to do it this way, but to me that would 'fix' the spam harvesting issues altogether.

In regard to the spam harvestors and profiles - what they are doing is grabing the profile page, linking to that, then using it to spam back so they can harvest.  The way around this is to place a robots.txt file in the root where pun is, so the robots can't index it.

19

Re: Possible solution to the e-mail harvester issue

For me ... the best way is ...
guest can't email
guest can't see profile
guest can't see photo/avatar

Guest can only read (if the option in admin is YES)

Re: Possible solution to the e-mail harvester issue

Raybo wrote:

In regard to the spam harvestors and profiles - what they are doing is grabing the profile page, linking to that, then using it to spam back so they can harvest.  The way around this is to place a robots.txt file in the root where pun is, so the robots can't index it.

I highly doubt that email-harvesters read the robots.txt and follow the rules in it. Why should they, it would only mean less emails harvested.

21

Re: Possible solution to the e-mail harvester issue

Here are 2 links that may provide ideas:
----------------------------------------------
phpBBHacks.com -
"This hack makes it so that website links added to profiles or upon registering will not show up to guests or search engines. This will hopefully deter some spammers from registering accounts at your site."
http://www.phpbbhacks.com/viewhack.php?id=2959

phpBB.com -
Discussion on "Abuse: Random users with invalid emails and Russian URLs"
http://www.phpbb.com/phpBB/viewtopic.php?t=228041

Raybo wrote:

Personally, I *really* like the internal email system punbb provides, and if left up to me, I would hide/mask all the other options in my install so the only way to send email is through the system, thus, not exposing any email addresses at all, unless of course the user sends email, which then would expose it.

I agree - let them send email through the form rather than a mailto link.

Re: Possible solution to the e-mail harvester issue

Just so we're clear. The mailto link is only visible if you are logged in and the user has selected the non-default "Display your e-mail address" in his/her profile. For admins and moderators, the mailto link is always visible (but you can still send e-mail via the form if you want to).

"Programming is like sex: one mistake and you have to support it for the rest of your life."