Reputation: 262
Spambots and input forms
I have a paypal form on my website which includes my email:
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="[email protected]">
I wonder if spambots can scan this hidden field for my email to send me spam, if so, how can i prevent that?
Upvotes: 8
Views: 640
Answers (4)
Reputation: 4180
Your best bet is to put an obfuscated value somewhere in the document, and use js to put it in the right place.
For example:
<script>
var wtf = 'm'+'a'+'i'+'l'+'&'+'#'+'6'+'4'+';'+'s'+'a'+'&'+'#'+'1'+'0'+'9'+';'+'&'+'#'+'1'+'1'+'2'+';'+'l'+'e'+'m'+'&'+'#'+'9'+'7'+';'+'i'+'l'+'&'+'#'+'4'+'6'+';'+'c'+'o'+'m';
// sets wtf to '[email protected]'
$('#yourfield').val(wtf); // sets value of a field to wtf (assumes jQuery)
</script>
this should prevent regular expressions and alike used to search for email addresses to catch the address. That said, this will not fool custom built parsers.
To fool the custom-built parsers you will need some server-side functionality to obfuscate the js/html code. The goal of these is to hide away any handles that can be used for string parsing. For example:
- Random field id/name/placement
- Random js variable name
- Randomized obfuscation that:
- sometimes uses ASCII code of a character,
- sometimes uses the character,
- put random number characters in the same string, e.g. 'm'+'ai'+'\l'
- uses different joining functions, e.g. String.join(), +, and Array.reduce()
- etc
These tricks should discourage most script kiddies
Upvotes: 2
Reputation: 691
IMHO, the best way to do this is to proxy the response through a CGI process on your server and not expose the email address in the HTML at all. That's a non-starter for most people, and as a fallback I'd have the email address field set with JS somewhere on the page rather than just appearing pre-populated for even the most basic scraper to parse out.
Upvotes: 2
Reputation:
Bots may be able to access the code via developer tools (press F12) or inspect in chrome. If you really want to prevent bots, spammers, etc etc, you should use another free email (like mail.com) as the value. Or you could use heavy spam blockers on your email if you want to.
Upvotes: 1
Reputation: 161
Although you can't really stop the spambots, there are some things you can do to help:
A lot of spambots tend to look for the @ symbol in your code, so you could use an alternative like:
youremail-at-example.com
youremail(at)example.com
youremail AT example DOT com
You can also use ASCII Character Codes which are codes for certain symbols. For the @ sign, the code is @
Although it will disguise your @ sign, many spambots can detect ASCII codes.
There are some other options like adding some javascript, using an image, using a robot TXT File, but you can click the link below for more details and ideas.
You can look at a lot more details and ideas to protect your email from spambots here
Upvotes: 5
Related Questions
- Preventing a form from being submitted by spamming visitor
- PHP Form Spam Prevention
- prevent spam using input type hidden
- Whats the simplest way to secure your forms from spammers?
- How to prevent spam inputs on a web page?
- Optimising against spam without captcha
- How to protect html form from spammers?
- Stopping spam in web page
- Protecting Froms From Scriptable Spamming