UKC

Anti-Spam on Website

New Topic
This topic has been archived, and won't accept reply postings.
 mypyrex 13 Jan 2013
Does anyone know of a relatively somple HTML code that can be included in a website form to prevent bots etc from harvesting e-mail addresses?

Thanks
 Only a hill 13 Jan 2013
In reply to mypyrex:
Best just not to post email addresses on websites to be honest.
OP mypyrex 13 Jan 2013
In reply to Only a hill:
> (In reply to mypyrex)
> Best just not to post email addresses on websites to be honest.

I know that's the simple answer but I want to put a "contact" form on mine.

 Milesy 13 Jan 2013
Use an actual form that submits to a back end script which then send an email. That is what most places do. Otherwise you could put up your address as a JPG/GIF. You could also put in something like mypyrexREMOVEME@yourdomain.com (please remove REMOVEME) or something that a human can read but a harvest bot would struggle with.
In reply to mypyrex:

Several ways to skin this cat

Replace some or all of the characters with their unicode values.

Use an image rather than plain text

Use captcha images to check for human activity (getting less and less useful)

Use a form with a backend script. Add a "hidden" field, call it "phone" or something that looks as if it should be filled in. Hide it either by setting the CSS for it to "display: none;" or probably better, "position: absolute; left: -9999px;" This latter simply shifts the field about 8 screen widths to the left. Then in your backend form processing check that the hidden field isn't filled in. Basically the harvesters/spamming scripts will fill in every field whereas humans will not fill in the hidden field.

ALC

OP mypyrex 13 Jan 2013
In reply to Milesy:
> You could also put in something like mypyrexREMOVEME@yourdomain.com (please remove REMOVEME) or something that a human can read but a harvest bot would struggle with.

Is this what you meant?
<a href="m a i l t o : f r e d(REMOVEME)@ a b c d e. p l u s.c o m">Contact Me</a>

OP mypyrex 13 Jan 2013
In reply to mypyrex:
> (In reply to Milesy)
> [...]
>
> Is this what you meant?
> <a href="m a i l t o : f r e d(REMOVEME)@ a b c d e. p l u s.c o m">Contact Me</a>

(When I click on the "Contact Me" that comes up on my test it opens the "New Message" template in Outlook Express)
 Milesy 13 Jan 2013
captchas are getting rediculous now. some need to be refreshed and failed a dozen time to get past.
 Brass Nipples 14 Jan 2013
In reply to mypyrex:

You could always insert the email contact via JavaScript. As far as I'm aware most bots don't seem to execute the JavaScript in your pages
 EeeByGum 14 Jan 2013
In reply to mypyrex:
> (In reply to Only a hill)
> [...]
>
> I know that's the simple answer but I want to put a "contact" form on mine.

The old mailto: is pretty rubbish these days. There are some javascript work arounds, but the easiest way is to simply have a contact form with a submit button. It isn't that hard. Google is your friend.
 Only a hill 14 Jan 2013
In reply to Milesy:
> captchas are getting rediculous now. some need to be refreshed and failed a dozen time to get past.

I absolutely hate captchas, they are the work of the devil!

On my author website I don't have an email link, but I do have a comprehensive social media section. Most people use some form of social media nowadays so it's easy for readers to get in contact with me that way (and even if they don't, they can just put a comment on the blog and I will get back to them).
OP mypyrex 14 Jan 2013
Has anyone got an example of a "Checkbox Captcha" please?
 Milesy 14 Jan 2013
In reply to mypyrex:

You need a form before you have a captcha.
OP mypyrex 15 Jan 2013
In reply to anyone: Just wondering whether encryption of my email address(where it's embedded in the HTML) will suffice?
In reply to mypyrex:

Here's a slightly different tack: get a gmail email address and set it up to forward emails to your real address.

Run the gmail address through an obfuscator that will replace some or all of the letters with their numerical equivalents. (Do a search for email obfuscator or similar)

Put the result on to your web page.

Google have very good spam filters since they have lots and lots of emails going through their systems so have more chances to spot patterns . The above also means that you don't expose your real address to the spammers.

ALC
In reply to a lakeland climber:

Here's what me@mypyrex.com would look like

<a href="mai&#108;t&#111;&#58;&#77;e@m&#121;&#112;&#121;&#114;&#101;&#120;&#46;c&#111;&#109;">&#77;&#101;&#64;&#109;&#121;p&#121;&#114;&#101;x&#46;&#99;o&#109;</a>

ALC
OP mypyrex 15 Jan 2013
In reply to a lakeland climber: Thanks, I'll look at that.
 Milesy 15 Jan 2013
In reply to a lakeland climber:

Running those back to ASCII is not difficult for a bot to do. They are normally pretty advanced these days.
In reply to Milesy:

Which is why I suggested doing it on a gmail address. Defence in depth and all that. You can check the account via the web page to see how much spam the address actually attracts. There is little point in worrying about further security if only one or two spam messages a month get posted

Ultimately it's a balance between usefulness and security. It's no good having a tremendously secure system if no-one can be bothered to use it.

ALC
New Topic
This topic has been archived, and won't accept reply postings.
Loading Notifications...