Welcome to WebmasterWorld Guest from 54.80.97.221

Forum Moderators: open

Message Too Old, No Replies

Spambot protection with javascript

     
8:28 pm on Jan 31, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 11, 2005
posts:76
votes: 0


<continuation of a Browsers Forum thread [webmasterworld.com]>

I like your script, albroun, but not being very knowlegable of Javascript, I am wondering how it can modified use a second image as a rollover to simulate a CSS a:hover style:

The hidem.js file reads as follows:

<!-- Begin
userpart1 = "te";
userpart2 = "st";
sitepart1 = "dom";
sitepart2 = "ain.com";
document.write('<a h' + 'ref="m' + 'ailt' + 'o:' + userpart1 + userpart2 + '@' + sitepart1 + sitepart2 + '\">');
document.write('<img style="position:relative; top:3px" src="image-of-email-address.gif" border="0" height="15" width="165" alt="spam-protected clickable email address">' + '</a>');

// End -->

My attempts to use onfocus and onmouseover event handlers by adding them into the <img> tag have so far failed. Any ideas? Thanks.

jdkuehne

[edited by: tedster at 8:54 pm (utc) on Feb. 3, 2006]
[edit reason] move discussion to JS Forum [/edit]

8:56 am on Feb 1, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 26, 2004
posts:1392
votes: 0


Just use this, lots easier [automaticlabs.com...]

"encrypts" email addresses. Been using it for about two years for some emails on public pages, and have yet to get any spam from harvesters with it. It's a free online tool, just cut and paste the code.

10:21 am on Feb 1, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 7, 2004
posts:933
votes: 0


Well, it's time I encode my email address. Tired of spams.

So, what do you think about this script below:
1/ Is it cross-browser friendly?
2/ Will it be efficient against bots?

Thank you

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head>
<title>Untitled</title>

<style type="text/css">
p {color:#000; font-size:13px; font-family:arial,sans-serif;}
.email {font-size:10px; color:#FF0000;}
</style>

<script type="text/javascript">
<!--
function write_email(text) {document.getElementById('email').innerHTML = text;}

function Email(em1,em2,title,subject) {
var text = '<a href="' + 'mail' + 'to:' + em1 + '@' + em2;
if (subject) {var text = text + '?subject=' + subject; }
var text = text + '" title="' + title + '">' + em1 + '@' + em2 + '</a>';
write_email(text);}
//-->
</script>
</head>

<body>
<p>Email: <span id="email" class="email" onclick="Email('me','myhost.com','email address','');">click here</span></p>
</body>
</html>

10:32 am on Feb 1, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


Well I even put the JavaScript in an external file.

It will be effective against most harvesting bots now, but I wouldn't be surprised if they update eventually to actually run JavaScript.
I'd also name the JavaScript funtion something other than Email, don't want to make it any easier on them when they do start getting smarter.

10:43 am on Feb 1, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 7, 2004
posts:933
votes: 0


Thanks for your reply,

Well I even put the JavaScript in an external file.

It is in an external file. It has been compiled for this post.

to actually run JavaScript.

Still, with Javascript enable, bots will have to click on the span id!

I'd also name the JavaScript funtion something other than Email

Oups! You are right!
10:35 am on Feb 2, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 7, 2004
posts:933
votes: 0


For those who are using the javascript I have posted in post#13, note that this script will only work if you have one email per page (because ID are unique element, it can't work if you have numerous email addresses).

Find below an update of the script so that you have as many emails as you want in one page. I am not going to explain the all code, but the idea is to insert the ID name in the function: function([id],[email],[title],[subject]);

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head>
<title>Untitled</title>
<style type="text/css">
p {color:#000; font-size:13px; font-family:arial,sans-serif;}
.spamwar {font-size:10px; color:#FF0000;}
</style>

<script type="text/javascript">
<!--
function Spamwar(id,em,title,subject) {
var idname = id;
var text = '<a href="' + 'mail' + 'to:' + em;
if (subject) {var text = text + '?subject=' + subject; }
var text = text + '" title="' + title + '">' + em + '</a>';
document.getElementById(idname).innerHTML = text;
}

//-->
</script>
</head>

<body>
<p>
Email: <span id="me" class="spamwar" onclick="Spamwar('me','me@myhost.com','address','');">click here</span><br>
Email: <span id="me2" class="spamwar" onclick="Spamwar('me2','me2@myhost.com','address','');">click here</span><br>
Email: <span id="me3" class="spamwar" onclick="Spamwar('me3','me3@myhost.com','address','');">click here</span>
</p>
</body>
</html>

12:22 pm on Feb 2, 2006 (gmt 0)

New User

10+ Year Member

joined:July 4, 2003
posts:36
votes: 0


I guess from the other scripts that the idea of placing an image at "the front end" (the browser display) is irrelevant from the point of view of protecting the email address, until such time as bots can process the JavaScript and read the address?

Moreover, perhaps a text front end is better, because bots cannot then use OCR to read the address? They will be forced to process the Javascript, and will have no other option?

Or do you think the added image display does actually enhance the protection in some way?

7:08 pm on Feb 2, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


Why aren't you breaking the e-mail up into it's components anymore? The way you have it now, spambots will pick it up as it matches the pattern they will be looking for, and it doesn't matter that it is inside a JavaScript call.
8:30 pm on Feb 2, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 11, 2005
posts:76
votes: 0


Why aren't you breaking the e-mail up into it's components anymore? The way you have it now, spambots will pick it up as it matches the pattern they will be looking for, and it doesn't matter that it is inside a JavaScript call.

I've modified the script - does this answer the concern?

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 
<html><head>
<title>Untitled</title>
<style type="text/css">
p {color:#000; font-size:13px; font-family:arial,sans-serif;}
.spamwar {font-size:10px; color:#FF0000;}
</style>

<script type="text/javascript">
<!--
function Spamwar(id,em1,em2,em3,em4,title,subject) {
var idname = id;
var text = '<a href="' + 'mail' + 'to:' + em1 + em2 + em3 + em4;
if (subject) {var text = text + '?subject=' + subject; }
var text = text + '" title="' + title + '">' + em1 + em2 + em3 + em4 +'</a>';
document.getElementById(idname).innerHTML = text;
}

//-->
</script>
</head>

<body>
<p>
Email: <span id="me" class="spamwar" onclick="Spamwar('me','me','&#064;','myhost','.com','address','');">click here</span><br>
Email: <span id="me2" class="spamwar" onclick="Spamwar('me2','me2','&#064;','myhost','.com','address','');">click here</span><br>
Email: <span id="me3" class="spamwar" onclick="Spamwar('me3','me3','&#064;','myhost','.com','address','');">click here</span>
</p>
</body>
</html>

jdkuehne

10:36 pm on Feb 2, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


Yes, that's better.
6:04 am on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 7, 2004
posts:933
votes: 0


Yeah, Dijkgraff was right... Email must be encoded.
I have added a javascript regex in the function so that it is a bit encoded. I like the script, but it will not work if you have two times the same email address in the page :(

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><title>Untitled</title>
<style type="text/css">
p {color:#000; font-size:13px; font-family:arial,sans-serif;}
.spamwar {font-size:10px; color:#FF0000;}
</style>

<script type="text/javascript">
<!--
function Spamwar(em,title,subject) {
var idname= em;
var regex= /\[\(\.\)-DOT]/gi;
em = em.replace(regex,'.');
em = em.replace('[(@)-AT]','@');

var text = '<a href="' + 'mail' + 'to:' + em;
if (subject) {var text = text + '?subject=' + subject; }
var text = text + '" title="' + title + '">' + em + '</a>';
document.getElementById(idname).innerHTML = text;}

//-->
</script>
</head>

<body>
<p>
Email: <span id="me[(.)-DOT]test[(@)-AT]myhost[(.)-DOT]com" class="spamwar" onclick="Spamwar('me[(.)-DOT]test[(@)-AT]myhost[(.)-DOT]com','address','');">click here</span><br>
Email: <span id="me[(.)-DOT]test2[(@)-AT]myhost[(.)-DOT]com" class="spamwar" onclick="Spamwar('me[(.)-DOT]test2[(@)-AT]myhost[(.)-DOT]com','address','');">click here</span>
</p>
</body>
</html>

3:53 pm on Feb 3, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 11, 2005
posts:76
votes: 0


Is there any advantage to replacing the @ symbol in Tomda's script with the entity &#064;? for instance, if a bot is scanning for the @ to pick out addresses. Or are bots smart enough these days to see past that?
7:17 pm on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 15, 2002
posts:6807
votes: 0


Many bots can actually parse JavaScript reasonably well. If we can hide it, they can find it.

Something I've used is similar to the code below. The advantage of this is that it provides a fallback for browsers with JS turned off. It also provides a fallback if CSS is for some reason not supported.

<script type="text/javascript">
gxdom = "example";
gxusr = "user";
gxtld = "com";
gxat = "\x40";
document.write("\x3c" + "a href='ma" + "ilto:" + gxusr + gxat + gxdom + "." + gxtld + "'\x3e" + gxusr + "\x3cdel class='del'\x3e" + "DELETETHIS" + "\x3c/del\x3e" + gxat + gxdom + "\x3cdel class='del'\x3e" + "DELETETHIS" + "\x3c/del\x3e" + "." + gxtld + "\x3c/a\x3e");
</script>
<noscript><div>user<del class="del">DELETETHIS</del>&#64;example<del class="del">DELETETHIS</del>.com</div></noscript>

In your stylesheet, simply set

.del
to
display: none
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members