Will This Script Hide My Email Address From Spambots?

Volitics

Below is (a part of) a script that I am using on my web site. In order to guard against "spambots" I am including my email address in the "email_address.inc.php" require file.

I have the "conf" directory password protected. A "spambot" crawler can't get to it from a direct call (I don't think) because the directory is password protected.

The script below will call the "email_address.inc.php" file just fine from the password protected directory.

The "Submit" button has to be activated and the input in the "$FirstName" and the "$LastName" input boxes has to be in the right format before the "email_address.inc.php" file will be called (using the code in the script).

My question is this: Does anybody see how a "spambot" could get into my "email_address.inc.php" file the way I have the code written below?

if ($_POST[Submit]){
	if (eregi ("(.{1,25})", $_POST[FirstName])) { 
			$a = TRUE;
		} else {
			$a = FALSE;
		}
	if (eregi ("^(.{1,25})+$", $_POST[LastName])) { 
			$b = TRUE;
		} else {
			$b = FALSE;
		}
	if ($a AND $b) {
	require_once "./conf/email_address.inc.php";
	} else {
	echo "Nope, you're not allowed here.";
		}
}else{
echo "<form method=\"post\" action=\"$PHP_SELF\">";
echo "<input type=\"text\" name=\"FirstName\" value=\"$FirstName\" size=\"15\" maxlength=\"25\"><p>";
echo "<input type=\"text\" name=\"LastName\" value=\"$LastName\" size=\"15\" maxlength=\"25\"><p>";
echo "<input type=\"submit\" name=\"Submit\" value=\"Click Here To Proceed\">";
echo "</form>";
}

Thanking you in advance.

Volitics

benkillin

if that file is echoed to the browser, then no, it is not hidden from spambots... but if the contents of that included file do not echo your email to the browser, then your OK.

what is the contents of the included file?

leatherback

Hi,

As far as I know.. If your email does not appear anywhere in the page, it cannot be found by bots. Because that would mean theyu can read the source of yor codes. Now that would make a hackers life very easy, don't you think?

So as long as your PHP compiler doesn't quite doing his job, I do not think you need to worry too much about your email address..

But if I am wrong: PLEASE let me know!

Volitics

benkillin, leatherback;

Thank you for your kind help.

Regarding benkillin's question - the include file has only my email - that's all. The email address is assigned to a variable something like:

$Email = "myemail@mydomain.com";

Best Regards;

Volitics

planetsim

$Email = "myemail@mydomain.com";

can still be found by a bot. Amazingly enough.
What i learnt that cant is this

$username = "myemail";
$domain = "mydomain.com";
$email = $usename."@".$domain;

Lots of unnessacary stuff, like the $username and $domain for it to work, but if you dont want spam, its a good way to go about it.

ahundiak

planetsim wrote:
$Email = "myemail@mydomain.com";
can still be found by a bot. Amazingly enough.

Care to elaborate on that? If a bot can read an unparsed php file then there are a lot bigger problems out there than just losing an email address.

benkillin

no, thats besides the point, if a remote machine or bot requests the php page, it first goes thru the php pre-processor, and only the output can be read by the bot. if the email is not echoed to the browser, then the bot can not get it.

Volitics

planetsim wrote:
$username = "myemail";
$domain = "mydomain.com";
$email = $usename."@".$domain;

Interesting. Since a bot does not invoke the PHP parsing process (I don't think) then the bot could not detect the $email = $usename."@".$domain string as being an email.... Good idea.

Volitics

ereptur

Interesting. Since a bot does not invoke the PHP parsing process

This is not true. Search bots access your web server just as any other client would and only have access to the output of any PHP scripts. So, as benkillin pointed out, as long as your PHP module is functioning properly, then no one and no thing should EVER be able to get a hold of your PHP source code.

The only thing that is really different about search engines/email strippers is that they usually provide a unique client browser type to the server, so you can usually filter by these.

For example, Netscape, IE, and most other commercial browsers give a string like "Mozilla IE Compatible, Win2k...". Google's search bot is referenced using googlebot (I think). Many email strippers also have their own client type strings that they use.

ivory_kitten

i found a site that looks for email addresses:

http://willmaster.com/possibilities/demo/RetrieveEmails.cgi