httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Viktoras Didziulis" <vikto...@ekoinf.net>
Subject Re: [users@httpd] How to deny access based on user agent - help
Date Sat, 24 Jun 2006 10:21:44 GMT
 
The problem with ordinary mailto is that it leaves e-mail address exposed to
spamming spiders unless it is constructed dynamically using clientside
scripting. Actually this is the way spammers used to harvest millions of
valid e-mail addresses some time ago. Even if you change @ to [at] or
whatever else, this is not going to protect from spammer search engines
anymore, because it is too easy to decode... 
I am not sure for how long it will be safe encoding html documents in base64
or utf. The source is human unreadable, but spiders may look for known
patterns and decode it later. 
 
And it would be a loss disabling Javascript ;-) on many websites, including
Google maps, scientific online apps and others... Unless user is able to
automatically enable it selectively for trusted sites without messing with
browser settings each time. In fact I haven't seen any user/machine obeying
this recommendation. 
 
Then the only safe way (I have been using this for a long time on my
personal site) is displaying e-mail address as image. But then users would
have enter it manually. Well, if one really needs to contact me he would
probably spend a few seconds of writing. 
 
Viktoras 
 
 
-------Original Message------- 
 
From: Jaqui Greenlees 
Date: 06/24/06 12:18:54 
To: users@httpd.apache.org 
Subject: Re: [users@httpd] How to deny access based on user agent - help 
 
--- Viktoras Didziulis <viktoras@ekoinf.net> wrote: 
 
 
Two things to concider in this though. 
 
1) The Internet Security groups have all, for the last 
two years, been saying to turn off all clientside 
scripting, since all current clientside scripting 
technologies are severe security risks. 
 
2) why not just use a simple mailto instead of a form. 
no site security breaches. 
a confirmed email address to have an autorespond 
message go to so it doesn't get submitted multiple 
times. 
The client can easily define their issue in detail, 
since the limitations of most forms are gone. 
 
Jaqui 
 
__________________________________________________ 
Do You Yahoo!? 
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
 
--------------------------------------------------------------------- 
The official User-To-User support forum of the Apache HTTP Server Project. 
See <URL:http://httpd.apache.org/userslist.html> for more info. 
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
" from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 
 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message