All geek questions in one place

PHP + CSS Obfuscation - PHP ord THEN PHP strrev + CSS reverse text, how to get special characters checked back?

I read the obfufting email.

I found an interesting post titled The Best Way to Obfuscate Email? - Jeff Starr, where he describes the various tests performed by Sylvan Müleman for more than 1.5 years.

According to this study, css obfustication was 100% effective over the entire 1.5 year test, despite its various flaws.

After seeing how I played with this obfuscation method before, I decided to give it one more step by adding the php function that I typed.

Here is the function:

// Converts email and tel into html special characters function convert_email_adr($email) { $pieces = str_split(trim($email)); $new_mail = ''; foreach ($pieces as $val) { $new_mail .= '&#'.ord($val).';'; } return $new_mail; }

So PHP uses this function.

 $lstEmail = convert_email_adr("{$row['email']}");

This is done exactly as described, and I would suggest that it would work well if the harvesters did not write code that identifies a string of special characters and decodes them.

So, I decided that if I combined these two methods, as in, I split the string into special characters, and then used strrev on it, and then used css to change the string ... Simple ...

Here is the added php point, which changes the actual line, as shown in the page source:

 $lstEmail = strrev($lstEmail);

and css to cancel it again on the client side:

 span.obfuscate { unicode-bidi:bidi-override; direction: rtl; }

And html:

 <p><span class='listHeadings'>eMail:</span> <span class='obfuscate' style='font-size:0.6em;'><a href='mailto: $lstEmail?subject=Testing 123'>$lstEmail</a></span></p>

But the problem is that the line is now inverse and will not be checked ... Here is an example:

; 901 # &; 111 # &; 99 # &; 64 # &; 801 # &; 501 # &; 79 # &; 901 # &; 301 # &; 46 # & amp ;; 411 # & amp ;; 101 # & amp ;; 001 # & amp ;; 011 # & amp ;; 111 # & amp ;; 611 # & amp ;; 011 # & amp ;; 79 # & amp ;; 811 # & amp ;; 301 # &; 501 # &; 79 & # 411 ;; amplifier # &; 99 & # amp;

What happens is that special characters are not decoded into actual characters, so all you see is the special character string in reverse order.

There is also a flaw described by Jeff Starr that you cannot use the css method in mailto , since you cannot use the span tag in the href attribute.

So, now I'm really fixated on how to solve this problem. I think I could live by forcing people to enter my email address themselves if they would like to send me an email ... But, on the other hand, I'm not so sure.

Then there is the task of checking special characters in the opposite direction ...

Can anyone provide me with any material or support in this regard? Any suggestions in different, LEGITIMATE ways to solve this problem will also be welcome!

I say that it is legal because I plan to use these functions in one of my live projects, which is a business listing site (currently using the php function above) ... The last thing I want to do is start playing and creating space bar and released a ton of information for spammers! I think that would be very bad for business ...

+4
source share
4 answers

Just change it before confusing it ...

 $email = ' blah@whatever.co.uk '; $new = convert_email_adr($email); echo '<span style="unicode-bidi:bidi-override; direction: rtl;">'.$new.'</span>'; function convert_email_adr($email, $reverse = true, $obfuscate = true) { $email = trim($email); if($reverse) { $email = strrev($email); } if($obfuscate) { $pieces = str_split($email); $email = ''; foreach($pieces as $piece) { $email .= '&#'.ord($piece).';'; } } return $email; }
+1
source

As a webmaster, I always put my email in text form on the contact site. Its the most convenient solution for visitors and it works independently if css is supported or js.

I have been doing this with several emails since 10 years old .. yes, I got some spam, but not so much, about 3-5 a day. I have a good spam filter and view spam once a week and delete it.

I do not use mailto, because many people have not set up local email and do not know what to do with the pop-up when they click on the mailto link.

+2
source

Why don't you use it that way?

 function convert_email_adr($email) { $pieces = str_split(strrev(trim($email))); $new_mail = ''; foreach ($pieces as $val) { $new_mail .= '&#'.ord($val).';'; } return $new_mail; }
+1
source

In general, a good solution for this is to completely highlight the abstraction around the email address, which I mean instead of the email address that provides the contact form. They fill out their information, send it, and your server sends the information to the appropriate email address.

This is not a particularly scalable approach, although, as a rule, it is mainly applicable to the “contact me” situation, and not to “here, our lists of companies that can contact”, in which case the situation is performed directly against your goal so that clients can Connect with goals as easily as possible. In this case, you usually want to use good spam protection.

+1
source

Source: https://habr.com/ru/post/1392298/

More articles:


All Articles