Prev: Reformat array result.
Next: Zend framework
From: Andrew Ballard on 9 Sep 2010 14:21 On Thu, Sep 9, 2010 at 11:39 AM, Jack <JackListMail(a)gmail.com> wrote: > -----Original Message----- > From: Andrew Ballard [mailto:aballard(a)gmail.com] > > > The only people for whom the value will be obscure will be the humans who actually try to read the HTML source code itself. Neither web browsers nor harvesting scripts won't have any trouble reading it. > > Andrew > > > Andrew, > > One other note, if the link doesn't say mailto: a harvester will have to decode the entire page in order to find the mailto, do you think thatâs happening. Â This could be one of those things where you help against a percentage of harvesters, and not others. > > J It will protect against a (possibly large?) percentage of those that are looking for the lowest hanging fruit. I have a few reasons that feed my doubts about its effectiveness: - The most common answer you find when you search for e-mail obfuscation is something similar to what you've shown, whether it uses HTML character entities, numeric entities, or a combination of the two. - The overhead to convert frankly isn't that high. I realize that in the case of a harvester you are multiplying that overhead by the sheer volume of content being processed, but given the speed of processors I don't think that matters much anymore. - There are simple ways to minimize the overhead. For example, a script does not have to decode an entire page; it only has to look for anchor tags and decode the contents of the href attribute of each tag found. Combine these and I don't think this obfuscation technique adds enough cost to be much of a barrier. Of course, this is just my opinion. Those who write harvesters might be lazier than I give them credit. Andrew
From: "Tommy Pham" on 9 Sep 2010 16:47
> -----Original Message----- > From: Andrew Ballard [mailto:aballard(a)gmail.com] > Sent: Thursday, September 09, 2010 11:22 AM > To: Jack > Cc: PHP > Subject: Re: [PHP] Show text without converting to html > <snip /> > > It will protect against a (possibly large?) percentage of those that are > looking for the lowest hanging fruit. I have a few reasons that feed my > doubts about its effectiveness: > > - The most common answer you find when you search for e-mail > obfuscation is something similar to what you've shown, whether it uses > HTML character entities, numeric entities, or a combination of the two. > > - The overhead to convert frankly isn't that high. I realize that in the case of > a harvester you are multiplying that overhead by the sheer volume of > content being processed, but given the speed of processors I don't think > that matters much anymore. > > - There are simple ways to minimize the overhead. For example, a script > does not have to decode an entire page; it only has to look for anchor tags > and decode the contents of the href attribute of each tag found. > > > Combine these and I don't think this obfuscation technique adds enough > cost to be much of a barrier. Of course, this is just my opinion. > Those who write harvesters might be lazier than I give them credit. > > > Andrew > I think it all depends on the value of the crop(s) to be harvested.. ;) As for performance, even the speed of the processors are much faster today than before, it will affect performance depending on # of hits. In addition, the bandwidth consumption will increase considerably on a heavy traffic site with all the extra characters for obfuscation, especially if you're on a capped hosting service. If you have something you want to safeguard, IMO, use authentication. Or you could try to create a monitoring mechanism to detect any unwanted behavior and deny the request(s). Regards, Tommy |