By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,442 Members | 1,319 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,442 IT Pros & Developers. It's quick & easy.

masking CGI scripts with JS

P: n/a
Hi,

this is just a thought from a relative "potato head" when it comes to JS ...

BUT...

i was wanting to use a simple formmail script to handle the output of a
customer feedback form, and I remembered something about "FORMMAIL" CGI's
being nortoriously prone to hijacking by hackers who want to use 3rd-party
mail servers for spamming or DOS attacks, etc.

i use a {document.write} statement to "hide" my email addresses from spam
harvesters, could I do the same with a <FORM> statement in order not to
advertise my mail script to overtly?

thanks for any comments ...

Eugene..
Jul 20 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
In article <6KkUb.9102$G74.7890@clgrps13>, lo**@life.com says...
Hi,

this is just a thought from a relative "potato head" when it comes to JS ...

BUT...

i was wanting to use a simple formmail script to handle the output of a
customer feedback form, and I remembered something about "FORMMAIL" CGI's
being nortoriously prone to hijacking by hackers who want to use 3rd-party
mail servers for spamming or DOS attacks, etc.

i use a {document.write} statement to "hide" my email addresses from spam
harvesters,
Do you believe that works?

could I do the same with a <FORM> statement in order not to
advertise my mail script to overtly?


Why don't you use a decent server-side script that has the email address
embedded, rather than getting the value from the form?

--
Hywel I do not eat quiche
http://hyweljenkins.co.uk/
http://hyweljenkins.co.uk/mfaq.php
Jul 20 '05 #2

P: n/a
> Do you believe that works?

Most Emphatically. I've used it for a dozen or so addresses on as many
discreet sites and almost nil spam in 2 years.
Why don't you use a decent server-side script that has the email address
embedded, rather than getting the value from the form?


Because I have reached the saturation point as far as Cerebral Binary Data
Storage Capacity.
Eugene
Jul 20 '05 #3

P: n/a
"Eugene" <lo**@life.com> wrote in message
news:8PlUb.9390$G74.4663@clgrps13...
Do you believe that works?


Most Emphatically. I've used it for a dozen or so addresses
on as many discreet sites and almost nil spam in 2 years.

<snip>

I think that the question is asked in that way because probably the
majority of the regulars on this group could (maybe with a little
research) use a scripted IE instance as the basis for a Javascript
capable email address harvester that would side-step all Javascript and
HTML entity based methods of obfuscating addresses.

Fortunately for you the spammers appear to be extremely stupid and/or
lazy and haven't yet hit upon the obvious. But it would only take one to
put the work in (or pay someone more skilled to do it) and all of those
carefully obfuscated email addresses would become wide open.

Richard.
Jul 20 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.