Heal Your Church WebSite


Teaching, rebuking, correcting & training in righteous web design.

Comments and Code – Obfuscator 2

As part of my ongoing online response to some great questions, I offer the following request by Colin Kuskie, webmaster for the Sunset Presbyterian Church:

Hi Dean,

My name is Colin Kuskie, and I’m Sunset Presbyterian Church’s
volunteer webmaster/hostmaster. I’m planning on moving our website,
www.sunsetpres.org, to a CMS, and I’d like to help secure staff
and member email addresses against spam by using your obfuscator
as a macro, but I couldn’t find anywhere to download the code from
your site.

Is it publicly available, and if so, could you please give me a
pointer as to how to find it?

Thank you,
Colin

p.s. Thank you very much for your online minstry. It’s one of
the things that convinced me to go to a CMS, and then to teach
myself CSS in order to implement it. I pray that God will you
your website to enable other churches to reach out with God’s
message to the world.

How can I say no to a request like that? So I emailed Colin back with the response “… Colin, stop it, my ego is already ‘well maximized’ enough!” … Actually, that’s not what I said, but I thought it might be fun to share a little opera singer humor with you. Go ahead, ask your minister of music about their well-optimized ego … but I digress …

Actually, my first response to Colin was “Macro? For what system?.” This wasn’t out of any suspicion, but more out of curiosity, and more out of concern that my original obfuscator hack wouldn’t integrate all that well as it was built into an online form generated using CGI.PM. Colin responded that he intends to integrate the code behind the Mean Dean Anti-Spam E-Mail Obfuscator(MDA-SE-MO) into a macro for a Perl-based content manglement system (CMS) named WebGUI. A robust system I’ve played with once or twice before, but don’t let my ease-of-use fool you. This is one CMS that requires you know Perl, paths and your site map before you go shooting your foot off of with it … but I digress …

CMS sorties aside, Colin’s question reminded me of this sage advice she’d offer whenever I’d leave the house: “make sure you have on clean underwear.” Not that it would help if the last thing I ever saw was an oncoming cement truck … but I digress …

So, if I’m going to put my code ‘out there,’ I had better tidy it up a bit, and put it into a easy to deploy, use and maintain Perl module. This way, he could use it for WebGUI, and I could use it for an upcoming MovableType plug-in … unless one of you kind souls comes up with it first … but I digress …

I also figured if I as going to put it ‘out there,’ I might as well add an option that might really, truly drive spammer’s nutzo … that is to render the hyperlink as inline javascript. Yes, I know 12% of all browsers have Javascript disabled, but then again, how many people using wGet or Curl are actually interested in sending me email? That said, it is for such reasons that I have in the past advocated including a form-based email solution on your church or charity website. All the more so if you’re going to use the inline javascript option on Obfuscator … but perhaps this tangent is better left as a topic for later discussion?

Anyway, below is the code for the new perl module behind the slightly improved online demonstration of the MDA-SE-MO:


Yes, this obfuscator isn’t nearly as dastardly as the very cool and very effective online offering from HiveWare (hat tip to Mark Pilgrim) … perhaps by putting the Obfuscator.pm code ‘out there’ … someone will come up with an elegant “<noscript>” solution. I’ve already got one person who’s keen on optimizing the regular expressions … Colin, thank you.

8 Comments

  1. For those of us webmasters who haven’t made our e-mail (mailto:) links spam/scrape-proof, please read the following report from the Center for Democracy and Technology:
    .
    “Why Am I Getting All This Spam?
    Unsolicited Commercial E-mail Research Six Month Report”
    .
    http://www.cdt.org/speech/spam/030319spamreport.shtml
    .
    Considering the number of temptations we (and our Pastors and staff) get daily from spam and that website scraping is the #1 source for e-mail address harvesting, it may border on irreponsible to open our brothers and sisters to this attack.
    .
    And of course I agree that a form-based feedback/contact should be made available to non-java-ites, even though there are probably bots out there that automatically fill-in and submit forms, too (I may have gotten a few)… Guard this angle, too…
    .
    Take care,.
    .
    Frank Ramage, Webservant
    Burtonsville Baptist Church

  2. You should read our Web Hosting Policy, which states that we never post personal information without their explicit permission.

    http://www.sunsetpres.org/Web/WebPolicy.html

    In the end, it’s a balance between needing to be reachable in a way that’s convenient for members (and giving out a phone number certainly isn’t that) versus SPAM load. I’m prayerfully hoping that the Obfuscator will reduce the latter without impacting the former, and in fact encourage others to make their contact info availabe on the Web to encourage ministry and fellowship.

  3. Pingback: The xagronaut Chronicle

  4. Upon reading this article, I immediately used the ‘scrambler’ at HiveWare. What is the difference between that one and Dean’s? By the way – I have some dangerous types out there who can break a web site just by looking at it – and all of them could access my contacts page – java script and all.

  5. I’ve just added a nice PHP form to my site, so my email address is hidden. If, indeed, it is possible for spam bots to email me automatically, rather than just harvesting email, I am wondering if something like

    if(!strstr($host, “mydomain”)) {
    print “You have come to this page from an unapproved source, you may not send an email.”;
    } else {

    would stop it happening?

  6. FROM: princess gaba

    ATTN Dear.

    I am princess gaba the daughter of late former Director of finance,Chief WILLIAM R. Kabia
    Sierra-Leone diamond and mining corporation. I must confess my agitation is real, and my words is
    my bond, in this proposal. My late father diverted this money meant for purchase of
    ammunition, for my country, during the peak of disastrous civil war in my country, now he has
    deposited the money with a BANK here in Abidjan, where I am residing under political asylum with my younger brother.

    Now the war in my country is over with the help of ECOMOG soldiers, the present government of Sierra
    Leone has revoked the passport of all officers who served under the former regime and now ask countries to expel such person at the same time freeze their account and confiscate their asset, it is on this note that I am contacting you, the most important thing that I need from you is your honesty as the frist recieveal of the money from the bank:

    For you to assist me transfer this money in your private bank account, the said amount is (fifteen Million Dollars) $15Million.

    I am compensating you with 20% of the total money amount, now all my hope is banked on you and I really wants to invest this money in your country, were their is stability of Government, political and economic welfare. Honestly I want you to believe that this transaction is real and never a joke. My late father Chief WILLIAM R.KABIA gave me the photocopies of the certificate of deposit issued to him by the BANK on the date of deposit, for you to be clarify because, I do not expose my self to anybody I see, I believe that you are able to keep this transaction secret for me because this money is the hope of my life, it is important.

    Please call me immediately after you must have gone through my message fill free and make it urgent. That is the reason why I offered you 20% of the total money amount, and in case of any other necessary expenses you might incur during this transaction.

    Please try and negotiate for me some profitable blue chip investment opportunities which is risky free
    which I can invest with this money when it is transferred to your account, personally I am
    interested in estate management and hotel business, please advise me. Call me back immediately you receive this message for more explanation.

    Thanks and God bless

    Best regards

    princess gaba.

  7. I am reviewing prior emails as transition to my new email addy (tx7stuff@bellsout.net) which is how I came to your website.
    I am also in process of taking our local mission, Tennessee Valley Outreach, online.
    Will you please put me on the ‘Heal Your Church Website’ list?
    Blessings,
    Lew

  8. Hi,
    I have often seen this “type the numbers in the image” widget which is used in the form to submit this question: could this be used as an anti spam measure on my website? how does it work?
    Neil