Simple but Effective Spam Harvester Solutions

[Andrew Smith <stfunub () gmail com>]

Not entirely sure if this is appropriate for full-disclosure. Ah Well.

As you may well know there are programs that scour the internet
looking for email addresses, some people attempt to thwart them
writing emails like "my_email (AT) mydomain (DOT) com". These don't
really work, so i figured some of my own out. They appear to have been
successful, i will share them with you now.

Using HTML Escape characters is a popular method, eg:

 <a href="mailto&#58;escchar&#64;shiz&#46;biz">contact me</a> 
This works quite well but is easy to defeat (more on HTML escape
chars: http://www.theukwebdesigncompany.com/articles/entity-escape-characters.php)

I then started toying with JavaScript, this worked great. Here are
some examples:

<script>
document.write('<a href="mailto:js1&apos;);
document.write('@shiz.biz');
document.write('">contact me</a>');
</script>

<script>
var a="@shiz.biz"
document.write('<a href=mailto:&apos;);
var b="js2"
document.write(b);
document.write(a);
</script>
> contact me</a>

<script language="Javascript" src="a.htm"></script>
<script language="Javascript" src="b.htm"></script>
<script>
document.write("<a href=mailto:";);
document.write(a+b);
</script>>contact me</a>

Also, worked pretty well. As it gets more complicated it's far harder to defeat.
Then i found PHP could be used, creating a file called 'mail.php' and entering:

<?php
header("Location: mailto:form2 () shiz biz")
?> 

into it, meant that linking to mail.php would launch an email.

Anyways, more info can be found here: http://www.wheresthebeef.co.uk/?p=hat

I hope some people have found this useful.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html