Hide your source code

[axilant]

Alright we all know you cant hide it ALL. But you can now hide it from programs that scan your source code for email addresses and urls. This has already been done yes. But it has not been given out publically for free that i know of.

<?PHP
$data = base64_encode(file_get_contents("http://romazom.com"));
?>
<script language="javascript">
//http://www.aardwulf.com/tutor/viewS...e64/base64.html
//didnt know it was this persons code, as my friend said he made it -_-
 var keyStr = "ABCDEFGHIJKLMNOP" +
                "QRSTUVWXYZabcdef" +
                "ghijklmnopqrstuv" +
                "wxyz0123456789+/" +
                "=";
   function decode64(input) {
      var output = "";
      var chr1, chr2, chr3 = "";
      var enc1, enc2, enc3, enc4 = "";
      var i = 0;

      // remove all characters that are not A-Z, a-z, 0-9, +, /, or =
      var base64test = /[^A-Za-z0-9\+\/\=]/g;
      if (base64test.exec(input)) {
         alert("There were invalid base64 characters in the input text.\n" +
               "Valid base64 characters are A-Z, a-z, 0-9, '+', '/', and '='\n" +
               "Expect errors in decoding.");
      }
      input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");

      do {
         enc1 = keyStr.indexOf(input.charAt(i++));
         enc2 = keyStr.indexOf(input.charAt(i++));
         enc3 = keyStr.indexOf(input.charAt(i++));
         enc4 = keyStr.indexOf(input.charAt(i++));

         chr1 = (enc1 << 2) | (enc2 >> 4);
         chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
         chr3 = ((enc3 & 3) << 6) | enc4;

         output = output + String.fromCharCode(chr1);

         if (enc3 != 64) {
            output = output + String.fromCharCode(chr2);
         }
         if (enc4 != 64) {
            output = output + String.fromCharCode(chr3);
         }

         chr1 = chr2 = chr3 = "";
         enc1 = enc2 = enc3 = enc4 = "";

      } while (i < input.length);

      return output;
   }
   var output = decode64('<? print $data; ?>');
   document.write(output);
   
</script>

Cody Selzer

I will be posting a better way to hide a emails, that will actually buffer the entire page, and let my code search through and change the emails, then show the page.

 

[Jon_]

Thanks, I may just use this. :D

 

[primacomputer]

I'd recommend using just about anything other than B64. Most of my software will automatically decode B64 links. For example, if I pointed my link harvester at that page on your server it would spit out the “encrypted” (encoded) address along with anything else. B64 is just too much of a standard to use as any sort of encryption.

 

[Ber|Art]

After securing the source code, is it possible for Google to index the site?

 

[cerebus]

Short answer - no. The google bot would face exactly the same problems as the email harvester.

Of course there are several, but no perfect, ways around this but the best way to hide your email adress would be to add a contact form instead of publishing the adress.

 

[Ber|Art]

Thx! I was afraid of that.

 

[axilant]

Thx! I was afraid of that.

thats where you can detect the bots with php and make it output the correct pages. So therfor your still safe. I will show you how to do that some time in the next week, ill update the code.

 

[dweeb]

wow. it looks like you have to compromsie on your google-bility to get bots or whatever to leave your page alot. hard choice i must say.

 

[Kodeking]

What if you wrote a php script to automatically change all email addresses on the page to images with the email address?

 

[axilant]

What if you wrote a php script to automatically change all email addresses on the page to images with the email address?

i thought about that, but i dont have gd support. But then agian i could just encrypt those automaticly instead of the whole entire page.

 

[aween]

or you could use strip_replace and change the @ to [at] so it would be xlusive[at]namepros.com

 

[axilant]

or you could use strip_replace and change the @ to [at] so it would be xlusive[at]namepros.com

true, but from what i have seen there is programs that will detect that lol. Ill think of a better way to do this! Im making a CMS and so its going to be happening some way or another to secure email addresses. Ill post my script.

Ill probally just make a way to detect if theres gd support, if so make images else do what you said or just encrypt, ill even see what the user wants to do.

 

[primacomputer]

There are scripts out there that will take any standard page and encode only specific parts (ie email addresses) and in their place output javascript that will write the address to the document. This works fine with search engines. They are plentiful, check Google

But please bear in mind that any such methods of encrypting/encoding text are exercises in futility. I have absolutely no problem harvesting any text that is viewable in a browser. The only way you can get around this is by converting it to a graphic.

In absence of GD or ImageMagick support there is a simple way to do this. Simply create an image font, a set of images that each contain the image of one character. Then output image tags to display the correct sequence of characters.

In theory a spammer could write a filter to convert these sets of image tags into the email address. Then again, in theory they could OCR the single image version to get the text.

 

[allabout42]

very useful piece of code, thanks for sharing it!

 

[i386]

There is really no way to "hide" your source code. All methods are defeatable.

 

[hasif]

In search engines your site will not be listed if any of you use this script. Becasue the the search engines will crawl it will get NOTHING.

 

[axilant]

actually... you can make it able to be searched from a search engine...
All browsers use a special agent name, same with bots...

Id make the code to let bots search the site, but there is probally around 100 bots... i mean i could just use the popular ones...

Ill probally plan on making this actually... ill let ya'll know if i end up going any further...

 

[primacomputer]

I'd be wary of using such a system. First, all bots don't identify themselves. In fact some bots identify themselves in one instance and not in another. They use this to determine if you are serving different pages for bots and users. When they catch you, you get banned. And if you're running adsense on the site then you can loose your account.

And there is really not much point in keying of the user agent because bots that harvest addresses don't identify themselves as "SamBot Harvester 2.0". In fact my harvesting scripts run through an HTTP client. For basic things I use wget, always with -U. And when I need to read script encoded data I run through a browser, in which case you get the UA of whatever browser I tell it to use.

 

[matt_bodis]

thats where you can detect the bots with php and make it output the correct pages. So therfor your still safe. I will show you how to do that some time in the next week, ill update the code.

And that is when your sites suddenly dissapears from google because your are not complying with their policies. You can't serve different pages to search engines. It's spam, and someone will catch you sooner or later.

 

[liam_d]

You may also want to do some sort of check for javascript and if check is fasle tell them to turn it on :P