[TYPO3-dev] Announcement: Web based reader of our Newsgroups

ries van Twisk typo3 at rvt.dds.nl
Thu Dec 20 13:50:31 CET 2007 

On Dec 20, 2007, at 4:14 AM, Steffen Kamper wrote:

> Hi Ries,
>
> "ries van Twisk" <typo3 at rvt.dds.nl> schrieb im Newsbeitrag
> news:mailman.5920.1198099489.14020.typo3-dev at lists.netfielders.de...
>> hey steffen,
>>
>> if lists.netfielders.de shows mail addresses it doesn't mean you/me/
>> community has to do it as-well.
>> I think we should give the spam harvesters as least amouth of info  
>> as  we
>> can.
>>
> i did it for the moment as you proposed. Later i would liked to have a
> solution like nabble, where you can mail to a person using a webform.
>
>> I don't see why we (support,typo3.org) is better protected?
> spamprotection ;-)
>
> vg  Steffen
>

Hey Steffen,

what is so good about that?
There is really nothing good in TYPO3 that would seriously prevent  
harvesting of mail addresses.

For example this is found in the source:
<a href="javascript:linkTo_UnCryptMailto('nbjmup+uzqp4Aswu/eet/ 
om');">typo3(at)rvt.dds.nl</a>
That format is so easy parsed by even the simplest parser that it can  
be harvasted, Now let's play smart
and we change it to this (I think you did that already, great!!!!):
<a href="javascript:linkTo_UnCryptMailto('nbjmup+uzqp4Aswu/eet/ 
om');">typo3(at)xxxxxx.nl</a>
This is already a lot more difficult, right?? A simple script kiddy  
cannot get the mail address anymore using
some fancy regexp, but wait!!! That javascript really does something...

So that guy graps a copy of http://www.mozilla.org/rhino/ re-writes  
his harvest robot function in java (he would
have used basic to start off with....) and voila, he can harvest mails  
again.

Keep in mind that TYPO3 lists could be a potential target since the  
community is fairly
large so we need to protect ourselfe and the people that uses it.

hey Steffen, I still think you did a great job still!!!!

PS: Don't forget to remove/protect mail addresses in the body pof the  
news/mails.

Ries


--
Ries van Twisk
Freelance TYPO3 Developer
email: ries at vantwisk.nl
web:   http://www.rvantwisk.nl/
skype: callto://r.vantwisk
Phone: + 1 810-476-4193

More information about the TYPO3-dev mailing list