One way to defeat spammers

Ever since Brightmail closed up their free filtering service, I’ve been thinking a lot more about spam because I’ve been getting a lot more. I know where these losers are getting my e-mail address. It’s right here on my Web page. But I need to post that so people can contact me. Fortunately, I found a trick. Look at this:
dfarq@swbell.net

That’s just an e-mail link, right? It works just like any other, right? Well, here’s the HTML code for that:

mailto:dfarq@swbell.net

See what I did? I obscured the @ sign with an ASCII code (64), along with the dot (46) and a couple of other characters like the colon. Most automated e-mail address harvesters don’t decode the HTML, so their search routines, which look for things like @ signs and dot-somethings will blow right past that.

So if you run a site, obscure your e-mail address. If you don’t remember your ASCII codes, hopefully you’ve still got QBasic on one of your machines. In QBasic, the command PRINT ASC(“A”) will give you the ASCII code for the letter A. Substitute any letter you like. Or you can remember that A is 65 and lowercase a is 97. A is 65, B is 66, and so on.

When a Web site asks you for an e-mail address, you can see if it’ll let you obscure parts of it. Unfortunately, my forums flag illegal characters, but I may be able to modify that. Some Web sites aren’t that smart.

Obviously this trick won’t work in e-mail, unless you always send your mail in HTML format, which I (along with about half the world) really wish you wouldn’t–it’s annoying. And even if you obscure the mail you send, if I copy and paste your mail to my site, it’ll go up there unobscured. So this advice is mostly for webmasters.

Anyway… On to other things.

We’ve moved, if you haven’t noticed. These pages should be at least a little bit faster. The forums will be several times faster. And the forums are goofy. I haven’t figured out exactly why, but posts are missing and user files are acting up. If you’re having problems (Steve DeLassus just told me he can’t post because it tells him his .dat file can’t be accessed), go ahead and re-register. If you want your post count raised to its previous level, just let me know. I can change that. (Hmm, I wonder if Gatermann would notice if I set his post count to a negative number…?) I’d have preferred to move everything intact, of course.

Anyway. Go play in the forums. See what breaks. If I don’t know it’s broke, I sure can’t fix it. (I may not be able to if I do know, but hey, I can give it my best shot.)

Update: It’s 5:45 in the p.m., and you’re watching… Wait. That’s something else. The forums seem to be working properly now. Lack of uniformity between Linux distributions bites me again… It wasn’t the location of the files YaBB was objecting to, nor was it permissions. It was ownership. Under Mandrake, Apache runs as a user named “apache” and thus files created by CGI scripts like YaBB are owned by “apache.” Under TurboLinux, Apache runs as user “nobody,” and thus files created by CGIs are owned by “nobody.” And when you just tar up your Web site and move it to a new box like I did, those files remain owned by their old owners. Since Linux assumes you know what you’re doing, it happily handed those files over to a non-existant user. So when YaBB came knocking, Unix security kicked in and said, “Hey, nobody, you don’t own these files,” hence those error 103s everyone was getting.

4 thoughts on “One way to defeat spammers

  • June 7, 2001 at 9:04 am
    Permalink

    Yep, that’s exactly it. Mandrake gave Apache a user ID, and when I moved the files over, the owner of the group changed and now YaBB can’t get to the files.

    So the question is, how do I find out what user Apache is running under so I can change ownership to those files?

  • June 7, 2001 at 11:25 am
    Permalink

    BTW, I’m peeking in from work, and I just ran into the 103 error Gatermann was getting (Can’t access so-and-so-file"). Doesn’t matter if I’m logged in or not. I’ll try re-registering and see what happens.

  • June 7, 2001 at 11:46 am
    Permalink

    I found the fix. I’ll have to change a couple of lines in my Apache configuration file to make it run under its own user ID, then that’ll fix the 103 error. Theoretically.

    Evidently, Mandrake includes a line somewhere in /etc/httpd/httpd.conf that reads "user apache" and, judging from the ownership of the files my CGI scripts are creating, Turbo is using "user nobody," and since the files belong to a user named apache, but Apache is running as nobody, we’re getting 103 errors all over the place.

    We’ll be back in business sometime tonight. I hope.

  • June 7, 2001 at 12:35 pm
    Permalink

    Actually, I can post, but my post count (which should be about, oh, 352 about now) doesn’t increment due to my .dat file being inaccessible. Don’t remember the exact message, but it sounded like a permissions issue.

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux