Guestbooks: Protecting
|
|
|
|
|
Richard H. Nilsson, May 15, 2003 AbstractMalicious email-miners can use easily obtained tools to collect exposed email addresses your visitors leave in your guestbook. The purposes of a guestbook are usually to permit site visitors to leave comments and provide a means of establishing contact with others of like mind or belonging to the same group to establish a line of communication. Usually this is accomplished by the visitor leaving his/er email address. Not only can you readily detect and divert known miner programs, you can also hide your visitor's addresses and still allow visitors to send messages to each other. Solutions for both techniques are given. Requires knowledge of, and availability of PHP/MySQL services on your host ISP's server.
The problemOne problem with unrestricted, unlicensed, universal access to a world-wide data network is that malicious infants or unscrupulous spammers can surreptitiously mine your pages for email addresses. You owe it to your visitors to take any action you can to protect the information they volunteer, including their email addresses. In the old days, if you staked a legal claim to your mine, others had to leave it alone or eventually face a magistrate and the consequences of trespass. Not so with the Web. For the small-site owner, retribution is virtually unattainable. How do miners get your addresses? Very simply, they acquire one of several dozen readily available 'robot' applications and use them to scan your site. These applications typically have some intelligence built in for spotting obvious attempts at hiding addresses. For example the (very) old ploy of putting "nospam" in your address, or similarly changing the "@"-sign to "at", "(at)", or "(a)" is no longer effective. Another, more incidious exploit is to inject "extra" addresses into the "to" field of PHP email scripts. What can you do? Actually there three steps you can take: First, you can detect and deflect many of these known 'bots' as soon as they attempt to access your guestbook. Second, you can hide your visitors addresses so they can't be mined even if the bot slips in to view the guestbook. Third, you can script in ways that prevent PHP injection. Deflecting Known BotsHow do you detect a bot intrusion? For just a guestbook, it's not totally necessary to do this, so I'm not going to go into the details here, but I will give you a link to a solution. Please see what my friend Loran did to protect his entire site. I just applied his techniques to my guestbook page. 'Enkode' Your AddressesThe folks at Automatic(formerly Hiveware) have graciously provided an on-line form which encodes your address, phone number or any other text into a block of JavaScript that the email miners are as yet unable and unlikely to break. If you only have a few addresses to protect, this is an easy solution. I use this technique for the odd time I just want to give an "email me" link in an obvious place. I save the "Enkoder"-generated code in a file called "myenkodedaddr.js" in an includes directory and then insert this code where the address link should go:
In addition, your ISP may allow you to protect the includes directory using .htaccess or some other method that doesn't interfere with the Web serving of your pages, but prevents someone from finding out how your address is "enkoded". Database Your GuestbookThe best way to hide your guestbook visitors addresses is to store them in a database. These days, most ISPs provide free access to your own MySQL database for the basic monthly rate. If yours doesn't, consider switching. Find a good PHP/MySQL tutorial using Google and set up a database for your visitor entries. There are plenty of tips around for displaying 10 or 20 entries at a time, and browsing large databases. Here is a PHP tutorial telling all you need to know to set up a MySQL "db" on a LAMP-technology host (Linux_Apache_MySQL_PHP). Many more are available on the web; do a Google-search with keywords "php tutorial mysql". Create a database containing a table of visitor's information; for the example, I called the table "Messages", because that's what it contains. In your table structure, provide fields for at least message id (make this the unique id), timestamp, first name, last name, email address, and a message. Here's an example MySQL database table creation command, that sets those up and has a few additional fields: CREATE TABLE Messages ( Entryid int(5) NOT NULL auto_increment, Time varchar(8) NOT NULL default '', Date varchar(10) NOT NULL default '', Fname varchar(20) default NULL, Lname varchar(20) default NULL, Email varchar(40) default NULL, URL varchar(80) default NULL, City varchar(30) default NULL, State varchar(30) default NULL, Country varchar(20) default NULL, Comments text, PRIMARY KEY (Entryid), UNIQUE KEY id (Entryid) ) TYPE=MyISAM; Fields of a visitor's message (one row from the table) are fetched from the database via a PHP API (Application Programing Interface) "query" statement into an array arbitrarily called "$myrow". (You can see examples of these statements in the section "Provide A Mailer", below.) Elements of the array are displayed by printing "$myrow['FieldName']" where "FieldName" is one of the names of the fields in each record, for example the unique record ID, "Entryid". Where you would normally show the visitor's email address as a link that brings up the browser's email client for generating a message, use something like this code instead:
All the browser or the bot sees is an inoccuous link saying "Send a message". Clicking the link, however, opens a new window ('target=\"_blank\"') and fills it with the file "mailform.php" (a file you must create) and passes it the 'Entryid' of the record containing the recipient's address ('href=\"mailform.php?thisid=%s\"'). The "%s" gets the value "$myrow['Entryid']" given later in the code line. This page is basically an email message form. It is important that you do not display the recipient's email address in the page. In the example email form I link to below, notice that only the recipient's name is shown. Neither the browser nor a link-following bot can see the address, because it stays on the server as a PHP variable value. Provide a MailerNow that you've hidden your visitors' information invisibly entrenched in a database, you need to provide an alternative means for your visitors to open private communications channels which they can continue on their own. I did this on one site by creating a PHP-enhanced mailer form. Download a copy from the link below and open it in an editor to read along while I discuss some of it's features: Example numbered 'emailform.php' The example mailform has some interesting features. It provides a form for entering a message much like popular email clients, it does some verification of message contents, and uses a built-in PHP function to send the message through your ISP's mail server. Follow along while I describe the code line-by-line: Description of 'emailform.php': Here's an un-numbered version you can download and use as-is: To use this mailform, make any appropriate changes to match your database setup, site style, color schemes, and save the page as "mailform.php" or some other name ".php" as desired. Figure 1: Message form in the browser  Summing upThe Web can be a dangerous place, and you owe it to yourself and your site visitors to protect anonymity. The steps shown here can make any emails your visitors leave with you invisible to spammer email-miners. The sooner you implement protection, the better. Our experience has shown that spammers regularly update their lists, so the sooner you hide your email addresses, the sooner they will disappear from unwanted mailing lists. Copyright 2004 Richard Nilsson. Verbatim copying and redistribution of this entire article are permitted without royalty in any medium provided this notice is preserved. |
|