Development Discussion Board

[naim]

What about protecting the e-mail address with an image (just an image, not a captcha.)

This would eliminate the possibility to copy the address to the clipboard. Or what would you type if you encounter a picture with an ambiguous font typing of Ill______O0@rnmwvvw.net (in another font type: Ill______O0@rnmwvvw.net)? Bots are mostly not intelligent - I guess they could be outsmarted by something like this already, which still stays selectable, so you can CTRL+C it:

Code: Select all

<span>admin</span><strong>&#x40;</strong><span>site.net</span>

1. All email address have a format, they need to be ASCII characters (i think) - if phpbb will use a system font, there is no way that it will not be displayed correctly.
2. In any way that a user can Copy a text to the clipboard, A robot will easily find the text, just like how a browser will resolve it. Even the "heritrix" crawler (archive.org) knows how to resolve links from JavaScript! - Robots are smart, even images are not the best protection but they are way better than plain-text.

[AmigoJack]

phpBB has a huge amount of users, they'll just recode their bots to decode it.

That's reasonable. No smart idea comes to my mind:

• JS generation of a displayed address will handicap user's which don't or won't use JS.
• Pictures out of addresses could be read via OCR.
• Using entities for characters was never really a hindrance.

So a CAPTCHA or Q+A interaction should be an option at least. Detecting bots is no good approach either, because that would need maintenance work.

All email address have a format, they need to be ASCII characters (i think) - if phpbb will use a system font

The underscore is ASCII, and as you see: using a monotype (that's what I think you meant by "system font") does not separate multiple of them, so you can only guess how many are used. While you and I are able to decipher 1lI properly, most normal users would loose orientation with that. That's why I'm for a solution which still let's you drag your mouse cursor in your preferred browser over the address to make a selection. You can show me a bot which actively renders the site in a HTML presentation only to find out that the container written on line 5 is visually next to the container of line 364 and they make up an e-mail address.

[naim]

Notes:
1) A CAPTCHA cannot be used on this page due to accessibility issues.

Who is going to start writing up Q & A?

By System Font i meant a font that all platforms have built in core, and anyway what system can't render and serve a small image?!
All we want is to verify that the user getting the admin's email is actually a human and not a robot - doing that without captcha is kinda hard... so displaying an image is the safest way to display an Admin's email address with protection from spam (well, spammers that don't have OCR...)

Or Just Let administrator choose to display plain-text or image (transparent background, select-able foreground).

[callumacrae]

Why does an email have to be written anywhere? Isn't that the point in the form?

[naim]

Its a contact page for support, if there is any problem with a forum, (the forum is not usable...)

[naderman]

The whole point of the contact page form is to no longer display the email address, but only offer a form instead. A CAPTCHA is not an option because this form is supposed to be used to contact administrators when a user needs help with solving a CAPTCHA. Having this form unprotected is no worse than the current situation where the email address is publically visible on the registration page.

[naim]

The whole point of the contact us page is to let anyone contact support in-case there is a problem with the site,
so if there would be a problem, wouldn't it effect the contact sheet to?!
And in phpBB there are no spam filters against spammers (at least no yet), so what if a spammer starts sending requests to the contact sheet?! Today most email addresses have spam filters...
The image is to protect against robots the don't have OCR.

[canonknipser]

so what if a spammer starts sending requests to the contact sheet?!

Maybe a method can be implemented to block sending a second request for a time (eg. 1 day - set in config-table) after sending a request, depending on the IP-Adress for guest or userid (for registered users).

[naim]

IP addresses change very often, and what if someone is connected to a network (workplace/internet-cafe)?

[canonknipser]

IP addresses change very often, and what if someone is connected to a network (workplace/internet-cafe)?

OK, your talking about a human spammer, i thought about spam-bots who are very often using the same IP for a longer period. So also add a changing captcha they have to fill in, and a lot requiered fields with autofill option disabled - human spammers will give up after a few tries.

How many guests (or better: users not logged in) will you have from the same inet-cafe or company-proxy having the need to use the contact page on the same day?