Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Simple but Effective Spam Harvester Solutions
From: Andrew Smith <stfunub () gmail com>
Date: Fri, 8 Oct 2004 23:09:13 +0100

Not entirely sure if this is appropriate for full-disclosure. Ah Well.

As you may well know there are programs that scour the internet
looking for email addresses, some people attempt to thwart them
writing emails like "my_email (AT) mydomain (DOT) com". These don't
really work, so i figured some of my own out. They appear to have been
successful, i will share them with you now.

Using HTML Escape characters is a popular method, eg:

 <a href="mailto&#58;escchar&#64;shiz&#46;biz">contact me</a> 
This works quite well but is easy to defeat (more on HTML escape
chars: http://www.theukwebdesigncompany.com/articles/entity-escape-characters.php)

I then started toying with JavaScript, this worked great. Here are
some examples:

document.write('<a href="mailto:js1&apos;);
document.write('">contact me</a>');

var a="@shiz.biz"
document.write('<a href=mailto:&apos;);
var b="js2"
contact me</a>

<script language="Javascript" src="a.htm"></script>
<script language="Javascript" src="b.htm"></script>
document.write("<a href=mailto:";);
</script>>contact me</a>

Also, worked pretty well. As it gets more complicated it's far harder to defeat.
Then i found PHP could be used, creating a file called 'mail.php' and entering:

header("Location: mailto:form2 () shiz biz")

into it, meant that linking to mail.php would launch an email.

Anyways, more info can be found here: http://www.wheresthebeef.co.uk/?p=hat

I hope some people have found this useful.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Simple but Effective Spam Harvester Solutions Andrew Smith (Oct 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]