I was modifying my login form today when I noticed something quite strange. I’ve always been wary of dishing out my email address, having been the recipient of quite enough spam. And whenever I find some way to further obfuscate said email address, I jump on the opportunity. That’s why I installed the contact form; I didn’t want spambots harvesting my address and sending me letters about c1al3s. I’m 26; I don’t need the stuff.
As much as I like my current email address, it will probably have to be chunked, eventually. It’s so nifty, but I’m getting too much spam at that address. And that’s the curious thing; I never put my address out there for harvesters to read, I never use it in places where it might be read, I never even use it to send mail to folks I don’t trust not to send me unwanted petitions and cute pictures and such. Yet somehow it’s getting leaked.
The other day I was reading through my site statistics and noticed that the search phrase “search this site” came up quite often in the search form down at the bottom. [Note: The search form can now be found on the sidebar. -Ed.] That was during the period when I had that set as the default text in the query box. And then it hit me: the only way that could be at the top of the search list is if: a.) someone tried to be cute and spam my results by hitting the Search button a bunch of times, or b.) robots can push buttons.
We all know bots can traverse regular HTML links; that’s one of the purposes for links. But since it’s highly unlikely that someone is pushing the Search button for kicks, it’s quite surprising to find that bots can crawl those, too. Apparently, they treat it like a regular link. And this is where the story takes a turn for the worst. (Children under 13 should be accompanied by an adult.)
So I was modifying my login form when I realized this: if a person clicks a certain link or combination thereof, they get a message suggesting they contact the Administrator … complete with the Admin email address as a starting point. In case you hadn’t noticed, I’m the Admin. Granted, I think it’s necessary to enable registration to get the effect, but my site used to have registration enabled. Hence the naked display of my email address for the bots. Just for good measure, I changed that link to point to my contact form. No more harvesting, hopefully (as long as my contact form is secure), but there’s really no way to undo the fact that at least some spammers now have my address.
~Jonathan
Burn this feed.
