View Source Protection

[Brian Cryer]

I have designed a web page that I love, but I want to protect my codes from
someone simply hitting view source... is there a code I can use

Thank you

Mike

as you've probably gathered from the other responses, there is no guaranteed
way to hide your source. If the browser can render it then someone else can
view it. There are techniques for making it more difficult, but there is
nothing you can do that will 100% block people's ability to view it. Sorry.

 

[rf]

Okay, here is the PHP code to encrypt the page, just run it as an include in
your page and it will alter your page on the fly. It does have uses contray
to some of the negative people in this thread. I made a spam proof email
link with it. Have a look at:

Yeah, right, like I'm going to go to the trouble to install/fix that posted
stuff to prove you wrong. Nope.

Provide the URL to a page that has used that scheme. Then we will provide
you with the crack.

 

[Greg N.]

It does have uses contray
to some of the negative people in this thread. I made a spam proof email
link with it.

I must admit I don't quite follow the logic behind your script.

Do you assume that the spammers' email address harvesting bots don't
execute javascript? I don't know if this is the case, but let's assume
they DON't run JS.

If the bot does not run JS, even the most basic obfuscation script will
do just fine, like, for instance, this one:

document.write('yodel');
document.write('_');
document.write('dodel');
document.write('@');
document.write('yahoo');
document.write('.');
document.write('com');

If, however, one of these bots now or in the future runs JS, neither
your big an complex script nor my simple one will do any good.

 

[Jonathan N. Little]

I must admit I don't quite follow the logic behind your script.

Do you assume that the spammers' email address harvesting bots don't
execute javascript? I don't know if this is the case, but let's assume
they DON't run JS.

If the bot does not run JS, even the most basic obfuscation script will
do just fine, like, for instance, this one:

document.write('yodel');
document.write('_');
document.write('dodel');
document.write('@');
document.write('yahoo');
document.write('.');
document.write('com');

If, however, one of these bots now or in the future runs JS, neither
your big an complex script nor my simple one will do any good.

Hey, was the OP to hide an email from bots or hide the whole page's
source?! I read it as the whole page! If JS write ins won't stop NN4.x
it renders the source on 'view source' AFTER the javascript!

 

[Jemdam.com]

I must admit I don't quite follow the logic behind your script.

Do you assume that the spammers' email address harvesting bots don't
execute javascript? I don't know if this is the case, but let's assume
they DON't run JS.

If the bot does not run JS, even the most basic obfuscation script will do
just fine, like, for instance, this one:

document.write('yodel');
document.write('_');
document.write('dodel');
document.write('@');
document.write('yahoo');
document.write('.');
document.write('com');

If, however, one of these bots now or in the future runs JS, neither your
big an complex script nor my simple one will do any good.

True, the bottom line is the browser has to read it so it can always be
hacked but the spam proof email system on http://spam.jemdam.com goes some
way to helping. As the code is all messed up no @ signs are present to it
just skips it. I can say it does make a great difference. If you own a
domain and make 2 non standard address (i.e., not info@ webmaster@ etc) and
protect 1 I would bet the un protected one gets an order of maginute more
spam.

Would anyone like to take me up on the bet? Let's say $100.

 

[Jonathan N. Little]

True, the bottom line is the browser has to read it so it can always be
hacked but the spam proof email system on http://spam.jemdam.com goes some
way to helping. As the code is all messed up no @ signs are present to it
just skips it. I can say it does make a great difference. If you own a
domain and make 2 non standard address (i.e., not info@ webmaster@ etc) and
protect 1 I would bet the un protected one gets an order of maginute more
spam.

Would anyone like to take me up on the bet? Let's say $100.

Again isn't issue hiding the page source from people not emails from bots?

 

[Beauregard T. Shagnasty]

gets an order of maginute more spam.

How many spams are in an order of maginute?

 

[Jonathan N. Little]

Jemdam.com wrote:




How many spams are in an order of maginute?

I was going to inject something funny about the spelling error, but a
quick Google startled me with how many folks misspell magnitude that
way! :-D

 

[Jemdam.com]

How many spams are in an order of maginute?

Bloody hell guys, you know what I was meaning. Some times these discuss
threads can be a nightmare. A person asked a question on source protection
and 90% of the replies are about insulting each other, it is just another
form of SPAM wasting people times and bandwidth.

 

[Mark Parnell]

Bloody hell guys, you know what I was meaning.

Yeah, but they're just having fun. Take it in the spirit it was
intended.

Some times these discuss
threads can be a nightmare.

If they bother you, don't read them.

A person asked a question on source protection
and 90% of the replies are about insulting each other,

I don't recall seeing any insulting posts in this thread to date. But
it's not too late yet! ;-)

it is just another
form of SPAM wasting people times and bandwidth.

If you're really that worried about wasting bandwidth, how about using a
decent newsreader that strips people's signatures when replying?

 

[Greg N.]

...the spam proof email system on http://spam.jemdam.com goes some
way to helping. ....
I would bet the un protected one gets an order of maginute more
spam.

Maybe, but that's not my point. My point is, even the most primitive JS
script can obfuscate the email address such that a (JS ignorant) email
harvesting bot can't extract it from the html source. You have not
explained why your grotesquely complex approach should be more effective
towards that end.

 

[Greg N.]

Bloody hell guys, you know what I was meaning. Some times these discuss
threads can be a nightmare. A person asked a question on source protection
and 90% of the replies are about insulting each other, it is just another
form of SPAM wasting people times and bandwidth.

Nobody is insulting anybody. We're just trying to understand what
purpose your php-scramble/JS-descramble scheme serves.

Two issues were discussed:

1. Hiding the source from the user

The view source function of a browser shows the results of any JS code
on a page. In other words, if the JS deciphers the scrambled source,
view source will show the clear text source.

2. Hiding an email addres from a spam bot

Your solution may do that, but it's grotesquely complex. A simple 3-line
JS script does the same.

 

[Jemdam.com]

Yeah, but they're just having fun. Take it in the spirit it was
intended.

Okay comment

If they bother you, don't read them.

Childish reply and hense prove my point in the previous post

I don't recall seeing any insulting posts in this thread to date. But
it's not too late yet! ;-)

Another childish reply

If you're really that worried about wasting bandwidth, how about using a
decent newsreader that strips people's signatures when replying?

Need I say more . . . . . . . . . .

 

[Jemdam.com]

Maybe, but that's not my point. My point is, even the most primitive JS
script can obfuscate the email address such that a (JS ignorant) email
harvesting bot can't extract it from the html source. You have not
explained why your grotesquely complex approach should be more effective
towards that end.

As you may have seen from previous messages insults include things like "
grotesquely complex" etc. I would love to meet some of you guys and see what
type of people you are. If you all met up for a beer together would you get
on or would you just slag each other off. Now back to the subject without
any off the cuff comments.

The main purpose for the PHP system is you can add it to the top of a page
in the original source. Code as much HTML / PHP / Javascript etc as you like
and the page is encrypted on the fly. You don't have to think about it, it
is always scrambled. May be there is too much detail for email protection
but you can use it for many other things. Very handy when you don't want it
to be obvious what fields are used for hidden statments in forms etc.

 

[Oli Filth]

As you may have seen from previous messages insults include things like "
grotesquely complex" etc. I would love to meet some of you guys and see what
type of people you are. If you all met up for a beer together would you get
on or would you just slag each other off. Now back to the subject without
any off the cuff comments.

I think you're mistaking the inevitable to-the-point-ness and brevity
of a technical NG for deliberate rudeness or insults.

The main purpose for the PHP system is you can add it to the top of a page
in the original source. Code as much HTML / PHP / Javascript etc as you like
and the page is encrypted on the fly. You don't have to think about it, it
is always scrambled. May be there is too much detail for email protection
but you can use it for many other things. Very handy when you don't want it
to be obvious what fields are used for hidden statments in forms etc.

Making your site un-indexable and inaccessible to JS-disabled users is
rather a high price to pay just to hide something which is easily
discoverable anyway, wouldn't you say? After all, anyone who's going to
piss about by hacking hidden form fields probably knows enough to get
round the obfuscation.

IMO, e-mail munging is the only valid/sensible use of JS "encryption",
but as has already been said, this csource.php is massively
overcomplicated for this purpose.

A simple server-side pattern-match and replace (i.e. replace e-mail
addresses with "Response.Write("someone");
Response.Write("@example.com")) would save the same purpose, take less
server processing time, allow your site to be indexed, and minimise
inaccessibility problems.

 

[Mark Parnell]

Need I say more . . . . . . . . . .

No, I think you've quite clearly demonstrated who the childish one is
here. You'd better stop before you incriminate yourself even further.