Ryan Williams Posted February 7, 2007 Share Posted February 7, 2007 Hi, The best way of stopping (spam) robots dead seems to be to require JavaScript. Sadly, most statistics scripts seem to use a PHP include or something like that, which means bots can run amuck. The easiest way of preventing this to me seems to be to somehow make JavaScript be required before that PHP will run, however I'm not sure how to go around this. I know that it's not possible to slip the PHP include between some JavaScript tags due to the whole server/client execution thing, but is there any feasible way to accomplish what I described above? Basically, I'd want JavaScript to include another file that happens to be called test.php (for the sake of this thread). Thanks for any help you guys can offer. Quote Link to comment Share on other sites More sharing options...
trq Posted February 7, 2007 Share Posted February 7, 2007 Your question is tsill not at all clear, but yeah, php is well and truely finished by the time your output (javascript/html) gets to the browser and no, Javascript really ha sno way of including any server side code. Quote Link to comment Share on other sites More sharing options...
Ryan Williams Posted February 7, 2007 Author Share Posted February 7, 2007 Okies, thanks. Another approach is to use PHP itself in the header to detect whether or not the person has JavaScript enabled before processing the page. Is there any obscure way of doing this, or am I just dreaming? Sorry if my original post was a little convoluted. Basically I just want a statistics include to only be included/called if the user has JavaScript enabled, with the intention of stopping bots from triggering it and thus being included in the statistics. While I know I'll lose tracking of JavaScript users, with bot spam being as bad as it is it seems like a worthy compromise to me and the only largely foolproof way of doing it. Until they start writing bots that can deal with JavaScript. :( :( Quote Link to comment Share on other sites More sharing options...
mainewoods Posted February 7, 2007 Share Posted February 7, 2007 You could use ajax to retrieve yourtest.php after the page loads. Unfortunitely, any content hidden from spam bots that way would also be hidden from search engines. The only thing you really need to hide from the spam bots are email addresses so the real question you should be asking is 'How do I hide email addresses from Spam Bots?'. http://www.google.com/search?hl=en&q=hiding+email+from+spambot Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted February 7, 2007 Share Posted February 7, 2007 Do spambots work with sessions? i.e. if a spambot is browsing pages on a site, will $_SESSION store values across pages? If that's the case I may have a solution. Quote Link to comment Share on other sites More sharing options...
mainewoods Posted February 7, 2007 Share Posted February 7, 2007 Just make your stats call through ajax and no spam bots will activate it. Php cannot detect if js is turned on or not. js can set a page refresh with a url passed field so the next php invocation can know whether js is on but that's ugly. SESSION vars are based on cookies, so if anyone has cookies turned off, it would fail for them as well. The percentage of people who surf with js off is about 5% - 10%, not too bad. An alternate approach to ajax would be to do browser detection php side and only do your stats for browsers on your list. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted February 8, 2007 Share Posted February 8, 2007 I thought you could specify if the session ID is handled via cookie or URL parameter. Quote Link to comment Share on other sites More sharing options...
mainewoods Posted February 8, 2007 Share Posted February 8, 2007 If you passed the session id via the url, then it would have no effect in stopping spambots. The spambot would get it's own session id via the url and would have no problem in harvesting email addresses. Quote Link to comment Share on other sites More sharing options...
mainewoods Posted February 8, 2007 Share Posted February 8, 2007 What spambots are you talking about, email harvesters or guestbook spammers? There are a bunch of known techniques for stopping Email Harvesters dead using javascript and/or 'entity substitution': http://www.google.com/search?hl=en&q=hiding+email+from+spambot To stop spambots from entering spam into your guestbook or other web app, the best choice is a 'Captcha' script. If you search around, you can find many free php 'Captcha' scripts. http://en.wikipedia.org/wiki/Captcha Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted February 8, 2007 Share Posted February 8, 2007 "The spambot would get it's own session id via the url and would have no problem in harvesting email addresses." I disagree. The original poster asked for a discreet way to check if the user has javascript enabled. Here's what I'd do: When the page finishes loading, make an AJAX call to your server and set a $_SESSION value: $_SESSION['JSEnabled'] = true; In your site where the session is started, put the following: if(!isset($_SESSION['JSEnabled'])){ $_SESSION['JSEnabled'] = false; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.