In the fight against spam, web developers couldn’t do much except installing additional software like spamassassin on their webservers, which is really the webhoster ‘s job. And that doesn’t stop all of it, far from it. Especially if you inherit a website that is all in html, contains thousands of pages, and a lot include your customer personal email address, the one he really can’t change, you know? Like firstname(Replace this parenthesis with the @ sign)lastname.com or something… Like i just did ;)

So i had to find an easy and efficient way to protect all these pages, blocking email harvesters and spambots BEFORE they could actually parse the pages and collect their victims.

Enters (again) one of your best spam-nuke weapons: Bad Behavior by Michael Hampton .

How to protect a html only website from spambots and email harvesters:

  1. Make sure your webserver has PHP 4.3.+ enabled
  2. Download Bad Behavior
  3. FTP to your site, create a folder that will contain bad behaviour core scripts (personally, i use a “_lib” library for all my scripts, and have my “badBehavior_antispam” folder inside. I name it like this so if another developer inherits the website, he gets what this folder contains without having to dig into the code)
  4. Create (or update) a .htaccess file, by adding this piece of code:

[PHP]

# BAD BEHAVIOUR ANTISPAM INTEGRATION
AddHandler php-script .htm .html

php_value short_open_tag “Off”
php_value auto_prepend_file “local/absolute/path/to/your/badbehaviour/folder/bad-behavior-generic.php”

[/PHP]

an example of the localpath:

[PHP]

/var/www/vhosts/microshmock.com/httpdocs/v2/_lib/badBehavior_antispam/bad-behavior-generic.php

[/PHP]
Don’t know the absolute local path of your website ? Upload a php file containing the following bit of code and then browser to it, it will display the local path to the root of your site:

[PHP]

< ?php echo $_SERVER['DOCUMENT_ROOT']; ?>

[/PHP]

That’s about it! Your site is protected from email harvesters and spam bots!

[UPDATE:] i’ve found out (the hard way) that this may break php script if your server ‘s php.ini file has short_open_tag = Off. (that is: < ? instead of < ?php)

So make sure you either always use < ?php or set the php.ini variable short_open_tag = On