Kimler Sidebar Menu

Kimler Adventure Pages: Journal Entries

random top 40

SpamBack - Green Eggs & SPAM

June 29th, 2005  · stk

Serving a Tasty Dish for Any Spammer

Maybe I have a soft spot for the spammers? After removing all the "mailto:" references and entity-encoded email addresses from the site, email harvesting programs don't yield a single thing. That just doesn't seem right. So, using a process coined SpamBack "Green Eggs and SPAM", I changed that!

If the thought of giving spammers a dose of their own medicine is appealing to you, read on ...

Read full story...

Views: 13139 views
6 Comments · GuestBook
default pin-it button
Updated: 21-Aug-2005
Web View Count: 13139 viewsLast Web Update: 21-Aug-2005

SPAM, lovely SPAM, wonderful SPAM

June 23rd, 2005  · stk

Keep Your Email From Being "Harvested"

If you have an email address, I bet that you don't like all the unsolicited mail (SPAM) you receive. It's a waste of time. Mortgage refinancing, cheap software, "urgent" messages from Nigerians needing help (offering a percentage of 'millions' for assistance), links to XXX movies and pics ... these are but a few of the SPAM messages that made it past Yahoo's filter and into the inbox. What's a person to do?

Entity Values are a sneaky way of entering characters in HTML code. Instead of typing the letter "r" in - - one can put "r" (ascii) or "r" (hex) instead.

On the screen, it still looks like - - the entity values are converted to characters on the screen, by the browser. A harvesting bot, blindly looking at HTML code, sees only the string (depending on how the ascii and hex entity values were mixed). Doesn't look like an email address, does it?

It's a technique that used to be effective. (Notice that the browser didn't format the entity value email, because it didn't "recognize" it as an email address? In a similar fashion, the technique would fool email harvesting bots. The bot passed over the string, thinking it was more HTML gibberish).

If you've got a website - Don't give the spammers your email address by posting it on your site! Email-harvesting spiders (or bots) are programs that spammers use to search through website code for thousands of sites every day, scooping up discernable email addresses. They key in on the "@" character (an address requirement) or the "mailto:" hyperlink reference in the <a> tag. I recently reviewed the 'harvestability' of and discovered entity value encoding (see sidebar) no longer effectively "hides" addresses from harvesting bots. The programs have gotten smarter and many are now able to decipher entity values. It's high time for a new plan.

Not allowing email contact, you might think, is an option. Not for me. A contact link is a web-design requirement. Only poorly designed web pages do not provide a contact link and most of the better designed pages provide a link on EVERY page. Besides, if you don't put up a contact link because you wish to avoid SPAM, aren't you really giving in to the spammers? (I'd rather "out-smart" than "give-in".) ;)

After the overhaul, there are no longer any entity encoded email addresses or "mailto:" references, on the site . Now, not only isn't our email displayed, but there are even MORE ways for visitors to make email contact!

  • (1) PHP email form (fast and easy)
  • (2) javaScript-encrypted email links (the new "hide" technique)
  • (3) email image display (security and accessiblility)

The contact link (on the banner), displays on both b2evo and non-b2evo pages, alike. The link takes you to the contact page (which is integrated with the b2evolution and isn't a core hack), offering two methods for contact - the php form or email links (the non-java method kicks in, if you choose an email link and have javascripting turned off). After completing the php form, the script takes you back to whatever page you came from. There's also some error-checking to make sure that fields on the form are filled in properly. Nifty!

Go ahead, kick the tires and take it around the block for a spin. To learn more about SPAM, avoid SPAM, test the vulnerability of your site to harvesting, install a similar contact form on your b2evo installation or if you just want to watch the Monty Python SPAM skit (??) ... read on!

Read full story...

Views: 10514 views
4 Comments · GuestBook
default pin-it button
Updated: 23-Jun-2005
Web View Count: 10514 viewsLast Web Update: 23-Jun-2005
Filed in:CSS
Site News·b2evo

Introducing: Photo-Caption Zoom 2

June 15th, 2005  · stk


The images on your left are a demonstration of the new and improved Pure-CSS PZ2 "Pure-CSS Photo/Caption Zoom (Version 2)".

The images expand upon mouseover, displaying a larger image and corresponding caption (just like the original), but this advanced version won't distrupt the flow of the XHTML page.

As I learn more about CSS, I've tried to improve upon the original Pure-CSS Photo/Caption Zoom (or PZ as a certain someone from India likes to call it!)

This is the third attempt now, and "by jove", I believe I've got it! (Of course, I'm referring to the holy grail of Photo Zooms ... the OVERLAY method - where the image doesn't jolt/shift/migrate/move the text and surrounding elements).

The technique employed here is not without it's eccentricities, as it is not nearly as easy to deploy as the original. However, it remains much more user-friendly than it's progenitor - "Magnify Image", which requires the use of two image files. In contrast, PZ2 uses a single image file, saving both bandwidth and headache - and of course - adds the capability of a nicely styled caption.

Compared to the original Photo/Caption Zoom, PZ2 requires the use of an extra <div>, prior to the normal PZ code. Why? Because the only way to keep things from shifing is to use "position:absolute" (which removes the element from the document flow). However ... this doesn't really work for showing the un-zoomed image (as it would overlay the text). So ... to overcome this problem, one can place an empty <div> (sized to the photo) UNDERNEATH the "absolutely" positioned image. Boom. Text can be READ!

Of course, in order to place the empty <div>, one needs to know it's dimensions. Sadly, width is not enough. So ... whereas the original Photo/Caption Zoom utilized ONLY width, PZ2 requires the height (only the thumbnail height and it's entered directly into the HTML).

There is another idiocyncracy of this second version and I blame it COMPLETELY on MSIE (as it isn't an issue with FireFox). The MSIE problem: they (currently) don't differentiate between the z-index of an un-hovered -vs- hovered element. WHAT? The bottom line: To satisfy MSIE, each PZ2 image MUST be uniquely named and be assigned a z-index value greater than the image that follows, or it won't "overlay" that image.

Edit: A work-a-round to overcome this problem has been discovered and applied to the next version - Photo-caption Zoom Version 3 (PZ3).

This isn't a problem within the post, but becomes difficult to manage from post-to-post. Bottom line: don't place PZ2 images near the bottom and for images that expand to tall dimensions ... place them near the top.

One other thing. The overlay (position:absolute) method dictates that ALL images open from the upper left-hand corner. No big deal for images floated left, but for images floated right - be aware.

Edit: Not an issue in the next version - Photo-caption Zoom Version 3 (PZ3).

I hope that this little demonstration has whetted your appetite for more, however, with the workload currently sitting on my desk, it will be some time before I'm able to properly document everything and make it available for public consumption (CSS code, XHTML code and b2evo-specific instructions).

Hang tight ... as I WILL get around to doing this. Check back periodically (or, if you so desire) skids can be greased via PayPal ;) (Just email to get the correct address).


Views: 38624 views
15 Comments · GuestBook
default pin-it button
Updated: 22-Feb-2008
Web View Count: 38624 viewsLast Web Update: 22-Feb-2008
Filed in:Site News

Tracking Online Users

June 8th, 2005  · stk

A "Site Tools" Upgrade

When I finished my little project, yesterday, I wrote:


I've finished the upgrade it's pretty neat ... even if I do say so myself. ;) Check out the "currently visiting" number in the "site tools" area. I've written a PHP/MySQL utility to figure out how long folks are on, what they're reading and where in the World they are! :D

Just today, while working on it, we had visitors from Costa Rica, Netherlands, the US, Australia and Taiwan.

When I realized that IP addresses number ranges correspond to various countries, I thought it would be interesting to discover where our website visitors come from. I first added this capability to the comments and just yesterday, to our real-time "users online" feature. It was a fun project and I learned a lot in the process.

Read full story...

Views: 5330 views
5 Comments · GuestBook
default pin-it button
Updated: 13-Jun-2005
Web View Count: 5330 viewsLast Web Update: 13-Jun-2005
Filed in:XHTML
Site News

Offsite Links = New Windows

June 1st, 2005  · stk

Custom DTDs, JavaScripting & XHTML "Standards"

Here Ye, Here Ye: from this day forward links which take you off-site (away from will open in a new window. If you click on this yonder b2evolution link, it'll open in a new window . If you click on our homepage link it opens in the same window.

There are some exceptions. (I'm King around here - that's Mr. King to you - and what good is power, unless you can abuse it?) Externally linked images won't have the 'external link' hover color designation, but a tooltip should clue you in. There are a few on-site features, like the "Email Story" tool, that will open a new window & the link is colored appropriately.

Some of you may not notice or care about the different link styles, but believe me, I gave it long and careful consideration. Even though many of the realm are against the practice, the ends justify the means. To learn about WHY this practice is deemed "evil", or to review some of various new-window standards-compliant techniques, or to just voice your opinion ... read on.

For those who are ready to click away: (because the thought of opening new windows is so completely distasteful) know this: you can elect to defeat this preference. :)

How to keep it all in one window:

 ie  In IE, right click an off-site link and select "Open". (See? That wasn't hard.)

 ff  In FireFox, right-click and select "Open Link in New Tab".

ff  And lastly (if you're a tax-evading, spam-generating, nobility-hating clown) just turn off JavaScripting. We've got you covered!

What's not to love? The method is semantically correct, validates as XHTML 1.0(strict) or XHTML 1.1, separates the data (HTML) from the behavior (JavaScript), degrades gracefully if JavaScripting is turned off, allows full right-click functionality (Open, Open in New Window, Print Target, Copy Shortcut & Add to Favorites), is identifiably styled and can be overridden.

Read full story...

Views: 9753 views
2 Comments · GuestBook
default pin-it button
Updated: 1-Dec-2006
Web View Count: 9753 viewsLast Web Update: 1-Dec-2006