What are spam crawlers?

Spam crawlers are automatically programmed bots that steal your email address from the web by various mechanisms and use it in bulk email or other purposes usually referred as spam. This process is also known as email address harvesting.

Contact details, terms and policies, about pages and pretty much everywhere on your site where you publicly expose your email address, is a great resource for crawlers.

The crawler or so called harvester automatically searches the HTML content of your web site, usually scanning the link tag

<a></a>

So what’s the idea?

There’re few workarounds for protecting email addresses and you’ve probably seen solutions like displaying the email in format: info (at) invoicebus (dot) com, embedding the email into an image, implementing contact form etc. However, in all cases you don’t get clickable email link, so here we’re going to use a little hack.

Beside the href=”mailto:” attribute, the spam crawler scans every HTML code that contains “@” sign, so can easily figure out and extract the actual email address. Our objective is to keep the crawler task difficult as much as possible.

In fact, we’ll programmatically hide the email address behind variable and dynamically print it in run-time, exactly when the page is rendered by the browser. The crawler won’t be able to find it anywhere in the code.

If we divide the email address on 3 parts,

we can assign the value sequentially in two steps by concatenating strings.
Here’s the JavaScript snippet for it:

<script type="text/javascript">

     var emailE = 'invoicebus.com';
     emailE = ('support' + '@' + emailE);
     document.write('<a href="mailto:' + emailE + '">' + emailE + '</a>');

</script>

The code will display the following link in the browser:

You can even write your own JS function that transforms the letters with custom pattern, but for now I’ll stick to the basics.

Of course, you also have another option of not using the JavaScript by directly encoding the value of the HREF attribute with HTML ASCII encoding or URL encoding.

<a href="mailto:yourname@domain.com">yourname@domain.com</a>

<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#121;&#111;&#117;&#114;&#110;&#97;&#109;&#101;&#64;&#100;&#111;&#109;&#97;&#105;&#110;&#46;&#99;&#111;&#109;">&#121;&#111;&#117;&#114;&#110;&#97;&#109;&#101;&#64;&#100;&#111;&#109;&#97;&#105;&#110;&#46;&#99;&#111;&#109;</a>

In both cases, the browser will display the following:

yourname@domain.com

I quickly wrote a simple HTML ASCII encoder that can be used to encode your email addresses or any text you want.

There’re couples of other methods available, but I believe these two are the most effective ones, so far. It’s up to you which one you’ll choose. For us, JS method works pretty well.

A little effort and a few lines of code on your site will save you from tons of unsolicited and junk email later.


Now let me hear your thoughts on it.
Have any suggestions of how to improve these methods, or maybe some others we haven't heard about?

Author information

Stefan Chachovski

Co-founder of Invoicebus. Huge lover of nature, science, and chocolate cherry cordials. He occasionally writes on this blog about Invoicebus' stuff. Hello him on Twitter or subscribe to his updates on Facebook.

| Twitter | Facebook |

The post How to Protect Your Email Address From Spam Crawlers appeared first on Garage.

The invoice editor of Invoicebus is “What You See Is What You Get” tool for creating fast and easy invoices, and at the same time, centralized place for management of other data like:

We spent a lot of time to raise this concept on a level that allows incredibly natural, fast and focused flow of the invoicing process as a whole. You can see it in action from this video:

The main concept here is to rid of all separate management pages, screens, pop-ups, back and forth navigation, page reloads; and instead, to integrate all assets on the same page, accessible exactly when and where you need. The result is uninterrupted workflow experience with significantly increased speed and focus.

Invoice editor for creating and editing invoices	View of already created invoice	Invoice in PDF format Download the example in PDF
Invoice shown in the client’s inbox	Printed version of the invoice	Email notification that the invoice has been viewed by the client

After creating your first invoice, Invoicebus learns all settings by himself and automatically applies them in future.

Feel free to try it by yourself and see how it works. Thereafter, leave a comment of how much time you needed to make your first invoice. We would be happy to hear from you.

Author information

Stefan Chachovski

Co-founder of Invoicebus. Huge lover of nature, science, and chocolate cherry cordials. He occasionally writes on this blog about Invoicebus' stuff. Hello him on Twitter or subscribe to his updates on Facebook.

| Twitter | Facebook |

The post Feature Preview 3: The Invoice Editor appeared first on Garage.

Data Storage Security

In our case, data storage security refers to the way of keeping and managing customer’s data within the database: invoices, quotes, clients, company details etc.

These kinds of sensitive information are kept in a form that is encrypted by the Advanced Encryption Standard (AES) – first open symmetric-key cipher approved by the National Security Agency (NSA) and used by the US federal government for storing secret information.

The human way of showing how this thing works is by the picture below:



We use the words lock, unlock as a way to visualize the meaning of encryption, decryption process of the powerful AES algorithm respectively.

The security key is kept encrypted (with RSA algorithm) in a separate, isolated place (on a different server protected by other security mechanisms and firewalls). Every time when AES needs to lock/unlock data, it requires the decrypted form of his key.

Hypothetically spoken, if security breach happens to the database server, the attacker would not be able to retrieve any meaningful data without this key, unless he has Dan Brown’s TRANSLATR at home.

Other aspects of Data Storage Security

Backups and redundancy are closely related to the Data Storage Security, but will be covered in the upcoming part 5 – Hosting Server Security.
Part 4 and 5 of this security talk series will be continued after the Invoicebus launch.

Author information

Invoicebus Team

We're a team comprised of a few die-hard code freaks, lovers of beautiful design, stewards of simplicity, and passionately dedicated to the user experience. Invoicebus is a great vehicle to express what we do best. Click here to learn more on our business philosophy and how we actually do it.

| Twitter | Facebook |

The post Sleep tight, your data is secure, part 3 – Data Storage Security appeared first on Garage.

For storing passwords Invoicebus uses something called one-way encryption with salted hash functions. Why is it called one way? Because it can not be decrypted ever, actually it’s not even an encryption. It’s a hash that is completely different thing. In fact, this is one way ticket algorithm for which there is no returning path. This is too awkward explanation of hashing and it might sounds like a rocket science, so with a couple of diagrams we will try to explain as simple as we can what it’s all about.

Password Creation

This process happens every time you enter new password, you sign up, reset or change your password.

• Step 1: Generating random text called random salt, unique for every user.
• Step 2: Generating hash value from both your plain text password and the salt. The hashed salt will be stored in the database (DB) for validating the password in future (at login).
• Step 3: Generating hash value of the concatenated hashes from the previous step. This is the final password hash that will be stored in the database (DB).

The entered password is transformed to a binary value which looks like random gibberish, and nobody, absolutely nobody can retrieve the original plain text back, at least not with today’s technology.

What if two users choose exactly the same password? Will their passwords be represented with same binary values in the database? – No! That’s what salt ensures, unique and hardened passwords, so every password is absolutely unique in the database. Even if you try to reset the old password by entering a new one that is exactly the same as the old password, its representation would be completely different in the database.

Example:
Old password: invoicebus123 —–> generated as: 8de0c3c519
New password: invoicebus123 —–> generated as: bc9fe98a12

Password Validation

Let see how the password is validated during the login process.

• Step 1: Generating hash value for your plain text password. Retrieving the stored salt form the database for that particular username.
• Step 2: Generating hash value of the concatenated values from the previous step.
• Step 3: Comparing the final hash password from the second step with the final password retrieved from the database. If they match the user is authenticated to access the system.

If ever happen to forget your password, Invoicebus would be unable to retrieve it in its original plain text representation. That’s why an email is sent with a link where you can enter a new password.

Be aware of online services that retrieve your password in plain text when you try to reset it. That indicates they don’t use hashing; probably they have some poor password encryption or don’t have an encryption at all. And even hashing is used, it’s a good advice to always choose unique and strong password for every online account you own.

Author information

Invoicebus Team

We're a team comprised of a few die-hard code freaks, lovers of beautiful design, stewards of simplicity, and passionately dedicated to the user experience. Invoicebus is a great vehicle to express what we do best. Click here to learn more on our business philosophy and how we actually do it.

| Twitter | Facebook |

The post Sleep tight, your data is secure, part 2 – Password Storage Security appeared first on Garage.