Can spam robots scan PHP pages for email addresses? [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 7 years ago.

I have a PHP contact form with captcha, for the purpose of trying to limit the spam I get. Within the PHP code I have the actual email address that the form information gets sent to written in the code.

My questions is can spam robots that trawl the web for email address pick up an email address that is written in PHP?

It isn't displayed on the web page in HTML. When I look at the source of the page I can't see the email address. Even saving the page to my hard drive doesn't reveal the PHP code.

Thanks for your help

Answer 1

No. The PHP code can never be read by any client. It lives and executes on the server side.

All php blocks get executed on the server side and only the results are sent to the client. Be careful about debug messages, you should generally turn off debug messages on a live site. The result produced by the server is all anyone can see, unless of course someone has compromised your server.

Answer 2

No - when the PHP file is served up using your HTTP server its rendered into HTML

Answer 3

No. The bots see the same content your browser does.

Answer 4

The email address is stored in Server Side Code (php).

When the page is accessed, the page will generate the Client Side Code (HTML).

The bots (like users) can only read the Client Side Code via a browser.

The only way they would be able to see the email address is to view the source of the Server Side Code (PHP) by accessing the file directly. Eg Via FTP to the PHP source.

Answer 5

The robot cannot scan (except from system internals), but it does not mean your email will not be spammed.

Some span, however, can discover never used email address by many ways. (e.g. sold my ISP..)

Answer 6

TL;DR

No.

Longer

As long as your code runs properly and the e-mail is never echoed your e-mail is safe. If for some reason your PHP interpreter malfunctions, or is not properly configure, and the source code is served as is, the e-mail will be there for anyone to read.

Answer 7

No. This is basic server side/client side mistake. In short, PHP is executing on server (server side language) and returning HTML as response to the web client. If there is no email in HTML, then you are partly safe.

I say partly, since captcha is nothing to spam bots. For example, look at this website: http://www.deathbycaptcha.com/

They offer captcha solving API, for $1,39 for 1000 captchas. Today, captcha is nothing to spammers. But, it will reduce number of spam. Probably best answer is to filter email (by using gmail for example).