In the previous post I described a simple though effective method to get rid of the constantly cleverer spam email harvester bots.
I’ve made a little update on the algorithm, it now uses only 1 number for each character and uses a cascading incremental xor transform.
Python code for the algorithm itself:
def alphaicx(s):
ret = ""
cascvalue = 0
for i in range(0, len(s)):
ret = ret + chr(ord(s[i]) ^ cascvalue)
cascvalue = (ord(ret[i]) + 1) % 255
return ret
def betaicx(s):
ret = ""
cascvalue = 0
for i in range(0, len(s)):
ret = ret + chr(ord(s[i]) ^ cascvalue)
cascvalue = ((ord(ret[i]) ^ cascvalue) + 1) % 255
return ret
I designed the algorithm in Python. Python is great for that kind of stuff.
As you can see there are 2 functions, when you encode something with alphaicx you can decode it with betaicx, and visa versa. betaicx creates tougher code though. This encryption is pretty lousy, but hard enough to stop spam bots.
I’ve ported betaicx to PHP, and alphaicx to Javascript. The running example (very usefull though) has been updated.
The PHP/Javascript code for the function:
function JSBotProtect($text){
$cxred = "0";
$cascval = 0;
for($i = 0; $i < strlen($text); $i++){
$value = (ord($text[$i]) ^ $cascval);
$cxred .= "," . $value;
$cascval = (($value ^ $cascval) + 1) % 255;
}
return <<<EOF
<script type="text/javascript">var cxred=String.fromCharCode({$cxred});
var uncxred=""; var cascval=0;for(i=1;i<cxred .length; i++)
{uncxred+=String.fromCharCode(cxred.charCodeAt(i)^cascval);
cascval=((uncxred.charCodeAt(i-1))+1)%255;}document.write(uncxred);</script>
EOF;
}
I’ll more compact uncxred storage. Probable just normal hex, or when I can get it working BASE64.