Security and privacy

 
 
Carla Beard
Email addresses and bots
 

We want to list all our teachers on a Moodle page that people can see as guests. We want to make clickable "mailto" links to enable parents to contact teachers easily. The email addresses themselves will not be visible.

Here's the question: if the page is open to guests, will bots be able to harvest the email addresses by reading the code?

Thanks!

 
Average of ratings: -
Gmads
Re: Email addresses and bots
Group Particularly helpful MoodlersGroup Testers

Yes they will.

Eventhough there are many possible solutions, for example, you could use a robots.txt file (but many bots ignore it) or you could use some JavaScript, I think the real issue is not if bots can get the addresses, but that *anyone* arriving at the site will be able to do so!

User's info should always be secured and protected. If I had to do it, I would definetely require parents to login in order to access these links.

Actually, if your Moodle is configured to show the list of courses in the main page (once logged in), and also configured to display the teacher's name under the course, then you don't need to create a list page. Usually parents only want to address their kids' teachers.

Cheers!

 
Average of ratings:Useful (1)
Picture of Denetta Albrecht
Re: Email addresses and bots
 

I understand this thread was started prior to 2.0, but I have the same issue as Carla mentioned above. And let me preface that I am a VERY novice user. I am running 2.4.3 version on a mac server typically via firefox, safari, or chrome browsers.

1. With the upgraded 2.4.3 is there a way to protect teacher's emails from harvesting while still being open to the public. I've read in older versions about adding java script to mask email addresses. I've found some code and copied and pasted it into the html source editor pop up box (see code below). It applies the changes initially, but the minute I open the editing again the code is gone. I've read that 2.0+ requires additional code with java now, but what I've read is "Greek to me." Any suggestions or help with the following code would be appreciated.

<script language="JavaScript">

var username = "[your_username]";

var hostname = "[your_mail_account_domain]";

var linktext = username + "@" + hostname ;document.write("<a href='" + "mail" + "to:" + username + "@" + hostname + "'>" + linktext + "</a>");</script>

2. If the above option is hopeless to accomplish what I want, can you point me to a thread discussing parent log in? I really don't want to assign all of my parents to an account. Currently, to see most of our MOODLE (besides actual courses), parents must log in as a Guest. Will this level of log in satisfy your previous suggestion of protecting teacher's emails or is more required?

3. Finally, neither of these above avenues address how to protect teacher emails while providing a "mailto" list from the menu. My admin really wants me to include this feature. Any suggestions on a solution to protect their email (like the java) or compromise to the problem?

Thank you!

 
Average of ratings: -
Picture of Alan Hess
Re: Email addresses and bots
Group Particularly helpful Moodlers

Hello

You could try putting the javascript code in a separate linked file. Sample attached as upload.

e.g. Insert this line with the editor

<script language="JavaScript" src="http://[path]/maillist.js"></script> 

Problem is that you'll have to find out the 'path' by uploading the 'maillist.js' file as 'a file', click on the link to find the path as URL and modifiy in the original doc. You can hide the maillist.js link afterwards.

It does work, but a pain to setup.

Best of luck

Alan

 

 
Average of ratings: -
Gmads
Re: Email addresses and bots
Group Particularly helpful MoodlersGroup Testers

Hi Denetta,

As an admin I've never favored anonymous logins (under any circumstance) and eventhough it represents extra work, parents should have their own account. Having said that, one solution would be to create a generic "parent" user and enrol that user as a student into an empty "communication" course where only the emails would be listed. You would need to send each parent the username & password of this generic account.

Actually, to avoid having to list emails, I would only list links to the Send message address (e.g. "http://example.com/message/index.php?id=3") of each teacher. If you do not want to do this extra work, you could then assign all teachers to this "communication" course. This way parents would only need to click on the teacher's name to display their profile and then click on the Send a message link that appears at the bottom.

 
Average of ratings: -