- Joined
- Sep 11, 2002
- Messages
- 1,495
- Reaction score
- 0
Ok. So I've just finished developing a fairly bulletproof scheme for protecting whois output from data miners, for sites that display whois. The output data is essentially encrypted into gibberish, that requires a special function to decrypt it (this function is included in a javascript include).
Both the manner of encryption and the function that decrypts it, mutate in tandem, so that there is no standard means of "decrypting" the data, as the methodology mutates once each time someone views the output. To the casual observer, the results show as nicely formatted HTML, but looking at the source code, only shows a pile of gibberish being run through a function.
For instance, one mutation might make:
"DNforum.com - The Place to Talk Domains"
Look like this:
"KuK1@MS=ItPsK=Lg{tSm.0&JGvLrH1LdLKn4>Pu[LMnuH=rdLunQ<2P5GuLsWtPe{L<1oqzz"
Likewise, Whois output like this:
[quote]Registrant:
MONKEYMOJOmedia, Inc. (MONKEYMO-DOM)
23445 122nd Ave SW
Bellevue, MA 56566
US
Domain Name: MONKEYMOJORAMA.COM
Administrative Contact:
Smedley, Bruce (1481420I) [email protected]
23445 122nd Ave SW
Bellevue, MA 56566
US
(888) 555-5864 fax: (888) 555-0898[/quote]Would look like this in the HTML source (without carriage returns):
Given the mutating nature of the function to decrypt, and the output itself, my bet is that dataminers wouldn't really want to bother trying to mine from a whois site like this. But, I guess the question is (if no other exceptions come up for anyone), would miners use "manual" methods of stealing data, such that implementing a function that replaces e-mail addresses with images would be required (the kind of method that Whois.sc uses)? I'm trying to avoid using that method if possible, as it enforces certain server requirements I'd rather avoid. I'm creating a commercial whois solution and I'd like to have as few requirements as possible.
Outside of that, I'm considering "flood" controls, etc. The easiest "protection" is definitely requiring users to "register" to use the tool... but that's not for most casual users, as it raises privacy concerns (unless its in a forum environment like this one, where this type of protection is already part of the site). Also, I do not necessarily want to RESTRICT people from creating outside links to whois data, and thereby FORCE them to ONLY make queries from my homepage (or not use the tool at all).
So, again... the question is... is client-side data encryption more than likely enough to prevent "mining", or is it likely miners will manually copy & paste results from the page, or use some automated tool to do so? Is "image: replacement the most sure means (esp. used alongside the method above)? The more I think about, it may well be much to easy to create a tool to sneak around my method (using the PC clipboard).
~ Nexus
Both the manner of encryption and the function that decrypts it, mutate in tandem, so that there is no standard means of "decrypting" the data, as the methodology mutates once each time someone views the output. To the casual observer, the results show as nicely formatted HTML, but looking at the source code, only shows a pile of gibberish being run through a function.
For instance, one mutation might make:
"DNforum.com - The Place to Talk Domains"
Look like this:
"KuK1@MS=ItPsK=Lg{tSm.0&JGvLrH1LdLKn4>Pu[LMnuH=rdLunQ<2P5GuLsWtPe{L<1oqzz"
Likewise, Whois output like this:
[quote]Registrant:
MONKEYMOJOmedia, Inc. (MONKEYMO-DOM)
23445 122nd Ave SW
Bellevue, MA 56566
US
Domain Name: MONKEYMOJORAMA.COM
Administrative Contact:
Smedley, Bruce (1481420I) [email protected]
23445 122nd Ave SW
Bellevue, MA 56566
US
(888) 555-5864 fax: (888) 555-0898[/quote]Would look like this in the HTML source (without carriage returns):
Code:
<script>document.write(o('U0c5eGMybHFhRDVrYWpvTkNsZEZSRlZQZTFkRlZFV
jNiMjV6UGl4QlUyUThXa0VvVjBWRVZVOTdWMFV0VGtWWEtRMEt
Nak0wTkRWQk1USXlaRzVCSUd4dlFVbE5EUXA5YjNaMmIyeHJie
XhCVnlCQk5UWTFOallOQ2t0SkRRb05DazVsZHo1elpFRkVQbmR
2T2tGWFJVUlZUM3RYUlZSRlNDQlhJRm9sUlZjTkNnMEtJRzUzY
zJSemFXcG9QbXB6Ykc5QkpXVmthajQ4YWpvTkNrbDNiMjUyYjF
zc1FYMW9henh2UVNneE5EZ3hOREl3VXlsQlFHaHJQRzlpZDJWa
2RXOWJhWEp6Wkc5YVBHVjNEUW95TXpRME5VRXhNakprYmtFZ2J
HOUJTVTBOQ24xdmRuWnZiR3R2TEVGWElFRTFOalUyTmcwS1Mwa
05DaWc0T0RncFFUVTFOUzAxT0RZMFFYQStKanBCS0RnNE9DbEJ
OVFUxTFRBNE9UZz0='));</script>Outside of that, I'm considering "flood" controls, etc. The easiest "protection" is definitely requiring users to "register" to use the tool... but that's not for most casual users, as it raises privacy concerns (unless its in a forum environment like this one, where this type of protection is already part of the site). Also, I do not necessarily want to RESTRICT people from creating outside links to whois data, and thereby FORCE them to ONLY make queries from my homepage (or not use the tool at all).
So, again... the question is... is client-side data encryption more than likely enough to prevent "mining", or is it likely miners will manually copy & paste results from the page, or use some automated tool to do so? Is "image: replacement the most sure means (esp. used alongside the method above)? The more I think about, it may well be much to easy to create a tool to sneak around my method (using the PC clipboard).
~ Nexus
