Stopping Spambots: A Spambot Trap 312
Neil Gunton writes "Having been hit by a load of spambots on my community site, I decided to write a Spambot Trap which uses Linux, Apache, mod_perl, MySQL, ipchains and Embperl to quickly block spambots that fall into the trap. "
1st Spam (Score:0, Informative)
Elements of good design I'd missed (Score:4, Informative)
Eliminate mailto - makes sense. You should have an http based "send me a message system" - force a live person to type stuff in instead of letting a program pick out addresses.
Eliminating mailto alone would probably help in mot of my spam problems (as I have my "contact me" address right on the first page).
Re:Elements of good design I'd missed (Score:2, Informative)
Take a look in the mirror (Score:5, Informative)
Superior Labs spambot_trap mirror [superiorlabs.com]
-Spack
A tip (Score:5, Informative)
Here's a tip for those of you writing spambot traps... How about not blindly responding to the faked Return-Path address?
Now that should be illegal. You people whine about your 10 spams a day, try 10,000 from 2000 different email addresses. Idiot postmasters should be caught and jailed.
he suggests formmail, another spam tool (Score:5, Informative)
formmail itself (even the most recent version) can still be abused by spammers to use your webserver as a bulk mail relay - see the advisory at [monkeys.com]o ry . df
http://www.monkeys.com/anti-spam/formmail-advis
It's a shame he didn't suggest the more robust formmail replacement at nms [sourceforge.net] which is maintained, and attempts to close all the known bugs and insecurities.
my spambot trap (Score:4, Informative)
script that traps bots (and others) that use your robots.txt
to find directories to look through. Requires an
robots.txt
#################
User-agent: *
Disallow:
Disallow:
Disallow:
dont_go_here/index.php
############
$now = date ("h:ia m/d/Y");
$IP=getenv(REMOTE_ADDR);
$host=getenv(
$your_email_address=you@whatever;
$ban_code =
"\n".
'# '."$host banned $now\n".
'RewriteCond %{REMOTE_ADDR} ^'."$IP\n".
'RewriteRule ^.*$ denied.html [L]'."\n\n";
$fp = fopen ("/path/to/.htaccess", "a");
fwrite($fp, $ban_code);
fclose ($fp);
mail("$your_email_address", "Spambot Whacked!", "$host banned $now\n");
Re:Block? Are you kidding? (Score:3, Informative)
From the website: Wpoison is a free tool that can be used to help reduce the problem of bulk junk e-mail on the Internet in general, and at sites using Wpoison in particular.
It solves the problems of trapped spambots sucking up massive bandwidth/CPU time, as well as sparing legitimate spiders (say, google) from severe confusion.
Other options.. (Score:4, Informative)
A pretty good article, but being able to install modules into Apache may not be the best situation for everyone who wants to stop Spambots..
Shameless plug, but I've got an ongoing series in the Apache section of /. that deals with easy ways that administrators *and* regular users can keep Spambots off their sites:
Stopping Spambots with Apache [slashdot.org]
and
Stopping Spambots II - The Admin Strikes Back [slashdot.org]
Just some more options and choices to help people out!
Re:Elements of good design I'd missed (Score:2, Informative)
I put my email address in a jpeg image. Haven't found a spambot yet that can decipher that.
But neither could blind internet users...
Add an alt tag that describes how to email you. Eg, "The first part of my email address is 'username' and the second part is 'host.com' - the two parts are separated by an '@' sign." I've been doing the jpeg thing for three years; works great.
Re:Block? Are you kidding? (Score:3, Informative)
However, the instructions for installating Wpoison more or less assumes that one has a single website to protect. I have around 20 virtual hosts. So instead of creating a renamed cgi-bin in every DocumentRoot, I added a single
ScriptAlias /runme/ "/var/www/cgi-bin/"
to httpd.conf and then linked it like this:
<A HREF="/runme/addresses.ext"><IMG SRC="pixel.gif" BORDER=0></A>
I also added a single transparent pixel to the link to keep it invisible but still fool the spiders. Add the runme directory as excluded in the robots.txt and you should be on your way. Muhahahah, and so on.
Re:Elements of good design I'd missed (Score:3, Informative)
Re:Block? Are you kidding? (Score:4, Informative)
<QUIET ON>
<html><head><title>Members area</title></head><body>
<p>Hello random visitor. There is a big chance you are a robot collecting mail
addresses and have no place being here.
Therefore you will get some random generated email addresses and some random links
to follow endlessly.</p>
<p>Please be aware that your IP has been logged and will be reported to proper
authorities if required.</p>
<DBOPEN "SpamFood", "localhost", "login", "password">
<FOR I=1 TO 100 STEP 1>
<SQL select * from names order by rand() limit 1>
<LET FN="$Name">
</SQL>
<SQL select * from lasts order by rand() limit 1>
<LET LN="$Last">
</SQL>
<SQL select * from addresses order by rand() limit 1>
<LET AD="$Address">
</SQL>
<a href="mailto:$FN.$LN@$AD">$FN.$LN@$AD</a> <br>
</FOR>
</body>
</html>
Problem with wpoison... (Score:3, Informative)
Re:Simple solution! (Score:3, Informative)
This seems to work fine (the window comes upo with the right email address in the to: line and the '[Question]' tag in the subject: line) in Netscape 4.76
and Lynx Version 2.8.3rel.1
and Mozilla 0.9.7, which implies Netscape 6.x, and Galeon will work as well, though I haven't tested these.
the danger of mailing lists.. esp. SuSE user list (Score:3, Informative)
Re:A better solution: obfuscate the mailto: link (Score:1, Informative)
Find it at: http://www.pgregg.com/projects/encode/htmlemail.p
A usable page for those without access to their own php aware servers as well as source code.
MIRROR MIRROR (Score:2, Informative)
Here's a Javascript that writes mailto: links... (Score:3, Informative)
http://artificeeternity.com/includes/linkwrite.
Instructions for use are included in comments. The script fragment that replaces mailto: links in the page will actually shorten your code -- it only requires entering the username and domain once. Also, the @ sign is added in by the script, so the address itself never appears in your HTML.
http://www.mailwasher.net/ (Score:3, Informative)
Build up the mailto with javascript (Score:2, Informative)
Javascript:
function sendmail()
{
var string = 'mail'
string += 'to:'
string += 'webmaster'
string += '@'
string += 'domain'
string += '.com'
open(string)
}
Usage:
<a href="JavaScript:sendmail()">webmaster</a>
This could be expanded to pass the values need to build up the email address.
Better Addresses To Feed Spiders (Score:3, Informative)
If you're not messing with DNS, though, there are lots of addresses that can cause trouble:
Teergrubes and other traps for spammers (Score:3, Informative)
And somewhere out there is a far nastier variant on a teergrube that can keep a typical smtp session up for hours with only a few kilobits/minute, using tricks like setting TCP windows very small, NAKing lots of packets so TCP retransmits them, etc. (It basically works by saying "No, SMTP/TCP/IP isn't a set of protocol drivers in my Linux kernel, it's a definition of a set of messages and there's no reason I should user a bunch of well-tuned efficient reliable kernel routines when I can send raw IP packets myself designed for maximal ugliness."