Stopping SpamBots With Apache Part II 15
primetyme writes: "To address some of the concerns brought up in the first article about stopping email harvesting spambots with Apache, I've written a follow-up article that details even more methods to keep email-sucking bots off your Apache based site.
Stopping Spambots II - The Admin Strikes Back continues the epic saga that pits Spambot vs. Administrator."
Stopping Spambots II - The Admin Strikes Back continues the epic saga that pits Spambot vs. Administrator."
Restarting the server? (Score:3, Interesting)
Also, this approach would easily block legitimate dialup users, and more problemaically - proxies. If the spambot is behind a proxy, you would block the entire user base of that proxy.
Maybe an X-Forwarded-For based approach? However, that is easily bypassed.
Re:Restarting the server? (Score:3, Insightful)
Re:Restarting the server? (Score:5, Interesting)
A better way to do it is by writing (using?) an Apache module that does the logging in memory with no costy reloads or restarts.
However, this still does not prevent the proxy and dialup problems illustrated above. Also, you won't catch spambots that don't use robots.txt to find addresses.
Another improvemnt will be to deny addresses the moment they ask for robots.txt while identified as "Mozilla" user-agent, and to detect clients that do a websuck without requesting robots.txt first and deny them as well. You can detect a websuck by posting a "hidden" link in a place normal users won't see and stop any IP that requests it.
Re:Restarting the server? (Score:2, Informative)
Re:Restarting the server? (Score:2, Insightful)
Order by deny,allow
deny from spammers.ip.address.here, another.spammers.ip.address
allow from all
will _probably_ do it (ie this is an untested example!)
my favorite tactic (Score:1)
Re:my favorite tactic (Score:1)
Re:my favorite tactic (Score:4, Interesting)
My trick... (Score:4, Interesting)
If the client is detected as a robot, or the detection fails, the address is displayed as a randomly named graphic.
If the client is not detected to be a robot, then just a light entity encoding (which I change from time to time) is applied to the address, which is displayed as a mailto link.
Re:My trick... (Score:2)
I just have one e-mail address on my honeypot page, when you send an e-mail to that address it triggers a script that firewalls the sending IP with iptables/ipchains/ipfw (depending on the server) and logs it. Makes it easy to find open relays and spamhaus servers.
My technique... (Score:1, Informative)
apache module (Score:2)
Cookies (Score:1)