Heal Your Church WebSite


Teaching, rebuking, correcting & training in righteous web design.

Variation on the HoneyPot theme :: the Looback

Kung Fu Grippe’s (KFG) “Honeypot for spam harvesters” got me to thinking. In the past, I’ve often added a loopback email address on a contacts page so that dumb spambots that harvest and email on the fly will send a copy to whomever is hosting the spammer’s operations. That address would be abuse@[127.0.0.1]. Which is okay up until you get into the world of hijacked servers, open SMTP relays and or spambots looking for the well known IP looback address of 127.0.0.1.

So taking some ideas from KFG’s article, I created a bit of PHP that will look up the domain of the spambot/spybot and create and email address for their abuse administrator, such as abuse@verizon.net. Here is how I do it

$GLB_Loopback;
function GetLoopback() {

    global $GLB_Loopback, $REMOTE_ADDR;
    if($GLB_Loopback) return $GLB_Loopback;

    $loopback = gethostbyaddr($REMOTE_ADDR);
    if($loopback && $loopback != $REMOTE_ADDR) {
     $levels = explode(“.”, $loopback);
     $ubound = count($levels);
     if($ubound – 2) $loopback = $levels[$ubound-2].’.’.$levels[$ubound-1];
    } else {
     $loopback = “[$loopback]“;
    }
    
    $GLB_Loopback = ‘abuse@’.$loopback;
    return $GLB_Loopback;
}

Here is how I add it to my church’s contacts page. I created a 1×1 transparent .GIF file, then put it on a place on the page where no normal human would suspect. You can view the source to see how your results vary:

<a href=”mailto:<?php echo GetLoopback(); ?>” title=”"><img alt=”" src=”/graphics/email.gif” width=”1″ height=”1″ border=”0″ /></a>

Coming up next … for those of you getting cross-eyed with all the hyper-tech … simple site reviews … I swear (well, not really!-)

3 Comments

  1. Go, man, go!

    I’ll give this a try.

    Many thanks.

  2. It’s a good idea, but what’s to stop the spambot from ignoring abuse@*.com?

    Sorry about being pessimistic, but I don’t think a single solution will ever work…the bots will just learn to work around them. It’s sort of like the penicillin problem – it doesn’t work as well as it used to because the bacteria have adapted to it.

  3. Jesse asked the question that came to my mind: “what’s to stop the spambot from ignoring abuse@*.com?”

    I’ve tested various means of reverse-obfuscating the “abuse” portion of the address, with no success. Are there any characters which the mail-server will ignore that can be inserted into the address? For illustration, suppose the mail-server at mymail.com ignores the character “^”. Then I can insert that character into the address to get a^b^u^s^e@mymail.com (for example) to feed the ‘bot. So far, though, I haven’t found any character that will work.