Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

Honeypot for spam harvesters

In case you didn’t know, a ‘Honeypot’ is usually a site, server, a page, sometimes even a network that is configured to draw the low-life, maggot-bearing flies that are spammers. In doing so, those setting the trap record the spammer’s IPs and user agents so they can be blocked, thwarted, poison, and other things spambots and spybots deserve.

Mark Pilgrim showed us a version of one such Honeypot in his oft-quoted article, “How to block spambots, ban spybots, and tell unwanted robots to go to … ” … er … h-e-double-hockey-sticks. In the article, Mark shows us how to set up a page to snare those bot’s that ignore or abuse the Robot Exclusion standard. He then adds offenders to a growing .htaccess file to deny the pests access to his server.

That was back in February. Almost half-a-year later, Merlin Mann at kung fu grippe shows us another ingenious catch and destroy method in his article entitled Honeypot for spam harvesters (now officially Project Honey Pot). Similar to an anti-spam technique for those leaving comments on blogs and bbs’ where one uses a throw-away email address built on the name of the blog and the date (e.g. hycw-21jun03@…), this article gives us a very simple PHP techinque to give spam harvesters what they want, an email address.

Only the address they get is THEIR (the spammer’s) IP address and date sent back to them. Concurrently, the Honeypot records the IP, time and user agent to whom the address was distributed. If and when spam comes in via the harvested address, you have enough information to complain upstream, and to block that particular user agent and/or IP in the future. Pure genius I tell you!

One caveat that the article offers, that I entirely agree with — use a throw-away domain name. Which I have. Hmmm .. perhaps a site with more than one technique? (what you don’t hear right now is the evil laughter billowing through the basement of my house !-)

Comments are closed.