|
-
March 14th, 2005, 07:56 AM
#1
Spam bot traps of any real purpose?
Ok as we do not have an actual 'spam' forum I guess this forum's description is closest as we are talking about software designed to be intrusive by invading your email inbox.
Now we are all aware of email harvesting bots which are commonly used by spammers to build up databases of emails which can then be targeted for spam.
In an attempt to combat this spiders/bots some people have been creating bot trap scripts which basicaly have the same main function
- Bot arrives at site
- If spam bot ignores robots.txt file and begins scaning site
- If 'good' bot (such as google bot) reads robots.txt file and avoids bot trap
- Spam bot follows hidden link to bot trap
- Bot trap script generates list of fake email addresses for spam bot to harvest
- Script generates link back to self (with different filename) causing bot to get stuck in a loop
so the bot stays there harvesting fake email addresses and therefore in theory ruining the spammers database
now there is 2 problems I see with this
1. As the spammers will prolly be using zombie machines (or something similar) to send out the pam and will also be using a fake reply address they are not going ot be worried about emails failing. So is this actaully being counter-productive as the spammer will be sending out additional traffic which in reality will be going nowhere
2. Could the spammer not very quickly check the emails harvested to ensure that the domains actually exsist and simply scrap those which dont. eg if the script generated a random email of akldha@dhqwe8.co.uk the spammer could check the domain, see it doesn't exsist and then know the email is a fake
so whats your views on this? bot traps - effective weapon in fight against spam? or a nice diea that will never work?
v_Ln
-
March 14th, 2005, 08:26 AM
#2
If spam bot ignores robots.txt file and begins scaning site
Wouldn't it read it regardless to discover what is being hidden? You would have to have stronger logic than just reading robots.txt
if (read_robotstxt && VisitsItAnyways)
$bot="bad";
So is this actaully being counter-productive as the spammer will be sending out additional traffic which in reality will be going nowhere
That's a bad thing? Fill me in I'm confused.
2. Could the spammer not very quickly check the emails harvested to ensure that the domains actually exsist and simply scrap those which dont. eg if the script generated a random email of akldha@dhqwe8.co.uk the spammer could check the domain, see it doesn't exsist and then know the email is a fake
The Sendmail VRFY command can verify if an address is valid without sending anything to it, if that's what you mean.
I think what's more important is finding the IP address of the bot that ignored the robots.txt. They may be using a zombie, but they may also not be. Very interesting idea, very similar to what http://ghh.sf.net does with their honeypot. Has this been developed at all, or are these homemade scripts?
-
March 14th, 2005, 08:39 AM
#3
there are several diffeerent scripts out at the moment which do what I was describing. Some use a random sequence of letters/numbers to produce the email adddresses, while others use a dictionary file o that the email addys look more plausabile (problem with the 2nd method is there is a chance you may actually generate a reall address)
as for your other comment about recording the IP's of bots which ignore the robots.txt file I actually was reading an article about just that today - a guy has produced a script which not only records the IP of such bots but bans them from visiting the site
well take a look for it now..........found it 
http://www.kloth.net/internet/bottrap.php - quite a nice idea
oh and what i meant by
So is this actaully being counter-productive as the spammer will be sending out additional traffic which in reality will be going nowhere
is that these requests for accounts which dont exsist is using up bandwith which could be put to better use elsewhere
v_Ln
-
March 14th, 2005, 02:19 PM
#4
As the spammers will prolly be using zombie machines (or something similar) to send out the pam and will also be using a fake reply address they are not going ot be worried about emails failing.
Its not really counterproductive. The mail would be sent regardless of how many emails were collected. Since the domains and users don't exist, they'll be routed to /dev/null as where legitimate email to legitimate domains will eat up resources.
Would you rather feed auto generated fake emails to a bot and have 100% of those fail than having the bots scan legitimate mail lists and only fail 25% of the time? (Pulling numbers out of my a$$.)
If the spammers are getting less and less of success rates, it won't be worth it anymore. There will come a time where all the work put into it will not get them nearly as much money. They'll have to find a new scam.
I guess they can just compromise whole lists... like they Full Disclosure list?!
Talk about a gold mine there... not like most people would fall for a scam that is subscribed to a security related mailing list...
http://lists.netsys.com/pipermail/fu...ry/031562.html
http://secunia.com/advisories/14211/
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
March 14th, 2005, 03:45 PM
#5
valhallen, I'm just replying on the fly here, so if I miss a point or make a false assumption, please feel free to deride me as I know you all will. 
I don't necessarily see the usefullness in a self-referring script to keep the 'bot in a loop. That wastes your own resources, and as you pointed out, only generates extra traffic and uses cycles on what is probably a zombie the spammer has control of.
Mucking up their DB is an honorable goal, and as soda said the VRFY call will help a technically astute spammer (they have to be these days, to make any money at it) determine which addresses are valid. But the larger goal must always be to identify spammers and take the fight to them...either criminally, civilly (as in civil court action), or those two failing, 'physically' (hehe...not sure how to put that...but if your servers are identified as SPAM homes, you will be blocked, routed to /dev/null, dos'd, and probably hacked to oblivion, depending on who has the info.)
I'm a supporter of Project Honey Pot, which is a pretty cool take on the whole thing. They do something similar on a lowkey scale. Basically, you have a scripted page on your site...they support most active content languages...that is hidden, as valhallen described. No human-visible links to it or anything, just links hidden by div tags, comments, etc. When this page is accessed, it generates a unique email address...a VALID one...and then tracks messages that come from that address. They correlate the IP of the spambot and the (reported) source of the spam that arrives for that address. Very cool stuff. You can see their example of the script output here. As you can see, it's all very nice and legal looking.
I am not familiar with the practices or scripts valhallen described, but this one I've presented seems to be more effective.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
