[SlashZot <dj@delorie.com>] Spambot Poisoner

[SlashZot <dj@delorie.com>] Spambot Poisoner

[Tom Tromey]

Anybody see this?
The site was down when I tried to connect.

I wonder if it would be easier to simply reject spambots.  It seems
like if this program is to work it would have to be able to detect
them.

Tom
------- Start of forwarded message -------
Date: Thu, 23 Nov 2000 13:00:10 -0500
Message-Id: <200011231800.NAA25687@delorie.com>
To: slashzot@delorie.com
From: SlashZot <dj@delorie.com>
Subject: Spambot Poisoner
Reply-To: slashzot@delorie.com
Content-Type: text

Spambot Poisoner

[1]halfelven writes: "[2]Sugarplum, the anti-spambot fighting
machine, is out! Quoting from their website: Sugarplum is an
automated spam-poisoner. Its purpose is to feed realistic and
enticing, but totally useless data to wandering spam-bots
such as EmailSiphon, Cherry Picker, etc. The idea is to so
contaminate spammers' databases as to require that they be
discarded, or at least that all data retrieved from your site
(including actual email addresses) be removed." I've seen
this sort of thing before, but I just figured it's a fun
thing to chat about on a holiday. It would be cool to put
this on Slashdot some time: I bet I'm not the only Slashdot
reader whose email address has been slurped.

    <URL: http://slashdot.org/article.pl?sid=00/11/23/162232 >
[1] <REF: mailto:florin@linuxstart.com >
[2] <REF: http://www.devin.com/sugarplum/ >


This is an automated posting to slashzot@delorie.com
See http://www.delorie.com/listserv/ to be removed.

------- End of forwarded message -------

Re: [SlashZot <dj@delorie.com>] Spambot Poisoner

[Jason Molenda]

On Thu, Nov 23, 2000 at 12:05:54PM -0700, Tom Tromey wrote:

> I wonder if it would be easier to simply reject spambots.  It seems
> like if this program is to work it would have to be able to detect
> them.


I have some stuff in the /www/conf/httpd.conf to attempt this.  There
is documentation about where I got the regexps.

Most tarpit style things work by having a link at the bottom of a
page to the cgi-bin script; the cgi-bin script (masquerading as
static content) serves up endless series of invalid e-mail addresses.

Unless great advances have been made, detecting a spambot is pretty
tough.  All you've got to work with are the user-agent headers provided
by the web client, and it's trivial for a spambot author to copy an
IE user-agent header and send that to the server.


But hey, who knows, maybe they're doing something even more clever.



J

PS- I thought the link on slashdot to the scanned in gutenberg
bible was far more interesting. :-)

Re: [SlashZot <dj@delorie.com>] Spambot Poisoner

[Andrew Cagney]

On http://sources.redhat.com/psim/ go to the bottom of the page and
click on the ``:'' in ``Mailing lists :''.

Hopefully you'll find your way back out by Monday :-)

	Andrew

[SlashZot <dj@delorie.com>] Spambot Poisoner

[Tom Tromey]

Anybody see this?
The site was down when I tried to connect.

I wonder if it would be easier to simply reject spambots.  It seems
like if this program is to work it would have to be able to detect
them.

Tom
------- Start of forwarded message -------
Date: Thu, 23 Nov 2000 13:00:10 -0500
Message-Id: <200011231800.NAA25687@delorie.com>
To: slashzot@delorie.com
From: SlashZot <dj@delorie.com>
Subject: Spambot Poisoner
Reply-To: slashzot@delorie.com
Content-Type: text

Spambot Poisoner

[1]halfelven writes: "[2]Sugarplum, the anti-spambot fighting
machine, is out! Quoting from their website: Sugarplum is an
automated spam-poisoner. Its purpose is to feed realistic and
enticing, but totally useless data to wandering spam-bots
such as EmailSiphon, Cherry Picker, etc. The idea is to so
contaminate spammers' databases as to require that they be
discarded, or at least that all data retrieved from your site
(including actual email addresses) be removed." I've seen
this sort of thing before, but I just figured it's a fun
thing to chat about on a holiday. It would be cool to put
this on Slashdot some time: I bet I'm not the only Slashdot
reader whose email address has been slurped.

    <URL: http://slashdot.org/article.pl?sid=00/11/23/162232 >
[1] <REF: mailto:florin@linuxstart.com >
[2] <REF: http://www.devin.com/sugarplum/ >


This is an automated posting to slashzot@delorie.com
See http://www.delorie.com/listserv/ to be removed.

------- End of forwarded message -------

Re: [SlashZot <dj@delorie.com>] Spambot Poisoner

[Jason Molenda]

On Thu, Nov 23, 2000 at 12:05:54PM -0700, Tom Tromey wrote:

> I wonder if it would be easier to simply reject spambots.  It seems
> like if this program is to work it would have to be able to detect
> them.


I have some stuff in the /www/conf/httpd.conf to attempt this.  There
is documentation about where I got the regexps.

Most tarpit style things work by having a link at the bottom of a
page to the cgi-bin script; the cgi-bin script (masquerading as
static content) serves up endless series of invalid e-mail addresses.

Unless great advances have been made, detecting a spambot is pretty
tough.  All you've got to work with are the user-agent headers provided
by the web client, and it's trivial for a spambot author to copy an
IE user-agent header and send that to the server.


But hey, who knows, maybe they're doing something even more clever.



J

PS- I thought the link on slashdot to the scanned in gutenberg
bible was far more interesting. :-)

Re: [SlashZot <dj@delorie.com>] Spambot Poisoner

[Andrew Cagney]

On http://sources.redhat.com/psim/ go to the bottom of the page and
click on the ``:'' in ``Mailing lists :''.

Hopefully you'll find your way back out by Monday :-)

	Andrew