Message Board

Newbie/Basic Questions

Two quick questions.

Author: J.Homuth (26 Sep 12 2:01am)

I just started not that long ago and already have a couple quickies. first: roughly how long does it take for either the honeypot or a spam trap email address to do something useful after initial setup? And second, after some digging, I saw where the user-specific RSS feeds are hidden. But it expects me to log in to make use of them. Is there a way around that, since the reader I use doesn't support anything that isn't HTTP auth, or am I kind of nackered?

Re: Two quick questions.

Author: H.User1325 (26 Sep 12 8:30am)

One at a time: "first: roughly how long does it take for either the honeypot or a spam trap email address to do something useful after initial setup? "

Short answer: <grin>It depends. </grin>
Longer answer: The road from adding links to your honeypot or quicklinks to someone else' honepot, to "doing something useful" has many steps, most of which we have little control over.

1. First a harvester must stumble onto one of the hidden links you have added to your web/blog pages. Of course you have provided them every opportunity to find a HP link.

2.The harvester has to follow the link to the HP. If the IP address used by the harvester does this often enough the IP address will be tagged as "Suspicious"

3. The harvester has to collect an email address from the HP page.

4. Assuming the harvester is a good business person, they will pass the email address to a spammer.

5. The spammer then must sends email (spam) to the collected email address. At this point "we" know where the email address was collected (#3 above) and by someone or something at which IP address (#2,#3).

As the harvester builds his reputation, his IP address is added to the black list which can be access by anyone through the HTTP: Black List service. I use the http:BL to prevent comment spammers from leaving comments on my websites.

As you can see not a short process. I seem to remember that it took several weeks for numbers to trickle down to "spam received" when I first installed a HP. I was a couple of months before I got an email stating that I had helped catch a harvester. If you have access to your system access logs it can be fun to track the process.

From your access logs you can see which IPs are accessing your installed honey pot. From that log entry you can see where they found the link to the HP. It can be useful to know which pages they visit and which hidden links seem to be the most effective.

Of course on your dashboard here you can see the count of harvester visits, email addresses issues and spam sent to those addresses.

One quickie at a time is all I can deal with. Welcome to the fight.

Lou

Re: Two quick questions.

Author: J.Homuth (26 Sep 12 10:37am)

Okay, that pretty aptly explains a thing or three for the HP. I'm assuming I'll be more likely to get a nibble or two on the MX I donated, once the thing passes muster? And, any thoughts on my RSS questions?

Re: Two quick questions.

Author: H.User1325 (26 Sep 12 12:36pm)

Did you make the MX public? I'm sure you read the info on the donate MX page. Sense you changed your DNS records to include an IP for your MX record, that is not controlled by your ISP/host you won't have anyway of seeing that traffic. But yes I would guess that a public MX donation would see a bit of traffic.

You are catching on that I am avoiding you RSS question. I'm just a user here too and I don't have a clue. I don't use the RSS here, mainly to control the stuff coming down the pipe trying to get my attention.

Lou

Re: Two quick questions.

Author: J.Homuth (26 Sep 12 12:48pm)

Yes, the MXs are public. I assume those stats update daily?