Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 CGI alliasing
Author: K.Kirkpatrick   (10 Feb 05 8:20am)
Honeypot is not the first site I visited while searching for a means of defending my own site against bots. It seems to me that it is a superior strategy for actually forcing change in law to recognize spam as network intrusion, and theft of storage and bandwidth.

One site I recently visited suggested assigning an extension type other than CGI to the file link noting that many bots will avoid cgi files. I am restricted to use of named /cgi-bin/ as the location of my script files, however, I am free to change the extension, and to assign an allias extension to be used AS a cgi file.

The honeypot docs are very specific as to changing the name of the file. They do not as far as I've been able to determine differentiate between the file name and the extension (doctype).

My question is this...
My Perl is set up to run an additional file extension as if it were .cgi.
is it acceptable to use an alternate file extension so long as the file name itself is unchanged?

example.abc Verses example.cgi
 
 Re: CGI alliasing
Author: M.Prince   (10 Feb 05 12:21pm)
We originally were somewhat draconian about the extensions. However, we loosened that restriction and you can now change it to .abc or whatever works on your machine.

Moreover, you can use a mod_rewrite rule to point something looks like a static page. You can also hide the fact that the script is inside the /cgi-bin directory. I'm not a mod_rewrite expert, and you can find more info here:

http://httpd.apache.org/docs/mod/mod_rewrite.html

However, assuming you are running Apache, I think something like this in your .htaccess file will work:

RewriteEngine On
RewriteRule ^blahblah\.html$ /cgi-bin/hpot.cgi

Again, that may not be exactly right, but hopefully it gives you the gist.
 
 Re: CGI alliasing
Author: K.Kirkpatrick   (10 Feb 05 4:26pm)
Well, thank you very much for the prompt reply and the good news.
I'll check out the link, and if I understand it correctly, it seems to do exactly what I'm trying to do.
Speaking of draconian... I'm very grateful for the model template and the TOS text posted here. I combined it with some ideas I already had and hope shortly to own several firstborn sons or the offenders.

I've found a couple of legal references on third party benificiary to a contract and I think I've got something set up which will give me some leverage over the harvester's provider as well as the harvester himself.

I've included a warning page for human users who might somehow manage to find the 1x1 webbugs salted through the site, and an explicit warning to the bot owner on seperate pages which don't reside in my HTML folder, so the chances that a human user... well, there is one in every crowd isn't there.

robots.txt is all set up, and the robots metatag... I'll be using the email harvester metatag suggested as well.

Got a couple more things to set up, including a cute Honeypot graphic... which I will definately send you fine folks a link to.

...and I'll be back to ask more silly questions after I'm done digesting all of this....



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email