Message Board

Tracking Harvesters/Spammers

Older Posts ]   [ Newer Posts ]
 Input to IP lists
Author: P.Payzant   (30 Dec 09 3:18pm)
I'm wondering how an IP gets into the lists of baddies. I can query the lists using the http:BL mechanism (and I am, and it's working just fine), but when I get spammed by some IP which isn't in the database, it appears that there is no way for me to report the spammer.

I wonder how Project Honey Pot gets their data, if their users can't contribute. Or am I missing something here?
 
 Re: Input to IP lists
Author: L.King   (31 Dec 09 10:41am)
Reading the FAQ

"What is http:BL?
Http:BL is a way for website administrators to take advantage of the data generated by Project Honey Pot and keep malicious or suspicious IPs off their websites. The service works by publishing DNS records for IPs we have seen conducting suspicious or malicious behavior online. Website administrators can then use this data in order to restrict access to their web servers for these IPs."

Somewhere I read that the Http:BL includes only results of Honey Pots to "maintain the data validity in the database."

"Is this another DNSBL for mail servers?
No. Http:BL reports on IP addresses used by harvesters, comment spammers, and other suspicious robots visiting web pages. It does not include the IP addresses of the mail servers used by spammers. There are lots of great mail server DNSBLs out there, including those maintained by Spamhaus, SURBL, Spamcop, etc. We are not trying to recreate the wheel."

This would suggest that you are not using the Http:BL as intended.
 
 Re: Input to IP lists
Author: P.Payzant   (31 Dec 09 11:53am)
"This would suggest that you are not using the Http:BL as intended."

Um, is it possible that you misunderstood my post?

I'm using it exactly as instructed, and it's working. I was just wondering a) how IP addresses get into their list, and b) how I can contribute to their list when I get spammed by an IP which is not currently in the list.
 
 Re: Input to IP lists
Author: L.King   (31 Dec 09 1:00pm)
I see the confusion. You are accessing the Http:BL correctly, your getting a response. What I meant was that you may not be using the information as intended.

I believe the intent of the BL is to give you information to 'block harvesters, comment spammers, and other suspicious robots visiting' your web pages to prevent them from collecting email addresses to add to their spam list.

What I implied from your OP was that you were checking incoming emails agents the Http:BL and identifying spam sources that were not on the BL. My error.

In response to your questions, my understanding is:

a) By harvesting an email address from a Honey Pot and then sending an email to that address, PHP takes that as 'suspicious' activity and add the address of the harvester to the Http:BL.

b) Again the Http:BL does not contain addresses of the sources of spam (which is all you can get from the spam itself) which are often zombies anyway. Http:BL does contain the addresses of the tools used by spammers to collect email addresses i.e. the harvester bots that visit web pages looking for email addresses.

Post Edited (1 Jan 10 1:07pm)
 
 Re: Input to IP lists
Author: M.Prince   (3 Jan 10 3:57pm)
We don't have a mechanism for individuals to contribute data they collect themselves back to Project Honey Pot at this time. We do work with a very limited set of trusted partners in order to supplement the data gathered by our own honey pot network. For most individuals, the best way to contribute back to the Project is to install a honey pot and link to it extensively throughout all the sites that you own.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email