Author: N.Martin2 (27 Jul 09 8:57am)
It is not clear to me how your form traps work, since it appears that my own honey pot only generates the harvester traps (is it possible, by the way, for my honey pot to do both? Or to choose which type of trap it is?) ... do the forms encourage, for example, multiple attempts? Or are there multiple forms available for submission from the same honey pot page? My observation has been that these dynamic IPs invariably incriminate all or several of their counterparts at once, if given the chance. It would be unfortunate if the current system is not capable of identifying that several IPs at once are associated with "bad event(s)."
Also, it may not be clear what I meant by "dynamic IP." I believe that, in most circumstances, dynamic IPs change each time a legitimate user connects to their ISP, not each and every time they load the page on a Web site. My observations have shown that these bots are using a different IP for each time they attempt to submit spam through the forms ... within a matter of (sub)seconds, and submitting the same data, including dynamic form field names which should be unique to every visitor and every visit. Additionally, as an example, the last instance I have observed showed an attempt first from an IP address in the US, then from India, and finally from Japan. This does not sound like a legitimate pool of IPs that would be used by a legitimate user through a legitimate ISP.