Author: E.Geier (5 Aug 12 6:58am)
I can fully confirm B.Strater's observations, regarding CDN services like Cloudflare and Incapsula:
1. The e-mail address wouldn't be unobfuscated anymore. Maybe R.Trappman6's advice helps here for Cloudflare, but Incapsula even does not support such exceptions. However, Incapsula do not seem to obfuscate e-mail addresses yet, but may offer this in the future.
2. The trap would catch the wrong IP address, as recently has happened to me, see my comment on https://www.projecthoneypot.org/ip_199.83.132.2
This leads to all such CDN IP addresses being blocked soon as suspected to be harvesters or comment spammers. As these IP addresses will never ever be "visiting" any website, they would be unnecessarily blocked, and in the worst case nobody can visit sites behind it any longer or are presented with a CAPTCHA all the time...
The traps should be reworked to cover for this, e.g. by using not REMOTE_ADDR alone, but also HTTP_X_FORWARDED_FOR and other HTTP header information as appropriate.
Post Edited (5 Aug 12 7:22am)
|