Message Board

Bugs & Development

Possible idea for future?

Author: D.Repia (13 Jun 06 1:21pm)

Hi there,

At the moment, the honeypot pages generate a random e-mail address, if anything sends stuff to that e-mail address then it's obviously a havester of some kind.

However, over the past few months I've noticed that an increasing amount of spam is coming though my website contact forms.

The idea? have form based honey pots. If a robot posts data back to the form to the honeypot page, all of the details are sent back to the project. I think the statistics that come from something like this would be very interesting.

Re: Possible idea for future?

Author: M.Prince (21 Jul 06 5:33pm)

I think this is a great idea. Some of our developers have been involved in the blogspam conferences that have been hosted by Google and Technorati. We floated this idea at those some time ago. The biggest concern at the time was that blog spammers appeared to be targeting specific installations of blog software... looking, for example, at mt-comment.cgi (or whatever the comment module for Movable Type is called these days).

I think that's changed somewhat, and the blog spammers are seeking a wider array of targets. In order to put a form on the honey pot we'd need to rearchitect the underlying honey pot code. Designing v.2 of the underlying script is something we're definitely working on right now. However, since we've got scripts installed on tens of thousands of websites around the Internet, and since some of the scritpts were written by volunteers in languages we don't know (SAP Netweaver?!), we're going to need lots of help when it comes to moving from the v.1 script to the v.2 script. But, as soon as we do, lots of things like this idea will become possible.