Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 What Triggers http:BL DB Entry?
Author: J.Yard2   (29 Apr 07 5:17pm)

71.97.248.90
This IP addresses has been seen by at least one Honey Pot. However, none of its visits have resulted in any malicious messages yet. Its possible that this IP is just a harmless web spider. If you know something about this IP, please leave a comment.

First Seen: 2 Weeks Ago
Last Seen: Within 1 Week
Sightings: 36 Visit(s)

http:BL Reuslt: 216.250.187.1 (not in the database)
 
 Re: What Triggers http:BL DB Entry?
Author: W.Keeley   (4 Sep 07 9:12pm)
This is the way I understand things:

When a visitor loads a honeypot webpage, the honeypot script generates unique, one-time email addresses that is displayed only to that visitor at that specific time. The email addresses generated are than put into a database and are associated with the visitor's ip address and the time of visit.

If a spam is sent, the email server looks up the email address to which the message is directed and finds the associated visitor's ip address. Once this information is looked up, the visitor's ip address is then blacklisted and the ip address of the computer sending the spam is then associated with the ip address of the visitor.

The ip is only added to the suspicious list if it visits the separate honeypots of different Project Honeypot members. That way, no member can get his or her ip address listed for simply doing a test visit to his or her honeypots (no matter how many he or she controls).
 
 Re: What Triggers http:BL DB Entry?
Author: M.Prince   (5 Sep 07 7:10am)
That's basically exactly right.

We do some other checks for IPs labeled "suspicious." But generally, in order to be included on the http:BL, you need to either have harvested an email address that is subsequently sent to, or posted to a trap form hidden on a honey pot.

Going forward, we're thinking of additional ways in order to more quickly move IPs that we see visiting honey pots into the suspicious category. This may include using third-party data. In some cases, we may decide that third-party data alone is sufficient to list an IP as suspicious, even if we haven't seen the IP on our network of honey pots ourselves.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email