Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 Attack on Spam Bot Harvesters
Author: J.Yard2   (5 May 07 12:45pm)
Project Honey Pot and especially the addition of http:BL is great. But it is predominantly passive.

I’m tired of playing defense and still having my inbox filled with spam.

I have launched an offensive attack against spam bot harvesters that visit my web site, feeding them hoards of randomly generated bogus email addresses to poison and diminish the value of their databases by infesting them with bogus email addresses. In the past 5 days I have distributed more than 330,000 such poison email addresses to potential spam bot harvesters.

My honey pot links go to an html file which does a server side include of the honey pot php and then also includes the following spam bot poison php script to deliver a hoard of bogus email addresses (poison) along with the honey pot. Also http:BL is utilized to insure known bots always get sent the honey pot and poison.

- Be on the offensive, fight fire with fire.
- They want email address, that's what I'll give them.
- Diminish the value of their databases by infesting them with hoards of bogus email addresses (poison).

<?php

// Valid Characters
$string = "abcdefghijklmnopqrstuvwxyz";

// Valid TLD's (Top Level Domains)
$a=array("com"=>"1","net"=>"2","org"=>"3","edu"=>"4");

// Random (min, max) Number of Addresses to Create
$j = mt_rand(2000, 4000);

for ($i = 1; $i <= $j; $i += 1) {

// Seed Random Number Generator
mt_srand((double)microtime()*1000000);

// Shuffle it up
$shuffle = str_shuffle($string);

// Get 5 to 10 random characters from the shuffled string
$RANDOM_NAME = substr($shuffle, 0, mt_rand(5, 10));

// Get 3 to 12 random characters from the shuffled string
$RANDOM_DOMAIN = substr($shuffle, 14, mt_rand(3, 12));

// Get random TLD
$TLD = array_rand($a,1);

print "<a href=mailto:" . $RANDOM_NAME . "@" . $RANDOM_DOMAIN . "." . $TLD . ">" . $RANDOM_NAME . "</a>";

/*
// This section optional.
// Filler between addresses.
$l = mt_rand(1, 9);
for ($k = 1; $k <= $l; $k += 1) {
$RANDOM_STRING = substr($shuffle, mt_rand(0, 18), mt_rand(3, 12));
print " " . $RANDOM_STRING;
}
/**/

print "<br>\n";

}


// Count number of addresses handed out
$CounterName = "Poison";
$root = "/data/www/<doman_name>.org/www.<domain_name>.org";

// Increment the counter
$filename = $root . "/access_logger/count.logg";
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);

$pair = split("\r\n", $contents);

$contents = "";

foreach ($pair as &$pairs) {

list($value, $name) = split("\t", $pairs);

if (strcmp($name, $CounterName) == 0) {
settype($value, "integer");
// $value++;
$value = $value + $j;
$hits = $value;
}

if (strlen($name) > 0) {
$contents = $contents . $value . "\t" . $name . "\r\n";
}
}

$handle = fopen($filename, "w");
fwrite($handle, $contents);
fclose($handle);

?>

Post Edited (5 May 07 1:04pm)
 
 Re: Attack on Spam Bot Harvesters
Author: J.Yard2   (12 May 07 6:44pm)
Giving a million BADdresses a week to harvesters along with my honey pot.

How many BADdresses are you giving them?

Post Edited (12 May 07 6:45pm)
 
 Re: Attack on Spam Bot Harvesters
Author: S.Atty   (15 May 07 6:26am)
How do you know the random domains you are creating do not exist? I see nothing in your code that indicates a DNS lookup to ensure they don't exist

Not all domains are "real" words - my domain name is an acronym. My previous employers domain was a 3 letter acronym too.

If I found out that you were responsible for seeding spammers with email addresses from my domain I would be extremely annoyed.

Post Edited (15 May 07 10:49am)
 
 Re: Attack on Spam Bot Harvesters
Author: B.Trevithick   (23 May 07 7:53pm)
I was doing something similar for a while, but along a slightly different path.

First, I bought a bunch of domains.. and I set the "A" record of each to 127.0.0.1.

Then, I downloaded and massaged into a couple of MySql tables thousands of the most popular first and last names from the Census.

When my PHP page was accessed, it generated a random number of bogus addresses which pointed to the "blackhole" domains, and which looked reasonable because they were built with real names.

Pluses:

- No possibility of causing spam to be sent a domain which either exists now or which might exist in the future.

- None of the spam sent to any of those addresses would clutter up the Internet, because they would never leave the server trying to send them (because they were addressed to that very server via the 127.0.0.1 address.)

- By the time the spammer realized that his master list was hosed, he'd hopefully have to scrap it and start over again.

Minuses:

- Limited number of domains to use, so spammers could prune them from their lists if they discovered them.

- No way of tracking any spam which might have been sent to those addresses, so no way to assess the effectiveness of the whole thing.

But, we're thinking along similar lines! :)

Regards,
Bob
 
 Re: Attack on Spam Bot Harvesters
Author: M.Nordhoff   (11 Jun 07 2:23am)
What about something like PHPot + WPoison (http://www.monkeys.com/wpoison/)? People donate domain names to be used, then the script contacts the server and downloads a bunch of domains to use when generating addresses.

Wait, that would basically be PHPot, only it would give out addresses in bulk. If PHPot gets enough domains and server power in the future, maybe you could do that. The danger is that if PHPot started giving spammers hundreds of addresses at a time instead of once, spammers would be able to find and filter PHPot domains hundreds of times more quickly.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email