Message Board

Newbie/Basic Questions

Desperately seeking advice on attracting spambots

Author: G.Boettcher (12 Feb 10 10:59am)

I have a question for those who are wise to the ways of honeypots and spambots. I've been trying to conduct a study on address-disguising methods, to find out which are best at stopping spam. To that end, I've set up a honeypot web page of my own devising, filled with 70+ email addresses.

Unfortunately, despite having tried hard to attract spambots, I've received no spam at all so far. Here's what I've done:

(1) I put up my honeypot page and put up about 20 links to it on two web sites I run. After two weeks, this attracted zero spam.
(2) I then recruited about 20 people to provide additional links to my web site. I also registered my site with Google. After two more weeks, this still attracted zero spam.
(3) When this failed, I started to address the fact that my honeypot page had "spam" in its title, opening text, and URL. I change the title and opening text, then set up a new URL for the page. I changed my 20 links, and tried to get *some* of the 20 participants to change theirs, but I couldn't really twist their arms too much. After another week, I have still received zero spam.

(4) So now here are my plans for what to do next:
(a) Link my honeypot pages to each other. I haven't gotten around to that yet, but I will soon.
(b) Take up the hobby of writing more posts to Usenet, to blogger's guest books, to anywhere else that lets me include my honeypot's URL along with my post.
(c) I have so far resisted using Digg, Reddit, etc., as I fear it may draw too many human visitors, increasing the risk of malicious users contaminating my data. So my current plan is not to do this.
(d) Ask here for more links to my site (see below for the link).
(e) Ask here for any further advice. I am running out of ideas.

My honeypot page is at the URL listed below. I would really appreciate links to it, and if you email me at the address below, I would be glad to include your name in the acknowledgments of my project's write-up.

My honeypot page (please provide a link here if you can):
http://www.springthing.net/misc/asdf/zxcv.htm

Further information should you decide to link to my page:
http://www.gregboettcher.com/misc/spam/request.htm

My email address:
greg@gregboettcher.X, where X=com

I should add that I have also set up two "Project Honey Pot" honeypots and I have now linked to them about 20 times as well, in addition to my self-made honeypots described above. I appreciate the work done by those who run this web site, which is one reason I'm posting here.

Thanks for any help or advice you can give!

Greg

Re: Desperately seeking advice on attracting spambots

Author: M.Prince (13 Feb 10 2:34am)

How long have you had the pages up? It takes a lot longer than you may think to start getting spam. Spammers typically take at least 2 weeks from when they harvest an email address to when they send their first spam message. For a small, relatively unlinked website it can take even longer just to have a harvester stumble across the page in the first place.

Generally, all the stuff in (4) will help get bot traffic to your page. That'll help. If you can make the email addresses look less random/trap-like that could help too.

What are you planning to do with the data? Let us know and maybe we can help get the link out there more broadly.

Finally, I looked at your page with the spamtraps and what I think you'll find is that virtually all the methods you're using to obscure email addresses will be virtually 100% effective. Even just URL encoding still fools almost all harvesters. So much low-hanging fruit the harvesters don't spend much time working on things like decrypting javascript. They definitely don't do image processing. From our research, the only way a javascript encoded email address gets harvested is if the Googlebot stumbles across it. Google parses simple javascript. Harvesters then scan the Google cache. As a result, what might be interesting and easier to check is which of your encoding techniques actually get rendered in Google's cache.

Re: Desperately seeking advice on attracting spambots

Author: G.Boettcher (13 Feb 10 9:45am)

About six weeks ago I put up the pages and linked to them. About three weeks ago I asked for links from additional people.

What will I do with the data? Basically, I am an undergrad, and I received a scholarship requiring me to do research in computer science. I wanted to do something fun and interesting, and I decided that it might be fun to set up my own email spam honeypot.

I read some academic papers on the subject before I started, and looked at sites like this one. I'm not an expert on email security, and with hindsight, I don't know whether my study will end up providing useful data to people like you, who really are pretty expert on this.

I was originally hoping to get at least *some* results by April -- yes, just two months away -- because at that time I have to give a 15-minute presentation on my work. That's why I said I was "desperate." At this point I am nearly ready to give up on the hope of meeting the April deadline, but I would still like to see results eventually -- I have worked too hard on this to want to give up.

What will I do with the data? My original plan was to try to publish a paper showing the results of my study, along with advice to web site administrators on how to publish email addresses on the web while minimally compromising security. I am interested in the possibility of using CMS's to assist with this. A CMS could have an "insert email address" feature that would pull an email address from a database and insert it in a wide variety of encoded formats.

So I guess if I get significant data, I might try to write such a paper. (I feel a little sheepish saying so here, as some of you might do better than me at such a paper, but there it is.) Also, as I said, I would be willing to share the data with anybody who requests it.

If I don't get significant data -- well, I suppose I'd just have to throw in the towel and tell the scholarship people that I tried.

Greg