Author: O.M2 (18 Jan 05 5:26am)
The project looks interesting, but by looking the address-generation script (at least the PHP one), I'm affraid that its designers forgot one basic engineering rule: keep it simple stupid!
Copy-paste heaven, massive amount of defines... but no comment besides legal & CYA. Thanks.
Next, the script computes an MD5 hash of itself everytime it's run. Put politely, what for? Trying to detect tampering is doomed to failure, one can easily compute the hash once then modify the script at will, hardcoding the correct value. Trying to detect accidental corruption is not much more likely to work: if the script is hosed, it won't be able to check itself anyway.
On the other hand, this checking not only adds an unnecessary burden on the server, it also makes fixing the script limitations (short PHP tags vs normal ones) a pain.
Part of the script complexity comes from its attempt at making the HTML it generates somewhat variable, presumably to make it harder to detect. I think that this is not necessary against dumb harvesters, and not enough against smarter ones, as the general page structure is still fixed and therefore recognizable.
Adding tracker addresses to normal "home-made" pages would I think be much more effective.
Moreover, a script is supposedly tied to a single domain, worse yet, to a single URL it seems, and vice versa. Maybe I miss something here, but this artificial limitation looks completely pointless to me.
A little like B.Coogan a post or 2 back, I host a bunch of parked domains, all of which display a similar script-generated "coming soon" page. I would gladly modify it to sprinkle a few ProjectHoneyPot addresses here and there, making them especially hard to distinguish from legitimate ones.
The arbitrary restrictions enforced by ProjectHoneyPot make this really cumbersome, probably too much for me to bother at least for now.
All in all, this plus a very wordy licence and unclear ROI (what does the community gets in return for its participation?) make the project unfortunately quite unattractive to me as a sysadmin.
Any thoughts?
|