Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 Serving up the honeypot as an include
Author: C.Dijkgraaf   (20 Feb 05 11:34pm)
Hi

Would it be ok to include the honeypot as part of another page with specific conditions.
The reason I ask is that there is one Harverster User Agent, Port Huron Labs, that is hitting my guestbooks and only my guestbook page multiple times a day. So I'm thinking of checking the user agent for this string, and then rather then serving up the guestbook page I give it the honeypot instead.
Would this cause any problems?
So far as I can see this user agent is rather unique and seems to be targeting guestbooks.

Colin
 
 Re: Serving up the honeypot as an include
Author: M.Prince   (21 Feb 05 12:37am)
You're welcome to redirect certain visitors to your honey pot page. Just make sure the contents of the honey pot remain intact -- including the legal disclaimer.

FYI: "Port Huron Labs" has been associated with spammers. About 4% of the harvester traffic we see online comes from this Useragent. Typically the messages that result from the Port Huron harvesters are about "Promoting Your Website." Here are some of the IPs we've seen the harvester with this UA coming from:

68.1.187.15
68.109.72.40
201.240.41.86
200.48.230.25

Soon we'll have a tool available where you can block known harvesters before they can access your site. Watch these pages for more info on what we're calling the:

http:BL
 
 Re: Serving up the honeypot as an include
Author: C.Dijkgraaf   (22 Feb 05 4:38pm)
I've put a redirect in place, and Port Huron Labs is now getting redirected to my honeypot page.
 
 Re: Serving up the honeypot as an include
Author: C.Dijkgraaf   (24 Feb 05 6:48pm)
Well it looks like he may have given on my site now. After getting elevent 301 redirects to my honey pot page it seems to have stopped hitting my web site.
 
 Re: Serving up the honeypot as an include
Author: M.Prince   (24 Feb 05 7:04pm)
That's interesting, and maybe explains something weird we saw the other day. One honey pot was just getting HAMMERED. A hit every 2 seconds for about an hour. I thought it was someone trying to abuse us. Now I'm betting it was someone trying to abuse you and just triggering a bunch of hits to your hpot.

Doesn't cause any harm on our side, so no need to turn off the redirect. Glad we helped drive him away! We'll keep watching to see if he starts emailing to the spamtrap address he was given (repeatedly) during all those visits.
 
 Re: Serving up the honeypot as an include
Author: C.Dijkgraaf   (24 Feb 05 7:28pm)
No, can't have been mine, he was only hitting it every hour or so. I can send you an extract from my log if that would help you..
You should be able to determine which honeypot was getting hit shouldn't you?
 
 Re: Serving up the honeypot as an include
Author: M.Prince   (25 Feb 05 12:24am)
We totally can. I was just lazy.
 
 Re: Serving up the honeypot as an include
Author: C.Dijkgraaf   (25 Feb 05 3:44am)
Well it would be interesting to know whether they were trying to launch an attack on you as this would indicate 1) You got their attention 2) They are worried. :-)
An alternate theory of course is that it was a just a badly written bot that was following links from multiple pages to the same honeypot. Possibly the web log from that site would shed light on the incident.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email