Quick Search

Advanced Search

Beware Spambots

Hi spambots! By visiting this page and harvesting the links on it you will next be visiting a honeypot page where you will havest an E-mail address that when you send spam to will uniquely identify your IP address and track you down. So, be warned.

OK, what's that all about? Project Honey PotWeb Link is a community-based distributed system for identifying spammers and the spambots they use to scrape addresses from websites. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. So, when a spambot (or even a person for that matter) visits the honeypot page on your website and harvests the E-mail address posted there and then sends spam to that address, that bot or person doing the harvesting can be uniquely identified by IP address linked to that E-mail address.

And, this address changes each time the page is viewed by a person or bot.

If you have a website you might want to consider joining the fight. You need to be able to post a script page to your site (e.g., have a server running PHP or other scripting language and be able to post an active script page to the site) in order to set up a honeypot. But, even if you don't you can help by posting a specific link they will give you to your page(s). There are other ways you can help but one of these two is a great way to start.

When you sign up (free) you will be asked to provide some basic information (e.g., name, E-mail address, website domain, script language) and are then presented with a download that contains further instructions in a readme text file along with the actual script page you need to put on your site. When done uploading that to where you want it you go to that specific address in your browser and the script will then direct you further to activate your honeypot. After that, they give you sample links to put on your site's page(s). These links are of a form not generally seen by users visiting your site but easily found by spambots.

If you really want to see an example use your browser to view the source code of the page you are viewing. At the bottom of the page, just before the Google Analytics script, you will see a link to the page "palatialcoach.php." If you then put that URL into your browser (it's OK, it's safe!) you will see the actual page the spambots are directed to to harvest addresses from. You may or may not see a link on the page but if you view the source of that page you will find one that can be easily harvested. When mail is sent to that address the IP address of the scraper can be identified and, if appropriate, legal action taken against that address for aiding spamming.

So, do your part and install a honeypot on your website. Join the community to fight spam.


Comments (3)

steve
Said this on 2010-01-26 At 03:57 pm
hi DaBoss,
I like the honeypot idea, but if people are going to put their email addresses on their website, they still need to protect them from the spambots!
I learned the hard way long ago what happens when spambots harvest your email address (you finally close that email address because you get too much spam, and if you filter it, important messages get discarded)...
Anyway, I wrote an article back in 2004 about the problem and also put a free unicode-encoder program on my website. You can use it to "encode" your email address to protect it from "most" spambots... You can check it out here:
http://www.pinnacledisplays.com/unicode-converter.htm

Thanks for a very important article! Death to the spambots! Steve
Reply to this Comment
DaBoss
Said this on 2010-01-26 At 11:29 pm
In reply to #1
The purpose of the Honey Pot project is to identify robots that collect addresses for spam so by its nature you have to have that page with the address in the clear. My page has been scanned by a number of robots but it was a pleasure to get a mail recently that said a *new* robot had scanned the page and harvested the address. The project will notify you when that first happens.

Yes, it's good to protect the "real" address(es) on a site. The unicode trick is one of several that will help do that. Javascript and mail forms with hidden addresses in the script are a couple of other ways. The other way is to just pretty much forget about it and run all mail through a mail service like Google Mail that has good filtering. :-)
Reply to this Comment
steve
Said this on 2010-01-27 At 12:44 pm
hi DaBoss,
Right. I wasn't talking about "protecting" (i.e. hiding) the honeypot trap email address from the spambots... you want them to find and harvest that one...
As you understood, I was talking about protecting your REAL email addresses on your contact page. One can make them into an image, but then they aren't clickable. Unicode obfuscation fools most spambots I think, or javascript or a mail form as you point out. Another smart thing is to create a "disposable" address you can discard if it is compromised, it contact2010@mysite.com. You can also use a gmail address, but I think some people like their email address to be @theirsite.com
In any event, I love the honeypot trap, and understand you DO want the spambots to find and be able to read that email address. Steve
Reply to this Comment
Post a Comment
* Your Name:
* Your Email:
(not publicly displayed)
Reply Notification:
Approval Notification:
Website:
* Security Image:
Security Image Generate new
Copy the numbers and letters from the security image:
* Message:
No HTML tags are permitted in comments

Recent Blogs