Tux

...making Linux just a little more fun!

2-cent Tip: Poisoning the spammers

Ben Okopnik [ben at linuxgazette.net]


Sat, 10 May 2008 13:03:36 -0400

I saw a Web page the other day, talking about a cute idea: since the spammers are always trawling the Net for links and e-mail addresses, why not give them some nice ones? For a certain value of "nice", that is...

However, when I looked at the implementation of this idea, the author had put a "badgeware" restriction on using it - not something I could see doing - so, I wrote a version of it from scratch, with a few refinements. Take a look:

https://okopnik.com/cgi-bin/poison.cgi

A randomly-generated page, with lots of links and addresses - with the links all pointing back to the script itself (somewhat obscured, so they don't look exactly the same), so the spammers can harvest even more of these addresses. Mmm, yummy!

The addresses are made up of a random string "at" a domain made up of several random words joined together with a random TLD. There is some tiny chance of it matching a real address, but the probability is pretty low.

If you want to download this gadget, it's available at https://okopnik.com/misc/poison.cgi.txt (and, once the next issue of LG comes out, at 'https://linuxgazette.net/151/misc/lg/poison.cgi.txt'). I suggest renaming it to something else :), and linking to it - the link doesn't have to be visible [1] - from a few of your real Web pages. If enough people started doing this, life would become a lot more pleasant. Well, not for spammers, but that's the whole point...

[1] '<a href="poison.cgi" border="0"> </a>' at the end of a page should be invisible but still serve the purpose.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * https://LinuxGazette.NET *


Top    Back


Deividson Okopnik [deivid.okop at gmail.com]


Mon, 12 May 2008 11:22:47 -0300

Pretty nice idea

I would just change the poison.cgi to someting more... usual, like article.cgi, this way they can't change the bots just to ignore poison.cgi pages.

Give em what they give us, unsolicited, useless stuff. :P


Top    Back


Ben Okopnik [ben at linuxgazette.net]


Mon, 12 May 2008 11:09:33 -0400

On Mon, May 12, 2008 at 11:22:47AM -0300, Deividson Okopnik wrote:

>    Pretty nice ideia
> 
>    I would just change the poison.cgi to someting more... usual, like
>    article.cgi, this way they cant change the bots just to ignore poison.cgi
>    pages.
> 
>    Give em what they give us, unsolicited, useless stuff. :P

I quote myself:

>      If you want to download this gadget, it's available at
>      https://okopnik.com/misc/poison.cgi.txt (and, once the next issue of LG
>      comes out, at 'https://linuxgazette.net/151/misc/lg/poison.cgi.txt'). I
>      suggest renaming it to something else :), and linking to it - the link
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Rather than 'article.cgi', I'd prefer that everyone came up with his/her own name for it. Spammers rely on automated bots, and they're not going to be looking at the script names - but if these were all named the same, it would be easy enough for them to block these out. If they're all different, then we've turned the spammers' favorite trick against them: instead of us having to analyze their e-mails for human-readable content, they now have to analyze our Web pages for the same thing.

It's classic security thinking - turning an attack scenario on its head. Much like El-Al (the Israeli airline) does to prevent sabotage on its flights: instead of defending a very large target against an attacker who can pick his approach and method, they interview any passenger that they deem suspicious by asking a series of 'innocent' questions, and then "drill down" on any one of them (focus on a question and keep digging for all relevant - and checkable - details). It's impossible to have a cover story that goes that deep.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * https://LinuxGazette.NET *


Top    Back