[Gambas-user] List status (fwd)

Christopher Brian Jack brian at ...1334...
Tue Aug 15 00:04:22 CEST 2006


On Mon, 14 Aug 2006, Rob Kudla wrote:

> On Mon August 14 2006 16:24, Christopher Brian Jack wrote:
> > the plaintext link is an autoblacklist address (runs a script)
> > and I'll never get an email from them again since it
> > automatically updates the email access file which is reloaded
> > when cron periodically SIGHUP's my MTA
>
> Wow, dude, I was ecstatic this past weekend when I found a way to
> reduce my number of spams per day from about 30,000 to about
> 1,100 (add all 300+ addresses in active use on my domain name to
> my virtual file and turn off wildcards).  I can't imagine
> putting that level of effort into keeping spam out of my
> mailbox.... I only turned off wildcards because I found
> Spamassassin was running my CPU at 100% for minutes at a time
> whenever mail came in.
>
> Sorry to continue an off-topic thread, but.... how's that working
> out for you?
>
> Rob

I got this idea when I was reading various journals from webmasters with
severe arachnophobia and had added very elaborate methods of designing
their webpages to either eliminate web spidering completely or to force
spiders to obey robots.txt (the former involved invisible URLs that
triggered server scripts to blacklist the IP from the accessing the
webserver from then on and the latter involved recording IPs that accessed
the robots.txt file then update httpd config so only the directories
allowed by robots.txt could be accessed [others would 404 or 403 depending
on the webmaster and server configuration]).

So I figured why not create a "spambot trap" in place of a "spider trap".
The process is pretty straightforward.  Make my actual email address
parseable by humans but not easily parseable to spam farming bots.  Next I
add a plaintext address that is in plain sight of the spam farmer.  The
idea is that it will spam the plaintext address (sputnik at ...1107...).  The final
piece is a script that runs via the .forward file placed in the sputnik
user's homedir.

The script does some administrivia like logging the access, tar bzip2'ing
the evidence email and finally concatenating the IP to the end of a deny
list file.

The script has one other feature.  If I forward a local mail to sputnik it
will parse the header of the forwarded message grab the originator IP and
do the remainder of operations as described above.

So it allows me to trap harvesters sniffing my posts in public and any
that happen to have my real address (from posting in days before spam was
a problem) and do a drive-by spam to my actual inbox I can immediately
forward to sputnik and they will be blocked in the next pass of the cron
job when the MTA gets SIGHUP'ed (if I'm in a hurry I can also go to root
and run the script manually if I'm between cron cycles).

.=================================================.
|  Christopher BRIAN Jack aka "Gau of the Veldt"  |
+================================================='
| oevna at ...1544...
`=================================================-
Hi Spambots, my email address is sputnik at ...1334...
Hi Humans, my email address uses rot13 cipher





More information about the User mailing list