Wedge

Public area => The Pub => Off-topic => Topic started by: Arantor on November 7th, 2011, 12:25 AM

Title: Honey pots
Post by: Arantor on November 7th, 2011, 12:25 AM: I've been constructing two honeypot sites for tracking spammers and their habits, and more importantly, whether some of the anti-spam defences I have in mind are likely to work against the current slew of bots.

Now, I'm not going to give out the details behind the logging, suffice to say they're likely to be fairly expensive on the server as I'm recording a lot of information and I'll be setting up various specialist processes for getting it back to my PC in a meaningful fashion so that I can make sense of it.

The reason I'm posting is because shortly I'm going to need some help. I'm not asking anyone to host these in any form, because of the above, but I am going to need links to the sites when they're ready, which means I'm going to be requesting people put one or other of the links in their signatures or indeed anywhere else, in a cloaked fashion, on whatever sites they're able to.

If it's going in bbcode, it should be in the form of:
Code: [Select]
[url=http://one-of-the-sites/][/url]

That's right, no text in there. Regular users won't see it, search engines will be advised on landing that they're not supposed to be there.

Better still, if it's your own site, embedding this in the template at the bottom would be even better.
Code: [Select]
<a href="http://one-of-the-sites/" rel="nofollow"></a>

I'll publish links when I'm finished with the code, and whatever you do, please do not directly visit them. Since every request you make will also be logged, it's just fluff in the data which will make it harder to pinpoint genuine users. (I mean, should genuine users find their way there for any reason, there's not a lot I can do about that, just hopefully it won't contaminate the data set too much)

As for the reason behind two honey pots, one's SMF 1.1.x, the other 2.0. I don't want to use Wedge because 1) I don't want to give them a heads-up as to the things in Wedge, 2) I don't want to have to strip out the layers of defences and 3) it's actually easier since I don't have to deploy anything that expects me to keep it up to date as much ;)

I'm hoping you guys will be able to help me get some backlinks, because this is the best way for me to track spam bots.
Title: Re: Honey pots
Post by: CJ Jackson on November 7th, 2011, 01:36 AM: One I thing I notice is that spambot tends to dig out registration links via search engine, almost all of them are totally dependant on search engines. On my site rockforums.co, the registration doesn't work without javascript (jQuery), human user tend to click on Register (resulting in 200), spambot tend to go directly to rockforums.co/register (resulting in 404). So far so good not one got through, I don't even have email validation or captcha enabled. ;)
Title: Re: Honey pots
Post by: Arantor on November 7th, 2011, 01:45 AM: Since /register/ is not in search engines directly, one presumes they're either guessing or scraping the code and finding the reference to /register/ in the form?

The other thing is, I'm looking for more general trends, since I can't pull off stunts like that generally, there are things like accessibility issues when doing things like that.
Posted: November 7th, 2011, 01:40 AM

In other news this honey pot is actually very hardcore. It even makes use of the integration hooks in SMF 1.1 to bridge it because I'm far too lazy to write mod code for both branches when I don't have to.
Title: Re: Honey pots
Post by: MultiformeIngegno on November 7th, 2011, 11:36 PM: It's ok for me! :)
Title: Re: Honey pots
Post by: PantsManUK on November 8th, 2011, 10:39 AM: Happy to help in all fashions. :niark:
Title: Re: Honey pots
Post by: billy2 on November 8th, 2011, 11:20 AM: Happy to help also.
Can put in Template and all members sigs if you want (they dont care).
But I do block some Pakistani and Chinese IPs - these can be lifted if you wish.
Title: Re: Honey pots
Post by: dorje on November 8th, 2011, 11:54 AM: :+1: