spambothoney: script to pollute spammer's databases

Hello PHP-list,

I proudly announce the first release of my first PHP script:
spambothoney.

It provides a class to generate different types of email addresses
(random invalid, combination of users/hosts, with spambots IP/host,
"binary" output) and is meant to pollute the crawling spambots that
harvest email addresses from webpages.

It uses a MySQL database for configuration (through web-interface) and
for logging purposes.

I would be glad, if this is of some interest for you and you would
take a look: http://thequod.de/comp/mysoft/spambothoney (direct
download: http://thequod.de/action.php?download=1)

I'm especially interested into security issues, but feedback in
general is very appreciated..

Thanks.. have a nice week!

--
shinE!
http://www.thequod.de ICQ#152282665
PGP 8.0 key: http://thequod.de/danielhahler.asc

Hello,

On 12/09/2003 12:26 AM, Daniel Hahler wrote:
> I proudly announce the first release of my first PHP script:
> spambothoney.
>
> It provides a class to generate different types of email addresses
> (random invalid, combination of users/hosts, with spambots IP/host,
> "binary" output) and is meant to pollute the crawling spambots that
> harvest email addresses from webpages.
>
> It uses a MySQL database for configuration (through web-interface) and
> for logging purposes.
>
> I would be glad, if this is of some interest for you and you would
> take a look: http://thequod.de/comp/mysoft/spambothoney (direct
> download: http://thequod.de/action.php?download=1)

That is curious. This seems to be the second class that I see that seems
to be for the same purpose. The other class also seems to be meant to
generate honey pot e-mail addresses.

Class: Honey Pot
http://www.phpclasses.org/honeypot


> I'm especially interested into security issues, but feedback in
> general is very appreciated..

I read something about e-mail honey pots and I am afraid that may not be
as useful as you think. When you say polluting crawling spambots you
will probably be causing harm to innocent mail servers. Let me explain.

The latest spamming strategies consist on using valid sender addresses
of inocent companies. Therefore, when you make up invalid addresses, all
the bounces will go to the innocent companies mail servers. The more
invalid addresses you make up the more harm you cause to innocent companies.

Anyway, you may want to contribute your class also to the PHP Classes
site so you can get the feedback of tens of thousands of potential users
that are notified when a new class is published. Despite your class
seems to do the same as the other above, it will also be approved for
publishing and let the users decide which is more useful.


--

Regards,
Manuel Lemos

Free ready to use OOP components written in PHP
http://www.phpclasses.org/

Manuel Lemos wrote:

> The latest spamming strategies consist on using valid sender addresses
> of inocent companies. Therefore, when you make up invalid addresses,
> all the bounces will go to the innocent companies mail servers. The
> more invalid addresses you make up the more harm you cause to innocent
> companies.

My strategy against spam is giving invalid addresses at my domain name,
all of which redirect to abuse@ftc.gov. No innocent servers besides my
own are harmed, and the spam is given to an authority who will (in
theory) do something about it.

Manuel Lemos schrieb:

> Hello,
>
> On 12/09/2003 12:26 AM, Daniel Hahler wrote:
>
>> I proudly announce the first release of my first PHP script:
>> spambothoney.
>>
>> It provides a class to generate different types of email addresses
>> (random invalid, combination of users/hosts, with spambots IP/host,
>> "binary" output) and is meant to pollute the crawling spambots that
>> harvest email addresses from webpages.
>>
>> It uses a MySQL database for configuration (through web-interface) and
>> for logging purposes.
>>
>> I would be glad, if this is of some interest for you and you would
>> take a look: http://thequod.de/comp/mysoft/spambothoney (direct
>> download: http://thequod.de/action.php?download=1)
>
>
> That is curious. This seems to be the second class that I see that seems
> to be for the same purpose. The other class also seems to be meant to
> generate honey pot e-mail addresses.
>
> Class: Honey Pot
> http://www.phpclasses.org/honeypot
>
>
>> I'm especially interested into security issues, but feedback in
>> general is very appreciated..
>
>
> I read something about e-mail honey pots and I am afraid that may not be
> as useful as you think. When you say polluting crawling spambots you
> will probably be causing harm to innocent mail servers. Let me explain.
>
> The latest spamming strategies consist on using valid sender addresses
> of inocent companies. Therefore, when you make up invalid addresses, all
> the bounces will go to the innocent companies mail servers. The more
> invalid addresses you make up the more harm you cause to innocent
> companies.
>
> Anyway, you may want to contribute your class also to the PHP Classes
> site so you can get the feedback of tens of thousands of potential users
> that are notified when a new class is published. Despite your class
> seems to do the same as the other above, it will also be approved for
> publishing and let the users decide which is more useful.

hi,

not only the bounces are the problem, think of the traffic and the
'innocent' isp's. ;-) i think that's not the best method for fighting
against spam.

ciao SVEN

Hello,

On 12/09/2003 09:42 AM, Leif K-Brooks wrote:
>> The latest spamming strategies consist on using valid sender addresses
>> of inocent companies. Therefore, when you make up invalid addresses,
>> all the bounces will go to the innocent companies mail servers. The
>> more invalid addresses you make up the more harm you cause to innocent
>> companies.
>
>
> My strategy against spam is giving invalid addresses at my domain name,
> all of which redirect to abuse@ftc.gov. No innocent servers besides my
> own are harmed, and the spam is given to an authority who will (in
> theory) do something about it.

Are you sure that will not get yourself into problems with FTC for
forwarding SPAM? Even if that nothing happens, I am afraid that soon
nobody will be listening to messages sent to that abuse@ftc.gov address.

--

Regards,
Manuel Lemos

Free ready to use OOP components written in PHP
http://www.phpclasses.org/

Manuel, Leif, et al --

...and then Manuel Lemos said...
%
% Hello,
%
% On 12/09/2003 09:42 AM, Leif K-Brooks wrote:
% >
% >My strategy against spam is giving invalid addresses at my domain name,
% >all of which redirect to abuse@ftc.gov. No innocent servers besides my
% >own are harmed, and the spam is given to an authority who will (in
% >theory) do something about it.
%
% Are you sure that will not get yourself into problems with FTC for
% forwarding SPAM? Even if that nothing happens, I am afraid that soon
% nobody will be listening to messages sent to that abuse@ftc.gov address.

I thought that the correct address was uce@ftc.gov but, yes, there is an
address to which you can forward spam and other suspicious email.


HTH & HAND

:-D
--
David T-G * There is too much animal courage in
(play) davidtg@justpickone.org * society and not sufficient moral courage.
(work) davidtgwork@justpickone.org -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE/10EoGb7uCXufRwARAtCZAKC4oRNpd8fmrzDsUvpCk4leosmS2A CfaBeY
8UIYextEjIcH9fsZQwjNsz4=
=obAS
-----END PGP SIGNATURE-----