Re: Wpoison?????
John j...@starfire.mn.org wrote: There are better systems that have a pure honeypot which actually accepts mail (and add the IPs that send mail to a blacklist) OK - where do we find one of THOSE? Unfortunately, THOSE may be a bit too simplistic :( Someone forges an email appearing to come from one of your honeypot addresses, and sends it to a bogus (or on-vacation) address at a legitimate site. The bounce (or vacation response) comes to your honeypot address, causing you to blacklist the legitimate site. No, I am not making this up. More than once I've discovered one of my employer's mail servers on the Spamcop blacklist, causing my home upstream to bounce (as presumed spam) messages I tried to send from office to home. This seemed to have been the mechanism involved. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wpoison?????
John j...@starfire.mn.org wrote: I wouldn't need to create a new e-mail account, I've already got lots of them that seem to be pure spam magnates, including man (the manual pages psuedo-user) which are getting stuff sent to them all the time. I'm pretty sure that anyone sending to m...@starfire.mn.org is a spammer... Another favorite, at least here, seems to be old Message-Id's that have been harvested and used as email addresses :( I haven't seen anything to man yet, however. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wpoison?????
On Sun, Apr 25, 2010 at 03:05:28PM +0800, Aiza wrote: Looking for comments on this small apache web application that fools web harvest programs into harvesting bogus email address from web page. http://www.monkeys.com/wpoison Anybody try this? Is this a self-inflicted Trojan? Since I don't have web server was thinking of creating jail for apache that only runs this wpoision perl script? My firewall been blocking inbound port 80 and gets hit 100's of times a day. Just script kiddies rolling through a block of ip address hunting. Play with them a little bit in return. Comments please? Well, it's short and easy to understand - about half of it is comments and data structure initalization. From what remains, it all makes simple sense and there is nothing obscure or difficult to understand. I'm pretty concerned about its effectiveness. It appears not to have been touched since 2001. If it actually accomplished its goals, I think it would have been tuned up a bit, and it would be much more popular. I've been hanging around the web quite a bit in the last nine years, and it concerns me that I've never run into it before. So - I went ahead and installed it. Just in case the script kiddies had gotten a little bit more sophisticated, I changed the name. I put it on three of my web pages -now, I grant you, all three of them are tagged NOFOLLOW, but I doubt spambots pay any attention to that. That was about 24 hours ago, and so far, I have not gotten one single hit on it outside of my testing. Now, it may simply be that I'm off in too obscure a corner of the web, or that I should go through my errors log and create one of the bogus pages they always probing for with a reference to it, but I'm not expecting too much luck at this point. I would love to hear if your results are any better. I hope that it does do what it is supposed to do! That would be great. I don't see how it could possibly do anything malicious or propagate itself in any way. It would be simple to turn off if you didn't like the behavior. That's my $0.02, anyway. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- John Lind j...@starfire.mn.org The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries. - Winston Churchill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wpoison?????
I'm pretty concerned about its effectiveness. It appears not to have been touched since 2001. If it actually accomplished its goals, I think it would have been tuned up a bit, and it would be much more popular. I've been hanging around the web quite a bit in the last nine years, and it concerns me that I've never run into it before. I've heard of this program (and others like it) many times. The big problem with its effectiveness is that the generated emails don't actually work. Spammers generally send at least one probe message to create a working emails list which can sell for a higher price. There are better systems that have a pure honeypot which actually accepts mail (and add the IPs that send mail to a blacklist) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wpoison?????
On Mon, Apr 26, 2010 at 04:43:41PM +0300, Eitan Adler wrote: I'm pretty concerned about its effectiveness. ??It appears not to have been touched since 2001. ??If it actually accomplished its goals, I think it would have been tuned up a bit, and it would be much more popular. I've been hanging around the web quite a bit in the last nine years, and it concerns me that I've never run into it before. I've heard of this program (and others like it) many times. The big problem with its effectiveness is that the generated emails don't actually work. Spammers generally send at least one probe message to create a working emails list which can sell for a higher price. There are better systems that have a pure honeypot which actually accepts mail (and add the IPs that send mail to a blacklist) OK - where do we find one of THOSE? -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wpoison?????
There are better systems that have a pure honeypot which actually accepts mail (and add the IPs that send mail to a blacklist) OK - where do we find one of THOSE? I have never researched this topic in depth but http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Further_reading_and_external_links seems to have some links. Setting one up on your own isn't hard. Just create a new mail account and blacklist anyone who sends mail to that account. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wpoison?????
On Mon, Apr 26, 2010 at 06:04:33PM +0300, Eitan Adler wrote: There are better systems that have a pure honeypot which actually accepts mail (and add the IPs that send mail to a blacklist) OK - where do we find one of THOSE? I have never researched this topic in depth but http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Further_reading_and_external_links seems to have some links. Setting one up on your own isn't hard. Just create a new mail account and blacklist anyone who sends mail to that account. Something like taking all the old e-mail accounts in my system that are now going to /dev/null (but which I know from the e-mail logs still get TONS of spam) and make something like a /dev/mailsink that is a named pipe with a PERL script reading it that pulls out the IP addresses and puts them in the pfctl spammers blacklist table? I wouldn't need to create a new e-mail account, I've already got lots of them that seem to be pure spam magnates, including man (the manual pages psuedo-user) which are getting stuff sent to them all the time. I'm pretty sure that anyone sending to m...@starfire.mn.org is a spammer... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Wpoison?????
Looking for comments on this small apache web application that fools web harvest programs into harvesting bogus email address from web page. http://www.monkeys.com/wpoison Anybody try this? Is this a self-inflicted Trojan? Since I don't have web server was thinking of creating jail for apache that only runs this wpoision perl script? My firewall been blocking inbound port 80 and gets hit 100's of times a day. Just script kiddies rolling through a block of ip address hunting. Play with them a little bit in return. Comments please? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org