SPAM bot and general security question...
John Summerfied
debian at herakles.homelinux.org
Tue Jan 17 20:20:18 UTC 2006
Jon D. Slater wrote:
> If this question is off topic (or there's a better place to ask it), please
> let me know.
>
>
>
> I'm running Apache 2.0.54 under FC4 2.6.14-1.1656.
>
>
>
> I *think* I've successfully java scripted all of my e-mail address links to
> prevent SPAM bots from harvesting them.
>
I wonder whether spambots have implemented javascript yet? Surely, if a
web browser can be written to display content, and a screen scraper
written to speak it, then a spambot can get the real text.
>
>
> Question 1: How do I know? (Is there some script or test I can run that
> will look for vulnerable e-mail addresses exposed on my web site?)
I rather like the idea of email addresses like this:
enquiries+99 at example.com
Replace the nines with a number that indicates to you the age of the
email address. Change the number as often as you need.
Most MTAs (some use a minus) will deliver to enquiries regardless of the
number, and you can then use filtering.
Depending on the application, I'd also preset the subject: a Real Estate
agency getting email about "Property number 995917633" wont have any
problem writing a filter to distringuish it "Three steps to the software
you require."
>
>
>
> Question 2: If a .cgi script generates a web page on-the-fly (like many
> packages do), and if that generated page includes an e-mail link to
> support at blahblahblah.com, is that e-mail address also vulnerable? Or does
> it have to be in an ".html" file to be bot'ed?
If google can find it so can a spambot.
Google for "dive into mark." As I recall he has some thoughts on
defeating spambots (and other interesting topics).
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the fedora-list
mailing list