SPAM bot and general security question...

John Summerfied debian at herakles.homelinux.org
Tue Jan 17 20:20:18 UTC 2006


Jon D. Slater wrote:
> If this question is off topic (or there's a better place to ask it), please
> let me know.
> 
>  
> 
> I'm running Apache 2.0.54 under FC4 2.6.14-1.1656.
> 
>  
> 
> I *think* I've successfully java scripted all of my e-mail address links to
> prevent SPAM bots from harvesting them.
> 

I wonder whether spambots have implemented javascript yet? Surely, if a 
web browser can be written to display content, and a screen scraper 
written to speak it, then a spambot can get the real text.
>  
> 
> Question 1:  How do I know?  (Is there some script or test I can run that
> will look for vulnerable e-mail addresses exposed on my web site?)

I rather like the idea of email addresses like this:
enquiries+99 at example.com
Replace the nines with a number that indicates to you the age of the 
email address. Change the number as often as you need.

Most MTAs (some use a minus) will deliver to enquiries regardless of the 
number, and you can then use filtering.

Depending on the application, I'd also preset the subject: a Real Estate 
agency getting email about "Property number 995917633" wont have any 
problem writing a filter to distringuish it "Three steps to the software 
  you require."


> 
>  
> 
> Question 2:  If a .cgi script generates a web page on-the-fly (like many
> packages do), and if that generated page includes an e-mail link to
> support at blahblahblah.com, is that e-mail address also vulnerable?  Or does
> it have to be in an ".html" file to be bot'ed?

If google can find it so can a spambot.

Google for "dive into mark." As I recall he has some thoughts on 
defeating spambots (and other interesting topics).



-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list




More information about the fedora-list mailing list