Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stopping SpamBots With Apache Part II

Posted by timothy on from the classic-confrontation dept.

primetyme writes: "To address some of the concerns brought up in the first article about stopping email harvesting spambots with Apache, I've written a follow-up article that details even more methods to keep email-sucking bots off your Apache based site.
Stopping Spambots II - The Admin Strikes Back continues the epic saga that pits Spambot vs. Administrator."

5 of 15 comments (clear)

  1. Restarting the server? by epsalon · · Score: 3, Interesting

    The article suggests restarting Apache for every spam address detected. That could make DOSing your web server real easy. Spoof a bunch of IPs and request the honeypot dir. Watch as the webserver restarts over and over.
    Also, this approach would easily block legitimate dialup users, and more problemaically - proxies. If the spambot is behind a proxy, you would block the entire user base of that proxy.
    Maybe an X-Forwarded-For based approach? However, that is easily bypassed.

    --

    Make even shorter URLs - 8LN.org

    1. Re:Restarting the server? by primetyme · · Score: 3, Insightful

      Valid point epsalon.. but to clarify, Apache only gets restarted for every *new* IP address detected.. As for the spoofing, it would take a lot of IP's to DOS the server, and anyone willing to go through that much trouble just to take down a webserver probably has better ways to do it. Point taken though :)

    2. Re:Restarting the server? by epsalon · · Score: 5, Interesting

      A simple improvement will be to send SIGHUP to the webserver to make it reload the config without restarting. This still can be used for DoS, but less efficiently.
      A better way to do it is by writing (using?) an Apache module that does the logging in memory with no costy reloads or restarts.
      However, this still does not prevent the proxy and dialup problems illustrated above. Also, you won't catch spambots that don't use robots.txt to find addresses.
      Another improvemnt will be to deny addresses the moment they ask for robots.txt while identified as "Mozilla" user-agent, and to detect clients that do a websuck without requesting robots.txt first and deny them as well. You can detect a websuck by posting a "hidden" link in a place normal users won't see and stop any IP that requests it.

      --

      Make even shorter URLs - 8LN.org

  2. My trick... by Pathwalker · · Score: 4, Interesting

    I use this little rxml widget on all of the email addresses on my web site.

    If the client is detected as a robot, or the detection fails, the address is displayed as a randomly named graphic.

    If the client is not detected to be a robot, then just a light entity encoding (which I change from time to time) is applied to the address, which is displayed as a mailto link.

  3. Re:my favorite tactic by beebware · · Score: 4, Interesting

    Best tactic I've see is just providing a web-to-email form for people to fill in. After all: if they've got their web browser loaded, do they really need to launch an email client to contact you? Keeps your address hidden, and as long as you don't use something like Matt Wrights formmail.pl script, quite secure. Get the outgoing mails tagged with the senders IP, browser details etc and it'll help track abusive messages as well...