And for those of you use scripts like "Matts Form Mail" (FormMail.pl or FormMail.cgi) you are probably one of the people allowing spammers to make money.
If you must use a script on your site that sends email, ensure that it does not allow just anyone to pass arguements to it directly, or from a script.
If you are using Matts FormMail (the #4 attack on the internet) then ensure you have the latest version. Here is the latest version
If in doubt, and you run Apache, add the following lines to your httpd.conf file:
I still say let them have what they want. You are not going to stop them. However, since most of them disobey robot rules and siphon email addresses off your websites, here is a little something you could use to bait them.
There ya go. Its simple. It is just an example of course. You could be more creative and modify the script to also create html for links to the email addresses, but I wanted to keep the file small. If your output ends up being over 1.5 megs, most spammers will skip the file. If it is too small, it will not be affective.
If you set up like 10 of them with different domains, and have a crontab which calls each one a few mins apart, it wont bog down your machine. (or you could link them all together)
I am not very good with scripts, so I am sure some of you out there could be even more creative, right? If you have better/simpler ideas, I would be happy to include them. I do not generate these real time with perl. I know it can be done, but is a bad idea, as it can be abused.
Can anyone make a smaller script that is more affective?
Keep in mind you will need to generate or find your own dictionary file. I do not include one as that would defeat the purpose. (they could then just filter 1 set of names)
Instead of blocking spammers or blacklisting them, simply give them what they want.
#!/bin/bash - (script m1) Create m2, m3, m4 etc. for other domains. # Created by Aaron W. # For experimental use only. Use at your own risk.
# Have a dictionary file with as many names (and email type abrev names) as possible. # Also specify a text file that will hold all the generated named.
# If you copy these files to a ram disk at bootup, and run them to the ram disk # then it will reduce your disk load both during generation and access.
# Create a SSI Server Side Include page for each of the email text files you generate. # This will provide you with a good look $OUTPUT
for i in `cat $ALLWORDS|xargs -n1` ; do
NAME1=$i$RANDOM'@'$D1
echo $NAME1 >> $OUTPUT
done
# Ensure that your script uses chown/chmod to fix any perms needed # Create as many of these scripts as needed with as many real or fake domains # as you wish to use. Using real domains will increase the affectiveness.
# You should end up with this script (call it what you want), a file that holds # all of the generated email addresses. (eotd01.txt in this case) email of the day... # and a SSI web page that you create which calls the eotd01.txt file. # You will need to find a dictionary file with as many names as you can find. # I am not including one, as that would reduce the affectiveness.
Instead of blocking spammers or blacklisting them, simply give them what they want.
#!/bin/bash - (script m1) Create m2, m3, m4 etc. for other domains.
# Created by Aaron W.
# For experimental use only. Use at your own risk. Using this may be unethical so do not do it.
# Have a dictionary file with as many names (and email type abrev names) as possible.
# Also specify a text file that will hold all the generated named.
# If you copy these files to a ram disk at bootup, and run them to the ram disk
# then it will reduce your disk load both during generation and access.
# Create a SSI Server Side Include page for each of the email text files you generate.
# This will provide you with a good look $OUTPUT
for i in `cat $ALLWORDS|xargs -n1` ; do
NAME1=$i$RANDOM'@'$D1
echo $NAME1 >> $OUTPUT
done
# Ensure that your script uses chown/chmod to fix any perms needed
# Create as many of these scripts as needed with as many real or fake domains
# as you wish to use. Using real domains will increase the affectiveness.
# You should end up with this script (call it what you want), a file that holds
# all of the generated email addresses. (eotd01.txt in this case) email of the day...
# and a SSI web page that you create which calls the eotd01.txt file.
# You will need to find a dictionary file with as many names as you can find.
# I am not including one, as that would reduce the affectiveness.
exit
_______
All flames will be discarded to/dev/null
Use this advice at your own risk. In fact, do not use it at all.
There will always be people who want to see "Anna Kornikova nude" and who want to "Enlarge their penis" not to mention "Win a free car!"
There will never be a time when people know better. Thousands connect to the internet for the first time every day.
Just be thankful that you and I are not one of them.
--mcp
am
I am still curious how this takes into account the data which is automatically regenerated on purpose, and also the spider intervals of the search engines. Most of them are overloaded with not to mention many are tainted due to "pay for higher rankings" content.
--mcp
am
Its even simpler than that. Both Excite and AT&T have their own network backbone. AT&T is still very new to the internet backbone arena. While they do provide carrier class telco connections, and national SS7 circuits, they are not built out to handle ATM traffic (ooopss, we forgot the routers)
Excite built and managed an extremely large backbone, which peered with dozens of very large ISP's, to include UUNET, and many other huge networks. Excite had one of the largest networks, aside from UUNET. They actually passed more traffic than AOHELL.
Excite used AT&T to manage the users, paying them x number of cents on the dollar to manage the customers, while AT&T used Excite and various other network providers to manage the backbone.
AT&T finally learned (using Excite) how to manage the network, and thus did not need them any more. Since Excite owned all the equipment, AT&T had to build their own network, or buy the existing ones. Building a new one was not really that difficult, since all the pop's, and redundant OC's connecting them are already in place.
Unfortunatly the transition from Excite to AT&T did not happen before Excite pulled the plug.
I found this weird, since they are in some ways the same company if you consider how much of Excite that AT&T already owned.
Ack... I am rambling.. I already wasted my two cents.
Slashdot Mirror
And for those of you use scripts like "Matts Form Mail" (FormMail.pl or FormMail.cgi) you are probably one of the people allowing spammers to make money.
If you must use a script on your site that sends email, ensure that it does not allow just anyone to pass arguements to it directly, or from a script.
If you are using Matts FormMail (the #4 attack on the internet) then ensure you have the latest version. Here is the latest version
If in doubt, and you run Apache, add the following lines to your httpd.conf file:
RedirectMatch seeother [Ff]orm[Mm]ail.pl http://127.0.0.1/
RedirectMatch seeother [Ff]orm[Mm]ail.cgi http://127.0.0.1/
This will also help you reduce the number of 404 errors in your logs. The same redirect concept works for the Nimda crap as well.
I do not run any windows based servers, so I can not help you there.
If you are a spammer, this message should not bother you since you do not abuse peoples servers and steal their bandwidth, correct?
I still say let them have what they want. You are not going to stop them. However, since most of them disobey robot rules and siphon email addresses off your websites, here is a little something you could use to bait them.
http://www.bait.nu/bait/
There ya go. Its simple. It is just an example of course. You could be more creative and modify the script to also create html for links to the email addresses, but I wanted to keep the file small. If your output ends up being over 1.5 megs, most spammers will skip the file. If it is too small, it will not be affective.
If you set up like 10 of them with different domains, and have a crontab which calls each one a few mins apart, it wont bog down your machine. (or you could link them all together)
I am not very good with scripts, so I am sure some of you out there could be even more creative, right? If you have better/simpler ideas, I would be happy to include them. I do not generate these real time with perl. I know it can be done, but is a bad idea, as it can be abused.
Can anyone make a smaller script that is more affective?
Keep in mind you will need to generate or find your own dictionary file. I do not include one as that would defeat the purpose. (they could then just filter 1 set of names)
The way this should have looked was...
Instead of blocking spammers or blacklisting them, simply give them what they want.
#!/bin/bash - (script m1) Create m2, m3, m4 etc. for other domains.
# Created by Aaron W.
# For experimental use only. Use at your own risk.
# Have a dictionary file with as many names (and email type abrev names) as possible.
# Also specify a text file that will hold all the generated named.
# If you copy these files to a ram disk at bootup, and run them to the ram disk
# then it will reduce your disk load both during generation and access.
# Create a SSI Server Side Include page for each of the email text files you generate.
# This will provide you with a good look $OUTPUT
for i in `cat $ALLWORDS|xargs -n1` ; do
NAME1=$i$RANDOM'@'$D1
echo $NAME1 >> $OUTPUT
done
# Ensure that your script uses chown/chmod to fix any perms needed
# Create as many of these scripts as needed with as many real or fake domains
# as you wish to use. Using real domains will increase the affectiveness.
# You should end up with this script (call it what you want), a file that holds
# all of the generated email addresses. (eotd01.txt in this case) email of the day...
# and a SSI web page that you create which calls the eotd01.txt file.
# You will need to find a dictionary file with as many names as you can find.
# I am not including one, as that would reduce the affectiveness.
exit
didnt realize html was selected. just wanted plain text. DoH!
Instead of blocking spammers or blacklisting them, simply give them what they want. #!/bin/bash - (script m1) Create m2, m3, m4 etc. for other domains. # Created by Aaron W. # For experimental use only. Use at your own risk. Using this may be unethical so do not do it. # Have a dictionary file with as many names (and email type abrev names) as possible. # Also specify a text file that will hold all the generated named. # If you copy these files to a ram disk at bootup, and run them to the ram disk # then it will reduce your disk load both during generation and access. # Create a SSI Server Side Include page for each of the email text files you generate. # This will provide you with a good look $OUTPUT for i in `cat $ALLWORDS|xargs -n1` ; do NAME1=$i$RANDOM'@'$D1 echo $NAME1 >> $OUTPUT done # Ensure that your script uses chown/chmod to fix any perms needed # Create as many of these scripts as needed with as many real or fake domains # as you wish to use. Using real domains will increase the affectiveness. # You should end up with this script (call it what you want), a file that holds # all of the generated email addresses. (eotd01.txt in this case) email of the day... # and a SSI web page that you create which calls the eotd01.txt file. # You will need to find a dictionary file with as many names as you can find. # I am not including one, as that would reduce the affectiveness. exit _______ All flames will be discarded to /dev/null
Use this advice at your own risk. In fact, do not use it at all.
As long as it is not MS, I will gladly accept either BSD or Linux. =)
Netcraft Survey
Remember the BSOD's that caused a bunch of tanks to stop dead in their tracks? ;-)
I am sure you remember the rest of them.
There will always be people who want to see "Anna Kornikova nude" and who want to "Enlarge their penis" not to mention "Win a free car!" There will never be a time when people know better. Thousands connect to the internet for the first time every day. Just be thankful that you and I are not one of them. --mcp am
I am still curious how this takes into account the data which is automatically regenerated on purpose, and also the spider intervals of the search engines. Most of them are overloaded with not to mention many are tainted due to "pay for higher rankings" content. --mcp am
Its even simpler than that. Both Excite and AT&T have their own network backbone. AT&T is still very new to the internet backbone arena. While they do provide carrier class telco connections, and national SS7 circuits, they are not built out to handle ATM traffic (ooopss, we forgot the routers) Excite built and managed an extremely large backbone, which peered with dozens of very large ISP's, to include UUNET, and many other huge networks. Excite had one of the largest networks, aside from UUNET. They actually passed more traffic than AOHELL. Excite used AT&T to manage the users, paying them x number of cents on the dollar to manage the customers, while AT&T used Excite and various other network providers to manage the backbone. AT&T finally learned (using Excite) how to manage the network, and thus did not need them any more. Since Excite owned all the equipment, AT&T had to build their own network, or buy the existing ones. Building a new one was not really that difficult, since all the pop's, and redundant OC's connecting them are already in place. Unfortunatly the transition from Excite to AT&T did not happen before Excite pulled the plug. I found this weird, since they are in some ways the same company if you consider how much of Excite that AT&T already owned. Ack... I am rambling.. I already wasted my two cents.