Posts Tagged ‘Project Honey Pot’

Do You Hate Spammers?

Wednesday, March 14th, 2012

I don’t know about you but junk mails coming from spammers is out of control.  Akismet, Postini and others do a good job of filtering out spams but all of these fine apps are reactionary tools.

What I need or want is an infrastructure based solution that will prevent spammers from sending out their junk mails in the first place.  Enter “Project Honey Pot”.  According to PHP:

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

To participate in Project Honey Pot, webmasters need only install the Project Honey Pot software somewhere on their website. We handle the rest — automatically distributing addresses and receiving the mail they generate. As a result, we anticipate installing Project Honey Pot should not increase the traffic or load to your website.

Now, I had some potential privacy issues in the beginning but not anymore.  Someone named Stanislav (link here) summed it up perfectly:

PHP most certainly will know that have you queried http:BL for each and every IP address you query. But that does not mean they will know those are the visitors to your web site because they do not know why you have looked up an IP address.

And they will not know where the query originated from, the way DNS lookup works. You query your DNS server, which in turn queries the root DNS server for .org, which then queries the DNS server for httbl.org. By the time your query reaches PHP servers, they do not know where the query came from. They do know which specific IP you were looking up with your key. But they do not know it started at your web site.

Also, your DNS server will then cache the result of that query for some time, an hour or so. Any additional queries during that hour (or so) will not hit PHP servers. So, even if a visitor to your web site goes to several web pages (or if you are querying for each image and things like that), PHP will only know that you made one single query about that IP address. But they will not know whether it was your web server doing the querying, or maybe you just manually checking up some random IP address from your home.

So, all they know is what IP addresses you have looked up. But they do not know why you looked them up.

Not much of a privacy concern then (as J.Yard2 pointed out, them looking up your IP reveals their intention to visit your web site to their own ISP, which is potentially more threatening). There is one security concern I can think of, though: Any one of those intermediate DNS servers between your web site (or home) and PHP can use their logs to steal your private key.

Best of all, this application is FREE so why not try it out and help out the internet community?