Network Plus Questions
Essay by ewing79 • November 20, 2012 • Essay • 1,170 Words (5 Pages) • 1,217 Views
https://isc.sans.edu/port.html?port=24
Spambot may refer to:
* A program which performs or assists in E-mail address harvesting, a spammer's tool;
* A mail filter program which fights the spam;
* A software used in a forum spamming, a spammer's tool;
* IRC spambots - see Spam in Internet Relay Chat.
Spambot Beware
Detection of Spambots
(This is a part of the Spambot Beware site)
This section explains about detecting spambots - why you would want to, and some ways that you can. Most of the more advanced detection tricks require access to CGI and your raw access logs.
Topics:
* Why detect spambots anyway?
* Detecting by email addresses:
o Unique email addresses
o Plussed email addresses
o Dynamic email addresses
* Detecting by CGI traps:
o CGI traps
* Detecting by access logs:
o By name
o Usage ratios
o No images
o Analyzing paths
o Using traps
________________________________________
Why detect spambots anyway?
Why do you want to detect spambots? To put it simply, knowledge is power. Besides, it's always nice to know when people are abusing your site by running a spambot through it. Detecting them also helps you refine your anti-spambot tricks, by knowing where and how often they strike. It also makes it easier to refine your pages so that normal users are not affected as much by the spambots.
Detection by using unique email addresses
One of the best ways to detect spambots is to have more than one email, then look carefully at your spam and see which address it was sent to. These days, there are a number of free email services you can use. (Note, however, that most of these services have spam filtering, so you may not receive the spam even if it is sent). Take an email account that you do not use much, and put it on a webpage. Don't give it out anywhere else. When you receive spam to this address, you know how and where the spammer got your email address.
Detection by using plussed email addresses
A "plussed" email address may not be available on all systems. When in doubt, send yourself some email to test it! A plussed email address in one in which a plus sign, plus some other letters, are added after the username. The email is still delivered as if the plus and the other letters are not there. You can then look at your email and see what is after the plus. For example, if you email address was "bill@abcdefg.com", you could also use "bill+spamtrap@abcdefg.com", "bill+monkey@abcdefg.com", or even "bill+FromMyWebpage@abcdefg.com".
Detection by using SMTP comments
Another way to do this is to use SMTP comments in the email address. The comment ocurs in parenthesis, and apear like this:
"bill(spamtrap)@abcdefg.com" or
"bill@abcdefg(spamtrapper2).com"
both of which are the same as "bill@abcdefg.com" - the items in the parenthesis are ignored, similar to the plus method above. Note that some spambots may not pick up the email address if it has a parenthesis in it, but most probably will.
Detection by dynamic email addresses
A very nice way to detect not only where a spambot is getting your email addresses, but when, is to use dynamic email addresses. The idea is to have the addresses on the page change over time, allowing you to tell when
...
...