Whack a spammer!

[db]

Project HoneyPot
"Project Honey Pot . . . relies on anti-spam volunteers all over the world to upload phantom Web pages on their sites.

"The pages are invisible to Web surfers, but not to software that crawls the Web to collect e-mail addresses. When a crawler visits one of those pages, the page will generate a unique e-mail address that contains information about the time it was harvested and the IP address, or identity, of the computer that harvested it.

"What's more, since the only way to get a Honey Pot address is through harvesting, the addresses can help law enforcement unravel relationships between the harvesters, list brokers and junk e-mail senders that collaborate with each other in the spam underworld.

"And since e-mailing to a harvested address is illegal too, Project Honey Pot could put a chill not just on e-mail harvesting, but on the entire spam business."

 

[Frew]

:thumbsup:

 

[db]

"November 20, 2004
My Honey Pot catches first spam harvester

It's been a week since I installed a hidden software trap for those who illegally harvest Web sites for e-mail addresses that are then used by spammers.
Here's the original post describing it, part of Project Honey Pot, an ambitious new weapon in the war against spam spearheaded by Matt Prince, CEO of an anti-spam organization called Unspam and an adjunct law professor at Chicago's John Marshal Law School.
Prince tells me my first harvester visited from the IP address: 69.6.66.17. Here's the page that describes the harvester visit and its details.
It happened Tuesday, at 7:02 pm. The harvester moved through my site, looking for e-mail addresses. That's where the Honey Pot came in. It gave the harvester a control address that Prince set up. When spam is received at that address, it links directly back to the harvester.
Whoever is doing the harvesting at this site appears to be running the software on a machine in New Jersey on a connection provided by Comcast. You can find the whois information on the IP here.
Prince says it could be that this is a compromised zombie machine. But the fact that the same IP has acted as a harvester over a 3 week period - he's recorded visits from that IP address to other Project Honey Pot sites - makes him suspicious that there's a real user behind that Comcast connection who is doing the harvesting. It's worth noting that this IP is not listed in most of the big spammer-tracking databases and doesn't appear to be sending ANY spam itself. For example, Spamhaus, SenderBase or dnsstuff.
More evidence that the harvester is not a zombie machine comes from the fact that it is associated with a single mail server (69.6.66.17). Details on that mail server can be found here:
It looks like the spam messages being sent regard a tax deduction scheme involving donated cars and a prescription drug seller.
Here's where it gets interesting.
Unlike the harvester, there's lots of information about the outfit behind the spam. The whois information points to an Illinois-based direct marketing company, Expedite Marketing Corporation.
Expedite has a reputation and, in fact, is alleged to be working with Scott Richter and a number of other high-profile spammers.
However, their corporate presence makes them out to be a legitimate direct email marketer, honoring opt-outs, complying with CAN-SPAM, and, of course, not harvesting. More information is available on the company's website.
According to their site, they do marketing for a major Chicago-area car dealer and a local bank, Prince wonders what the reaction would from their legitimate customers if they knew of some of the other sites of the business. For example, run off the same server, Expedite also hosts Xxxpedite, Adultdesignwebsite and Adult-design-website.
There's also evidence, from the other sites they run, of their very active interest in collecting e-mail addresses - Expedite-email-collector, Buy-email-list and Bulkemailbroadcasting.
Just by sending to a harvested email address Expedite could be violating the law, says Prince. Here is information on the Federal CAN-SPAM Act's prohibitions on harvesting.
I'll follow up as we identify more of these harvesters.
WIth more than 1,000 sites now working with Project Honey Pot, this promises to be an interesting weapon in the fight against spammers. So far, harvesters have grabbed 1,986 Honey Pot e-mail addresses from the participating sites. Seventy-four of those control addresses have already received spam messages. That's led to the identification of 25 harvesters and 51 different spam servers.
Not bad for a start."

mikesjournal

 

[loup garou]

Took all of 5 minutes to set up on an extra domain I have. Interesting project.

 

[AStar617]

Just attended a conference seminar on this project at LinuxWorld Boston this past week... very cool concept.

 

[quakefiend420]

Originally posted by: LeadFrog
:thumbsup:

nifty

 

[parsley007]

cool :beer:

 

[Ornery]

Awesome! Just added it to four sites. Hope it helps! :thumbsup:

 

[Specop 007]

Thats awesome! If I wasnt assdeep in troubles and headaches moving my site right now I'd be in there like swimwear!!

 

[SagaLore]

Free free to contribute an article about this on www.antisource.com if you'd like.

 

[FoBoT]

oh my, something worthwhile on ATOT

<FoBoT>furiously checks URL for something phishy</FoBoT>

 

[acemcmac]

I am a co-admin on a 100% static site that has been up since 1995, we have more than 6000 pages cached by google that have almost 100% first page placement for searches with more than three matching words. I'll mention this in a staff meeting on monday and see if I can't get permission to put it on our gateway. I KNOW I can be a massive help to this. We get tens of thousands of pieces of spam a day.... and considering we only have 40 or so employees.... :shocked:

 

[Ornery]

...see if I can't get permission to put it on our gateway.

If you could do it on your lunch hour, I don't see how they could object. It would be really slick if you could slip the link to the script in just a small percentage of those 6,000 pages.

 

[b0mbrman]

Originally posted by: Ornery
...see if I can't get permission to put it on our gateway.

If you could do it on your lunch hour, I don't see how they could object.

Tell that to D-Mac

 

[BW86]

awesome

 

[Rockhound]

Great idea, but what exactly happened to those 25 harvesters and 51 spam servers? If they don't get shut down then it doesn't do much good. Obviously this is the identification step but it has to be pursued VIGOROUSLY afterward.

 

[Ornery]

Originally posted by: b0mbrman

Originally posted by: Ornery
...see if I can't get permission to put it on our gateway.

If you could do it on your lunch hour, I don't see how they could object.

Tell that to D-Mac

Did D-Mac ask permission?