[104388] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Blocking Extr*ct*r Pro Spamware - www.extractorpro.com

daemon@ATHENA.MIT.EDU (Neels Kriek)
Sun Oct 18 11:28:22 1998

From: "Neels Kriek" <kriek@bigfoot.com>
To: <cypherpunks@cyberpass.net>
Date: Sun, 18 Oct 1998 10:17:34 -0500
Reply-To: "Neels Kriek" <kriek@bigfoot.com>

This is the system my provider uses to battle trolling for emails. pretty
darned good i'd say ;)

Oct 2, 1998 - Battle Against Spam
I have added more things to annoy people who try to use spiders to gather
email address for spam purposes. Everytime a spider visits Crosswinds, it
will pull up 20 000 fake email address. That's bound to REALLY annoy people
using spam programs as most of their emails will bounce. You can protect
your own page by adding the following code to your page:
<A HREF="http://home.crosswinds.net/target/">
<IMG SRC="http://home.crosswinds.net/images/spacer.gif" border=0
ALT="e-mail"></a>

If someone attempts to grab your email address off your page, the result
will be 20 000 fake addresses retrieved EACH time they attempt. If they try
10 times, that's 200 000 fake addresses. The link will be invisible so you
can put it anywhere you wish, just make sure it is on your main page, that's
where the spiders stop. You can link it from all your pages if you wish, if
you really want to get back at those spammers :)


-----Original Message-----
From: Bill Stewart <bill.stewart@pobox.com>
To: cypherpunks@cyberpass.net <cypherpunks@cyberpass.net>
Date: Sunday, October 18, 1998 06:20
Subject: Blocking Extr*ct*r Pro Spamware - www.extractorpro.com


|The latest spam that got sent to the list was sent using Extractor Pro.
|Their web page is at www.extractorpro.com, their sales email is
|sales@extractorpro.com , and their contact page lists other phone numbers.
|They've also got pointers to other spamware vendors.
|I found it interesting that their tech support phone number +1-313-728-5211
|has a different area code than their sales +1-314-878-6770.
|
|(I could say something tacky like "It'd be a real shame if anything bad
|should happen to them, heh heh", but instead I'll take the high road here
:-)
|
|One of the common features of spamware is web crawlers that
|look for email addresses on web pages.  Some of them might,
|for some reason, follow the norobots.txt convention,
|which allows web sites to request that robots follow their
|guidelines for where to look and how fast, based on
|criteria like origin and maybe software model,
|but presumably most spamware extractors ignore it.
|
|The Apache web server has a bunch of security features,
|including the ability to allow or deny service based on the client's
|IP address, browser, or various other environment variables.
|http://www.apache.org/docs/mod/mod_access.html lists the example
|
|BrowserMatch ^BadRobot/0.9 go_away
|      <Directory /docroot>
|          order allow,deny
|          allow from all
|          deny from env=go_away
|      </Directory>
|
|which will deny requests from anyone using the browser "BadRobot/0.9".
|So depending on the spamware, if it sends a browser-type string that's
|recognizable, you can block it.  (Finding out what Extractor's
|Web Weasel product uses is left as an exercise for the reader.)
|
|I don't know how valuable this is long-term; it's easy to block anything
|calling itself "Spamware43" once it's recognized, and Netscape can sue
|vendors whose browsers call themselves
"Mozilla/ThisIsntTheSpammerYoureLookingFor",
|but spamware vendors could pick random strings for every user
|to get around recognition.  But it's a start.
|
|~~~~~
|The configuration documentation also has the enjoyable sentence
| "Suppose that time repeats itself for some reason."
|
| Thanks!
| Bill
|Bill Stewart, bill.stewart@pobox.com
|PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639
|
|


home help back first fref pref prev next nref lref last post