Re: [htdig] Someone's forging email addresses of htdig members


Subject: Re: [htdig] Someone's forging email addresses of htdig members
From: David Sexton (david.sexton@sapphire.net)
Date: Wed Nov 17 1999 - 07:58:25 PST


Sorry Geoff, I thought I'd sent this to the list earlier and was about
to tell you the list wasn't working when I realised where I'd actually
sent it - oops!

Geoff Hutchison wrote:
>
> On Tue, 16 Nov 1999, Frank Martini wrote:
>
> Ah. So the idea of poison is that you have a CGI that generates an
> infinite tree of fake HTML pages with fake mailing addresses. Spambots
> fall-in, get lost, and end up with a large list of bogus addresses.
>
> As for how ht://Dig and other robots would handle this, you could easily
> post META robot headers and/or robots.txt restrictions keeping
> well-behaved robots out.
>
> I'm not sure how well it works--I've never tried it. But I'm looking for
> possible solutions.

        Wouldn't that mean that the 'poisoned' host's webserver will,
therefore
take an unprecedented 'battering' - at worst, this could turn into a
self inflicted DOS attack.
        Another possibility (completely off the top of my head):
        Do a reverse DNS lookup on the spider's origin, guess at ta
probable
webserver name on it's own site and send it back there! (i.e. if the
spider came from spider.spammers.com, generate a page with (a) loads of
'xxx@spammers.com addresses and (b) a link to 'www.spammers.com').

        This thread is getting interesting .. and dangerously off-tpic
;)

Dave

-- 
David Sexton

Network Technician Sapphire Technologies Ltd. Tel: +44 (0) 1642 702100 Fax: +44 (0) 1642 702119

----------------------------------------------- Any opinions expressed in this message are those of the individual and not necessarily the company. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this message in error and that any use is strictly prohibited.

Sapphire Internet http://www.sapphire.net

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You'll receive a message confirming the unsubscription.



This archive was generated by hypermail 2b25 : Wed Nov 17 1999 - 08:15:51 PST