Re: Interesting spamming tool: a robot to grab e-mail addresses
- Date: Mon, 30 Mar 1998 16:40:06 +0100
Richard Kettlewell wrote:
> Simon Wilkinson writes:
> > If you see more than (x) hits to this area in a certain time from a
> > certain IP address then set up access control measures to block that
> > IP address from accessing your server. Perhaps return a message
> > telling them why this is happened, and how to have their access
> > re-enabled. You could do all of this automatically, so the admin
> > wouldn't have to do anything about it.
>
> If the scanner was run by a user of an ISP which allocated addresses
> dynamically then you'd end up blocking people who had done you no
> harm. Which would be bad.
Yes, which is why nobody's seriously done this (yet). However - if lots
of sites implemented this, and lots of users started getting messages
saying "Access from this IP address has been barred due to improper
usage", then they'd start complaining to their ISPs, and their ISPs
would start having to do something about it. There again, pigs might
fly ...
One advantage of this technique would be that if the robot tripped off
your alarms relatively early then you're (a) spared the wasted server
load of the robot running loads of CGIs indiscriminately (quite a lot
of these email harvesting robots don't both with niceties like delays
between accesses) and (b) spared them harvesting your entire server.
Robots which work in a breadth, rather than depth first fashion won't
necessarily spend their entire time in the wpoison trap.
Still, just generating lots of undeliverable addresses is probably a
better bet for most server admins.
Cheers,
Simon.
