Wednesday, July 12, 2006

Honey Pots are History - Fix Your Site or Block Bots!

There's a really cool anti-spam site up called Project Honey Pot that seems to be snaring a ton of spambots and identifying where the spammers crawl from, spam from and what they are spamming. However, the problem with this valiant but slightly misguided effort is that it assumes you can stop spambots from harvesting if you can out them, which blew up in Blue Security's face.

The true way to stop spambots isn't trying to feed them honey, it's fixing your website so there isn't any email addresses for them to harvest in the first place. Wow, isn't that a revelation, no email address on the page, nothing to harvest, end of spambots.

Two simple ways to accomplish the end of spambots are CONTACT FORMS and BOT BLOCKERS. If you purge your site of all email addresses and use a secure form with a captcha to stop spammers, then you should eliminate email harvesting and form spamming in one shot. Combine this with a bot blocker that stops all the vermin from crawling your site in the first place and you've got a 2-pronged strategy that should stop them cold.

Not that honey pots aren't cute as they snare these idiots, it just makes more sense to EDUCATE webmasters to avoid publicly displayed email addresses in the first place and stop bots from crawling to end the spambots once and forever. Anything else, like a honey pot, is just patching around the problem and not putting a permanent stop to the disease.

NO EMAIL ADDRESSES SHOULD BE DISPLAYED ON WEB PAGES EVER!

GET IT?

GOT IT?

GOOD!

Now move on.

4 comments:

thebear said...

Bill,

Honeypots are great,you don't out the bots you use the protocol to keep each thread they run that visits your server waiting for a response that will never come.

See laBrea and Code Red

IncrediBILL said...

Beat,

Check out the honey pot project, they DO out the bots.

Doesn't matter, fix the websites and you don't need any hony pots.

MP1 said...

I have, on some pages, used ROT13 to encode links and such just to keep them from being harvested like a guestbook link. Seem to work ok, but I do agree, best way is to remove email links completely or use a secure form for contacting. Also, if the email address is kept within a MySQL table and called from there, that tends to work well also instead of the link on an open page.

tm said...

Your correct I switched to contact forms long ago. But I still keep seeing lame blog posters posting a email address in the text.

Honney pots or what they used to call endless loop of fake email addresses do not work they overload your server and overload the network with all the fake email that will be sent to the addresses you are displaying.

Bots must be blocked.