How to help fight spammers with Project Honey Pot
filed under: Web Development
I hate spam, particularly comment spam here on my website. The default math captcha built into sNews is practically useless against comment spam bots. So, I created the hybrid math/image captcha, and since I've been using it, I've had zero bot spam... though occasionally human spam gets through. You know the comments, riddled with links and keywords for names, etc.
So anyways, I recently moved to a new server, if you're a regular here hopefully you didn't notice... that means I did it correctly :). However I initially forgot to make my captcha directory writable, and so I started getting comment spam again within a matter of hours. Before I enabled the captcha again I wanted to write a plug-in for the awesome http:BL API of Project Honey Pot.
What is Project Honey Pot?
From their website;
Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site.
If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.
How do I utilize Project Honey Pot?
As I see it, there are three distinct uses of Project Honey Pot for the average Webmaster;
- Webmasters that can add scripts to their site(s), install a honey pot.
- Webmasters that can't add scripts, install quick links.
- Webmasters can utilize the http:BL API to detect threat levels of IPs, through modules/plug-ins.
Installing a honey pot.
If you have script access, please consider signing up with Project Honey Pot and installing a honeypot. It is painless, the form they use walks you through everything, you pick your script language (Perl, PHP, etc) and download a custom script for your site. Simply upload the script and then you place a hidden link (I use a div with display:none to hide mine as well as no text in the link itself) in your template pointing to the honey pot.
When bots scan your page and follow the link to your honey pot, they will get a unique email address and sometimes comment forms. Project Honey Pot logs all these interactions to see if the email begins to receive spam, and logs comment spam as well. All this information is collected and processed and made available through the http:BL API, allowing webmasters to harness to the power of all that data... that's nearly 70 Million IPs! I highly recommend installing a honey pot if you can.
What if I can't install my own honey pot?
If you can't, then you can install a "quick link", this is a link pointing to someone else's honey pot, such as mine (if made public.. another option I recommend).
How do I utilize the http:BL API on my own site?
This is a bit more technical, though the API is extremely simple to use, to incorporate it into your publishing system is the real work. This is typically provided via a plug-in or module for your CMS/Blog system. Examples like Bad Behavior for WordPress. I am currently creating one for sNews CMS 1.7 and will be releasing that fairly soon.
In the meantime, please consider signing up with Project Honey Pot, and if you use sNews, have your API Key ready for my upcoming module.
Another cool thing about Project Honey Pot is the dashboard, you can see exactly how many harvesters & comment spammers your honey pot has caught. For the tech savvy, you can also donate MX entries, I've donated a few already from some stale domains I have sitting around.
8 comments
Add a new comment »Categories
Recent Entries
Recent Comments
- Sven/Philippe (Uh oh... him again! Oui. It's me: inspecteur ...)
- jesth (That would be really, cool, atleast then I will know if I ...)
- Matt (jesth, I'll shoot ya an email tomorrow and see if I can ...)
- jesth (I tried all sorts of things, but can't move that darn ...)
- Matt (Yeah, it took me a while actually, my comment function is ...)
- jesth (Iv'e tried "hacking" around in the comment ...)
- Matt (Hi jesth, everything is controlled through the CSS styling ...)
Popular Entries
- Light-weight related articles mod for sNews 1.7 (5/5)
- Gravatar mod for sNews 1.7 (5/5)
- Compact archives for sNews 1.7 (5/5)
- Command & Conquer Generals, and the Zero Hour expansion on the Acer Aspire One netbook (4.75/5)
- Jagged Alliance 2 runs perfect on the Aspire One (4.75/5)
- An improved tag cloud for sNews 1.7 (4.67/5)
- Image / math hybrid captcha version 2, vastly improved (4.64/5)
Feb 9th, 2010 at 2:57 pm
Teaser video of the spam module :P
http://www.screentoaster.com/watch/stWEtdQkdIR19aR1lZWVxfV15X
Still in alpha state, but so far it's tagged all 12 Spam comments correctly thus far.
Feb 9th, 2010 at 5:08 pm
It looks nice. I look forward to the final version.
Feb 10th, 2010 at 7:28 am
Thanks toolman, I just checked my email this morning, and found 6 more tagged spam comments.
So far, it's caught 100%, though it's only been 20 in all. Check this pic out of what the tagged emails look like, nice and simple, so you can set up a filter and direct it to junk email folders.
I enabled the image/math captcha mod from 2/4-2/7, hence no spam in that period.
Feb 15th, 2010 at 5:54 am
What is the progress in making this mod?
I ask because I can not wait :)
Feb 15th, 2010 at 8:42 am
Hi toolman, I'm hoping to release it within a week.
I've already started testing on my default "sandbox" install of sNews. Things are going well, I just want to make sure it's running properly before releasing it.
The mod has properly tagged 96.55% of comment spam thus far.
Feb 24th, 2010 at 8:10 am
ETA about 3 days... I've finished all the testing now, I just have to create the tutorial when I get free time.
Feb 24th, 2010 at 1:41 pm
"I'm so excited, I can't wait to meet you there... "
:)
Feb 26th, 2010 at 2:10 pm
lol, here you are;
http://mdj.us/snews-cms/hacks-mods/spam-filtering-and-tagging-module-for-snews-17/
Let me know if you find any problems, or have any suggestions.