How to help fight spammers with Project Honey Pot

How to help fight spammers with Project Honey Pot

Spam sucks

I hate spam, particularly comment spam here on my website. The default math captcha built into sNews is practically useless against comment spam bots. So, I created the hybrid math/image captcha, and since I've been using it, I've had zero bot spam... though occasionally human spam gets through. You know the comments, riddled with links and keywords for names, etc.

So anyways, I recently moved to a new server, if you're a regular here hopefully you didn't notice... that means I did it correctly :). However I initially forgot to make my captcha directory writable, and so I started getting comment spam again within a matter of hours. Before I enabled the captcha again I wanted to write a plug-in for the awesome http:BL API of Project Honey Pot.

What is Project Honey Pot?

From their website;

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site.

If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

How do I utilize Project Honey Pot?

As I see it, there are three distinct uses of Project Honey Pot for the average Webmaster;

  • Webmasters that can add scripts to their site(s), install a honey pot.
  • Webmasters that can't add scripts, install quick links.
  • Webmasters can utilize the http:BL API to detect threat levels of IPs, through modules/plug-ins.

Installing a honey pot.

If you have script access, please consider signing up with Project Honey Pot and installing a honeypot. It is painless, the form they use walks you through everything, you pick your script language (Perl, PHP, etc) and download a custom script for your site. Simply upload the script and then you place a hidden link (I use a div with display:none to hide mine as well as no text in the link itself) in your template pointing to the honey pot.

When bots scan your page and follow the link to your honey pot, they will get a unique email address and sometimes comment forms. Project Honey Pot logs all these interactions to see if the email begins to receive spam, and logs comment spam as well. All this information is collected and processed and made available through the http:BL API, allowing webmasters to harness to the power of all that data... that's nearly 70 Million IPs! I highly recommend installing a honey pot if you can.

What if I can't install my own honey pot?

If you can't, then you can install a "quick link", this is a link pointing to someone else's honey pot, such as mine (if made public.. another option I recommend).

How do I utilize the http:BL API on my own site?

This is a bit more technical, though the API is extremely simple to use, to incorporate it into your publishing system is the real work. This is typically provided via a plug-in or module for your CMS/Blog system. Examples like Bad Behavior for WordPress. I am currently creating one for sNews CMS 1.7 and will be releasing that fairly soon.

In the meantime, please consider signing up with Project Honey Pot, and if you use sNews, have your API Key ready for my upcoming module.

Another cool thing about Project Honey Pot is the dashboard, you can see exactly how many harvesters & comment spammers your honey pot has caught. For the tech savvy, you can also donate MX entries, I've donated a few already from some stale domains I have sitting around.




It looks nice. I look forward to the final version.

Thanks toolman, I just checked my email this morning, and found 6 more tagged spam comments.

So far, it's caught 100%, though it's only been 20 in all. Check this pic out of what the tagged emails look like, nice and simple, so you can set up a filter and direct it to junk email folders.

I enabled the image/math captcha mod from 2/4-2/7, hence no spam in that period.

What is the progress in making this mod?
I ask because I can not wait :)

Hi toolman, I'm hoping to release it within a week.

I've already started testing on my default "sandbox" install of sNews. Things are going well, I just want to make sure it's running properly before releasing it.

The mod has properly tagged 96.55% of comment spam thus far.

ETA about 3 days... I've finished all the testing now, I just have to create the tutorial when I get free time.

"I'm so excited, I can't wait to meet you there... "


Comments are closed. No new comments allowed.

Copyleft 2002 - 2017 Matt Jones
Hand crafted with HTML5 & CSS3
↑ Back to top