Registered Members: Please read!

Discussion in 'General Topics' started by Paul Wilders, Sep 24, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    As it seems, email harvester(s)/bots have entered this board. One known one is club.4tfox.com.

    In order to avoid receiving spam email, please:

    go to your profile > enable "hide email address"

    This should take care of harvesting email addresses from the moment on you've made the change as mentioned above.

    regards.

    paul
     
  2. discogail

    discogail Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    151
    This is the fourth forum that I hang out in that's recently been "harvested" for email addresses...
    .....damn webcrawlers harvesting email addresses from web pages for the sole purpose of spamming them.
    .... they also search websites for links, then use all the links on those pages to get the names and email addresses of other sites.

    Good information on how to avoid, detect, and harass spambots. http://www.turnstep.com/Spambot/

    I can't vouch for it or anything..having no experience with it, but...........
    There is a spam prevention program for Web sites...Spam Vaccine, that converts a Web page's e-mail addresses to html or Java script. A human can read the address, but it's supposed to be unreadable to a spam bot. A further step imbeds images into the address. http://www.matterform.com/index.php?page=/spamvaccine/index.php

    Also a freeware program that I have heard others vouch for:
    Anti-Spam Script Maker...(Freeware)

    "writes a Java Script that you can Copy and Paste into your Home Page in the place of the 'mailto:' tags. ASS Maker disguises the 'mailto:' tags and your address in several parameters of a Java Script E-mail link. When a visitor of your Home Page clicks that link, the script launches the visitor default E-mail program with your original address in the 'To:' field, but the spammers bots and spiders can't see it"

    http://www.assmaker.mybravenet.com/index.htm
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    ...Watch this space... :cool:
     
  4. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    I get it, Checkout! ;) ;)

    I've always had my e-mail hidden. An Invision board of my acquaintance hides them all. Might be an idea for new board software, eh? ("eh" is pronounced like "A" as in hay! It's a Canadian thing.) Suddenly, I'm glad I'm "shy!"

    Best regards from the Prince! :D
     
  5. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    And yet so typically English... :)
     
  6. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    For those that still want the visitors of their website to know who to mail, here's a trick: http://www.active-ebuilder.com/040902.html so the bots won't see it.

    Comments: forgotmine@oldage.com ;)

    Regards,

    Pieter
     
  8. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    That won't work for here, because a php script calls the address from the mysql database, but that would be fine for regular pages. I had this same BS happen to me a few weeks ago.

    I have my own page on this, which I need to update now that I think of it, at http://www.spywareinfoforum.com/articles/spam/spambots.html

    I'll also let y'all in on a little secret. I have an easter egg on the main page of my site in the bottom left corner that leads to this page. I got the idea from Bill Webb. http://www.cexx.org/toxic.htm
    I take no responsibility for damage to anyone's eyes. ;-)
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Mike,

    I can't figure out how you protected mockie's e-mail address on you "easter egg" page.
    Another secret?

    Regards,

    Pieter
     
  10. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    By using this.
    http://www.robertgraham.com/tools/mailtoencoder.html
     
  11. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    I am so gald you guys are sharing technical ideas together on this issue..we all thank you for caring enough .
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Cool :) Thnx, I guess that's the easiest way I found so far.
    Here's another one posted at a dutch forum:

    Code:
    <script language="JavaScript"> 
    <!-- // Hide 
    var showtext = "Email Me"; 
    var mailpart1 = "webmaster"; 
    var mailpart2 = "mysite.com"; 
    document.write("<a href=" + "mail" + "to:" + mailpart1 + 
    "@" + mailpart2 + ">" + showtext + "</a>") 
    //--> 
    </script> 
    Regards,

    Pieter
     
  13. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    In a day or two, I'm going to get the ball rolling on a program to screw over these stupid address harvesters. Imagine tens of thousands of people seeding their web sites with hundreds of fake email addies ...

    Keep an eye on this page ==> http://www.spywareinfoforum.com/harvest_project/
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice idea, Mike!

    regards.

    paul
     
  15. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Hi Paul and Mike!

    Just a thought, and please don't take this wrong, but would it be legal to include addies for spammers and/or your "favorite" spyware promoters?? I just thought it would be a kind of practical justice. E-mail Harvesters getting the addies to their own. LOL! ;)

    Perhaps, this would be just whistling in the wind?
    Like I said, just a thought....
     
  16. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    It's entirely legal to write fiction and entirely legal to bait traps with cheese or pour salt on slugs. Now, what were we talking about? :cool:

    Edit for damn-these-fingers
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    I´ll keep an eye on that one for sure Mike. I guess I can round up some volunteers with lots of webspace :D

    Regards,

    Pieter
     
  18. discogail

    discogail Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    151
    OOH!! :cool:

    Fake E-Mail Creator 1.03
    With Fake E-Mail Creator, you can randomly generate thousands of bogus names and e-mail addresses on an HTML page.

    this software is free.

    http://home.earthlink.net/~tm120176050/
     
  19. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    The only problem here is that generating fake addresses adds load on the bandwidth worldwide. Maybe not much...who knows.
     
  20. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    If everyone does it SPAMTHIS@127.0.0.1 then it might cause a small increase in traffic, but the spam bots CASUALUSER@127.0.0.1 would probably just be re-written to ignore it JOHNSMITH@127.0.0.1

    But don't worry NOSPAM@192.168.0.1 , there will always be ways of getting back at the spammers, whether it causes them more work JAVACOOL@127.0.0.1 filtering it all out, or is based in a more legal manner on some BILLYBOB@192.168.0.2 as-yet-un-decided bill (that may or may not have even been created yet).

    :D

    -Javacool
     
  21. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    Feedback on this is overwhelmingly positive so far, and I haven't even started it yet. LOL.

    It occurred to me earlier that these spambot creators will start writing filters to ignore the email addresses we put up, for which there are countless ways to get around. Man it sure will be nice to force these &)*&&$# to keep rewriting filters.

    Spam filters reject legitimate mail as well as spam. Now the spammers themselves will have the same problem filtering legitimate addresses as well as the fake. Beautiful, beautiful, beautiful.....
     
  22. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Can you imagine the run on e-mailaddresses that will be filtered out by the spammers? :D
    pieter.127.arntz.0.0.1@provider.mine

    Regards,

    Pieter
     
  23. discogail

    discogail Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    151
    Found another one....

    Wpoison......A CGI program program that generates web pages on the fly and with dynamic content that can be different each time the program runs,... each time the program is ``visited'' by a web-scanning robot program, it picks up just a list of randomized bogus e-mail addresses, ...the total number of different bogus e-mail addresses and pseudo-hyper-links essentially unlimited.
    . Each of the randomized web hyper-links that Wpoison generates looks exactly like an ordinary web hyper-link that leads off to someplace else, i.e. to some different web page having a different web URL. But in fact, that is just a matter of appearances, and the reality is that if you follow any one of these hyper-links, you will actually end up coming right back and executing the Wpoison CGI program again, at which point you will get yet another randomized dynamically generated web page, and that new page will contain its own totally new set of bogus E-mail addresses and also a fresh new set of randomized hyper-links. And of course, each of those new hyper-links will, if followed, lead right back to the Wpoison CGI program yet again, thus starting the whole cycle all over again.

    http://www.monkeys.com/wpoison/
     
Thread Status:
Not open for further replies.