Project Honey Pot tracking comment spammers
I just got an e-mail from Matthew Prince, the guy spearheading Project Honey Pot. They’ve just started tracking comment spammers. Here’s the announcement:
Project Honey Pot Begins Tracking Comment Spammers
Looks like they’ve got more up their sleeve. I’ll be checking back tomorrow!
April 24th, 2007 at 3:59 pm
I’ve got several honeypots on various websites (which I won’t list here) but none of them produces a comment form (I tried from a couple of IP addresses), even though they claim that no software update is necessary from my side. I don’t know what kind of algorithm they use to produce comment forms.
April 25th, 2007 at 3:43 pm
I have my own honey pot and I have received comment spam recently from 70.87.176.155, web page at this IP is saying “Apache/1.3.34 Server at 3hbo8n info Port 80″, web page at 3hbo8n info (different virtualhost at this IP) is loading in the frame www socialnetworkcenter com/default.asp?p=80247&t=intermarkmedia
www socialnetworkcenter com is 69.6.21.7, and whois said:
WholesaleBandwidth, Inc. WHOLE-2 (NET-69-6-0-0-1)
69.6.0.0 - 69.6.79.255
WholesaleBandwidth = Scott Richter
Now I’ve got “conspiracy theory”, that Snotty didn’t give up spamming at all…
I wonder if P.H.P. is able to follow the clues like I did…
(I have removed dots in domain names)
April 26th, 2007 at 4:14 am
They now have their own ip blacklist online: http:bl. IPs in this list are the ones caught by the honey pot network. This looks very, very good.
We now need to get this is the anti-spam modules of wikis, blogs and other stuff on the net. Since it’s quite easy to implement, I hope that Akismet and friends will soon feature this blacklist.
April 27th, 2007 at 6:02 pm
My initial tests with the system aren’t very promising, the dataset looks fairly shallow, but if it gets better I’d definitely be open to using it inside of Akismet.
April 28th, 2007 at 4:34 pm
The data for comment spammers is very, very shallow right now. We only turned the system on about 2 weeks ago and it still isn’t running on all our honey pots. The data for harvesters is much deeper. And we’re beginning to experiment with including some data from the spam servers and dictionary attackers which have fingerprints of compromised machines. That data set is fairly vast.
Would love to work with Akismet (or others) with good, reliable comment spammer data. Matt: feel free to drop me a line through the Project Honey Pot website and we can see if there are any ways in which we can exchange data.
November 22nd, 2007 at 11:05 am
Matthew I spoke with Lance Spitzner from honeypot.org and he advised me to contact you.
I have a honeypot on www.travelinasia.net forum administrated by www.phsdl.net
Please take a look at PHSDL hot list
http://www.phsdl.net/project_honeypot.php
Most of the domains on the list are Zlob ActiveX Trojan Spawners.
November 27th, 2007 at 1:01 pm
Matthew, what’s up with Akismet? It is flagging all URLs.
It flags WikiPedia and even Google…
SEJ nuked it and went back to captcha, Akismet is not reliable for relevent commentry blog community.
December 29th, 2007 at 7:54 am
SpamHuntress, I am working with www.aboutus.org now usings PHSDL technology to track Malware Spam domains.
You can see it in the Malware template
http://www.aboutus.org/Template:MalwareSite
I have also instaled PHSDL Spam filter on my new blog
http://www.igorthetroll.com/blog/
It works great, stopping Malware domain Spam while not impeding free speach like some over Spam filters with false positives.
I have also become a developer for BlogSpamAssassin
http://wiki.apache.org/spamassassin/IgorBerger
And contrubuting to StopBadware.org
http://groups.google.com/group/stopbadware
It has been very productive year and, I hope next year it is just as good for all of us fighting Spam and Malware to keep the Internet clean and safe for the whole Internet Global Village.
Thank you,
Igor
December 29th, 2007 at 7:46 pm
Thank you love…I am so happy you care for all us hard working little guys.
Have Fun,
Igor