Wpoison - E-Mail Address Harvesting Prevention Utility
Wpoison
is a free tool which can be used to help reduce the problem
of bulk junk e-mail on the Internet. Wpoison helps to combat the
junk e-mail problem by thwarting the efforts of junk e-mailers who
regularly scan web pages, looking for target e-mail addresses to
harvest (which they subsequently bombard with junk e-mail).
The idea behind wpoison is really very simple. Junk e-mailers
write programs to automatically scan thousands and thousands of web pages,
looking for e-mail addresses which they then send unsolicited junk
e-mail to (or which they sell to other spammers). By and large,
these address harvesting web crawlers are about as intelligent as
the spammers who use them and/or develop them, which is to say not
very. These programs can be easily fooled into accepting lots and
lots of completely fake and useless e-mail addresses, so long as the
bogus addresses in question appear to reside on ordinary nondescript
web pages. That is where wpoison comes in.
Wpoison generates a web page dynamically which includes a list of
randomized, bogus e-mail addresses, together with a list of
randomized web hyperlinks. Each of the randomized web hyperlinks
that wpoison generates looks exactly like an ordinary web
hyperlink that leads off to someplace else, i.e. to some different web page.
But in fact, that is just a matter of appearances, and the reality
is that if you follow any one of these hyperlinks, you will actually
end up coming right back and executing the wpoison CGI
program again, at which point you will get yet another randomized
dynamically generated web page, and that new page will contain a
totally new set of bogus e-mail addresses and a totally new set of
randomized hyperlinks. And of course, all of those new hyperlinks
will, if followed, lead right back to the wpoison CGI program
yet again, thus starting the whole cycle all over again.
Installation
To install wpoison,
Telnet or SSH to your
Virtual Server and run the following command:
% cd (change to your home directory)
% tar -xvf /usr/local/contrib/wpoison.tar
Implementation
In order to properly implement a site inoculation, you will want to
use a combination of empty <a href> tags on your
home page and throughout your web site a la
<a href="/leeches/index.html"></a> as well as add the
following lines to your web server config file (e.g. httpd.conf):
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro.*
RewriteRule ^/.* /leeches/index.html [L]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon.*
RewriteRule ^/.* /leeches/index.html [L]
RewriteCond %{HTTP_USER_AGENT} ^eCatch.*
RewriteRule ^/.* /leeches/index.html [L]
To prevent legitimate spiders from indexing the wpoison generated pages,
create an entry in your
robots.txt file (or create the file in your ~/www/htdocs/ directory
if it does not exist and add an entry) to "disallow" the /leeches/
directory. An example entry is shown below:
User-agent: *
Disallow: /leeches/
