| Spam trap [message #133679] |
Wed, 11 January 2017 09:48  |
whaw
Messages: 9
Registered: April 2013
Location: Tessenderlo
|
|
|
|
Hello,
Is it possible to create a spam trap?
For example i create info<_at_>test.com as a spam trap and don't give the address to the public.
When the spammer sends a mail to info<_at_>test.com i know it's someone that is guessing mailaccounts and put them on a blacklist.
I also can create web<_at_>test.com and hide this in the html of our website.
Greets
Jef
|
|
|
|
|
|
| Re: Spam trap [message #133705 is a reply to message #133692] |
Thu, 12 January 2017 14:36  |
Kedar
Messages: 356
Registered: April 2005
|
|
|
|
My trap are files like "addresses.php" or "contacts.php" defined in robots.txt and defined as denied for all bots (crawlers).
User-agent: *
Disallow: /addresses.php
These files contain code for generating of random addresses like "f5a4g<_at_>..." on all my domains. The bots can harvest tens or billions addresses, it's only about their patience 
The typical scenario:
1. "Good" bots ignores these lists of fake addresses, because are denied in robots.txt
"Evil" bots - harvesters - discover it in robots.txt and catch as many fake addresses as they want and fill spammer's database.
2. in Kerio Connect is set protection against directory harvest attack: WebAdmin -> SMTP Server -> Security Options, the sender's IP is blocked for one hour after 2 wrong recipients. (One is probably mistake, two wrong addresses is attack).
[12/Jan/2017 14:12:04] Attempt to deliver to unknown recipient <5a0483ce9@xxx>, from <viktor<_at_>xxx>, IP address 104.223.117.135
[12/Jan/2017 14:12:04] Attempt to deliver to unknown recipient <94f604@xxx>, from <viktor<_at_>xxx>, IP address 104.223.117.135
[12/Jan/2017 14:12:04] Directory harvest attack from 104.223.117.135 detected
one minute later it tries delivery some message again, but it's blocked
[12/Jan/2017 14:13:26] SMTP connection from 104.223.117.135 rejected: directory harvest attack
|
|
|
|
|
|
| Re: Spam trap [message #133771 is a reply to message #133705] |
Tue, 17 January 2017 17:07 |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
Radek Sip (Kerio) wrote on Thu, 12 January 2017 08:36My trap are files like "addresses.php" or "contacts.php" defined in robots.txt and defined as denied for all bots (crawlers).
User-agent: *
Disallow: /addresses.php
These files contain code for generating of random addresses like "f5a4g<_at_>..." on all my domains. The bots can harvest tens or billions addresses, it's only about their patience
The typical scenario:
1. "Good" bots ignores these lists of fake addresses, because are denied in robots.txt
"Evil" bots - harvesters - discover it in robots.txt and catch as many fake addresses as they want and fill spammer's database.
2. in Kerio Connect is set protection against directory harvest attack: WebAdmin -> SMTP Server -> Security Options, the sender's IP is blocked for one hour after 2 wrong recipients. (One is probably mistake, two wrong addresses is attack).
[12/Jan/2017 14:12:04] Attempt to deliver to unknown recipient <5a0483ce9<_at_>xxx>, from <viktor<_at_>xxx>, IP address 104.223.117.135
[12/Jan/2017 14:12:04] Attempt to deliver to unknown recipient <94f604<_at_>xxx>, from <viktor<_at_>xxx>, IP address 104.223.117.135
[12/Jan/2017 14:12:04] Directory harvest attack from 104.223.117.135 detected
one minute later it tries delivery some message again, but it's blocked
[12/Jan/2017 14:13:26] SMTP connection from 104.223.117.135 rejected: directory harvest attack
Radek,
Where is the setting for how long the IP is blocked? I'm running 9.2.0 and didn't see it on the SMTP Server Security Options tab. I've looked in other sections as well and haven't found the option.
Thanks.
Cheers,
Jon
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
