Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Apr 2010 07:44:53 -0500
From:      John <john@starfire.mn.org>
To:        Aiza <aiza21@comclark.com>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Wpoison?????
Message-ID:  <20100426124453.GB74442@elwood.starfire.mn.org>
In-Reply-To: <4BD3E9B8.2030109@comclark.com>
References:  <4BD3E9B8.2030109@comclark.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 25, 2010 at 03:05:28PM +0800, Aiza wrote:
> Looking for comments on this small apache web application that fools web 
> harvest programs into harvesting bogus email address from web page.
> http://www.monkeys.com/wpoison
> 
> Anybody try this?
> Is this a self-inflicted Trojan?
> Since I don't have web server was thinking of creating jail for apache 
> that only runs this wpoision perl script?
> My firewall been blocking inbound port 80 and gets hit 100's of times a 
> day. Just script kiddies rolling through a block of ip address hunting.
> Play with them a little bit in return.
> 
> Comments please?

Well, it's short and easy to understand - about half of it is comments
and data structure initalization.  From what remains, it all makes
simple sense and there is nothing obscure or difficult to understand.

I'm pretty concerned about its effectiveness.  It appears not to have
been touched since 2001.  If it actually accomplished its goals, I think
it would have been tuned up a bit, and it would be much more popular.
I've been hanging around the web quite a bit in the last nine years, and
it concerns me that I've never run into it before.

So - I went ahead and installed it.  Just in case the script kiddies
had gotten a little bit more sophisticated, I changed the name.  I put
it on three of my web pages -now, I grant you, all three of them are
tagged "NOFOLLOW," but I doubt spambots pay any attention to that.
That was about 24 hours ago, and so far, I have not gotten one single
hit on it outside of my testing.  Now, it may simply be that I'm off
in too obscure a corner of the web, or that I should go through my
errors log and create one of the bogus pages they always probing for
with a reference to it, but I'm not expecting too much luck at this
point.

I would love to hear if your results are any better.  I hope that
it does do what it is supposed to do!  That would be great.  I
don't see how it could possibly do anything malicious or propagate
itself in any way.  It would be simple to turn off if you didn't like
the behavior.

That's my $0.02, anyway.

> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

-- 

John Lind
john@starfire.MN.ORG

The inherent vice of capitalism is the unequal sharing of blessings;
the inherent virtue of socialism is the equal sharing of miseries.
  - Winston Churchill



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100426124453.GB74442>