« Bad Behavior for Joomla
Bad Behavior 2.0.11 »

Project Honey Pot and http:BL

April 27th, 2007 by Michael Hampton

Project Honey Pot made several announcements this week, the largest of them Thursday when it announced it had filed a $1 billion lawsuit against spammers on behalf of the members of Project Honey Pot. I’m proud to say I’ve been such a member for some time now, and will lend whatever assistance I can to efforts to stop spam.

Project Honey Pot has been targeting email spam for years. But now it has also quietly launched an initiative to target blog comment spam. I’m proud to say I’m also participating in that effort.

On Wednesday, the project announced http:BL, a DNS-based blacklist of IP addresses which have been seen harvesting email addresses and sending email and comment spam. This is just about exactly what I had in mind when I announced the Bad Behavior Blackhole almost two years ago; Project Honey Pot has actually built something better.

I’ve spent the last day or so evaluating http:BL and found that its design is unfortunately not amenable to adding directly in to Bad Behavior, as it has significant technical differences from other DNS-based blacklists.

Therefore, I’m writing a separate http:BL plugin for WordPress. I’m currently testing it here and I hope to make the first release in the next few days.

Project Honey Pot relies on webmasters who want to actively participate in stopping spam. But the project has only a few bloggers running honey pots, so it’s not yet catching a lot of comment spam bots.

You can help by signing up for Project Honey Pot and installing a honey pot on your blog, forum or wiki.

Your honey pot, along with millions of others, will trap spambots of all types and feed its data into http:BL, which will improve the service for everyone.

19 Responses to “Project Honey Pot and http:BL”

  1. 1

    Kelson Says

    That’s great news on the http:BL plugin!

    As for getting data on comment spammers, something seems to be missing. I posted earlier today that while they seem to have data on comment spammers going back to March 22, my honeypots haven’t seen a single comment spammer. It’s odd, especially considering how much spam Bad Behavior and Spam Karma detect on the same domain. I have one, fairly well-trafficked, on the same domain, with links on the blog.

    Though looking back, it took about 6 weeks from the time I first set up a honeypot to the first spam harvester identified by it, despite local spamtraps only taking three days to start picking up mail. Maybe something similar is going on here.

    Apr 28th, 2007 at 12:33 am   

  2. 2

    Keith Says

    Sounds great! I’m looking forward to seeing what you come up with. However, I think it’s worth pointing out that AFAIK, you should only be installing a Honeypot on your blog if the server is yours. If you’re leasing space from a provider then it’s better to use QuickLinks (http://www.projecthoneypot.org/5days_tuesday.php)

    Apr 28th, 2007 at 10:07 am   

  3. 3

    Michael Hampton Says

    Anyone capable of installing Bad Behavior, or running their own WordPress blog, has sufficient control of their server to install a honey pot.

    Apr 28th, 2007 at 4:28 pm   

  4. 4

    Matthew Prince Says

    Michael:
    Thanks for the kudos. We have a lot to learn about tracking comment spammers and would value your insight.

    A couple of things…

    First, we’d love to find a way to incorporate IP data from Bad Behavior into the http:BL. Please drop me a line sometime if there’s some way you think we could make that work.

    Second, the WordPress plugin sounds AWESOME. One thing I hope you’ll build in as a feature is a way for people to automatically distribute links to a honey pot. For example, if during configuration users could be promoted for a QuickLink or a URL to their own honey pot, and then that QuickLink was automatically included in the WordPress page footer or something, that would be helpful. In order to http:BL to be as useful as possible, we need to get as many bad robots visiting its pages as we can. Increasing the number of in-bound links to honey pots is the #1 way we can do that.

    Finally, if there’s anything we can do to make the http:BL service more easily integratable into your Bad Behavior script, don’t hesitate to let me know. We are definitely open to feedback.

    Thanks for your help! Let me know if there’s anything my team or I can do to help you going forward.

    Cheers,
    Matthew.

    Apr 28th, 2007 at 10:45 pm   

  5. 5

    Michael Hampton Says

    Thanks, Matthew! I’ll send you an e-mail later this weekend with some information and a few ideas.

    Apr 28th, 2007 at 11:14 pm   

  6. 6

    Ozh Says

    Great stuff. I just installed honey pots on all the sites I manage, I feel like I’m a guerilla warrior on a mission now.

    Apr 29th, 2007 at 1:53 pm   

  7. 7

    mokiejovis Says

    I am a user of Bad Behavior and a participant in Project Honey Pot.

    As I mentioned in a comment on a post two down, I want to continue contributing to Project Honey Pot, but when I use Bad Behavior, I’m effectively blocking the very bots I’m using the honey pot for. It would be VERY helpful if you altered Bad Behavior to:
    1) Let us see what the “You’ve been blocked” page looks like
    2) Allow us to post a link to our honey pot so that it can be integrated into the “you’ve been blocked” website and the spambot gets tracked AND blocked.

    Apr 30th, 2007 at 7:05 pm   

  8. 8

    Luke Says

    Quite the intriguing project, and Matthew has provided some great insight.

    With their willingness to help projects add these features, it gives me hope that just maybe the tide can take a bigger turn.

    Combining data from as many sources like Bad Behavior, or Dr. Dave, can only help make it more accurate and useful.

    May 3rd, 2007 at 1:56 am   

  9. 9

    John P. Says

    I’m in. I installed a honey pot with an available WP plug in but I look forward to replacing it with yours since I’m running already running BB.

    May 3rd, 2007 at 6:53 pm   

  10. 10

    TechZ Says

    Been a follower of BB from some time now, and just today adopted Project Honey Pot.

    May 4th, 2007 at 12:07 pm   

  11. 11

    Jonathan Says

    mokiejovis, edit banned.inc.php in the plugin and add your Project Honey Pot link there. I put mine before the legitimate contact.

    May 4th, 2007 at 2:08 pm   

  12. 12

    Keith Says

    Just for the record, I was wrong, Michael was right. If you have a ‘dumb’ blog like MySpace or similar, then quicklinks is for you. If you can use PHP and upload files to your site, then a proper honeytrap is the way to go. Apologies for my mistake.

    Jun 1st, 2007 at 8:52 pm   

  13. 13

    Rick Beckman Says

    Anymore news on the http:BL plugin for WordPress?

    *eagerly awaits*

    Aug 12th, 2007 at 11:26 pm   

  14. 14

    KSA Says

    You’ll be happy to know your service is being employed by Jihadi websites like Muslimpad.

    Oct 15th, 2007 at 11:37 am   

  1. 1

    planetOzh

    Trackback on May 3rd, 2007 at 1:18 pm   

  2. 2

    Weblog Tools Collection » Blog Archive » Make the web a cleaner place : adopt a Honey Pot

    Pingback on May 3rd, 2007 at 1:50 pm   

  3. 3

    httpBL 外掛啟用 « Kirin Lin

    Pingback on May 3rd, 2007 at 3:31 pm   

  4. 4

    Parche para resolver el problema con Menéame, Digg y Bad Behavior | nv1962

    Pingback on Dec 16th, 2007 at 10:24 pm   

  5. 5

    Another spam post, the more subtle Referrer Spam..!

    Pingback on Apr 9th, 2010 at 10:03 pm