(c)2003 by daniel hahler.
Free to use for everybody.
You are allowed to make changes for personal usage.
Redistribution is not allowed, please contact me with your suggestions instead.
I give no warranty for anything - use at your own risk.
spambothoney provides a "honeypot" for web-crawling robots, which collect email addresses to spam them. The script is concepted to be easy to configure and setup, so that many webmasters can set it up on their webspace. This way we can fight against the spammers, by polluting their databases - or even crash their bots.
You'll need a server that supports PHP and MySQL. I don't know about minimal versions (I use PHP 4.3.4 and MySQL 4.0.16).
1. Extract the archive to a webserver's directory of your choice.
2. Edit spambothoney.conf
You have to edit:
- the password, which is used to call the script directly and configure its settings
- the MySQL database settings
You can edit the other settings too, but it's not needed.
3. Configure the script
Call the script directly and append password=yourpassword as GET-parameter.
If your password is "love78" you would point your browser to http://yourdomain.de/pathtoscript/spambothoney.php?password=love78.
There you should create the configuration table and a default configset.
You can now configure the default configset directly, or create a new set first.
4. Integrate the script
This can be done in various ways. In general you'll have to include spambothoney.php and create an object of its class. Then you simply call the functions generate and output of this object.
It would look like:
include('pathtoscriptdir/spambothoney.php'); $honey = new spambothoney(); $honey->generate(); $honey->output();
The constructor of the spambothoney class takes 1 parameter, that you'll need: the name of the configset you want to load
('default' is default :) )
So, you can load another configset by using:
$honey = new spambothoney('mycfgset');
or by calling the object's funtion loadconfig:
5. Hide the script
- spambothoney throws a "HTTP 404 File Not Found" error, if the script's files are called directly. This way a bot cannot check if there are spambothoney files. You'll also get a 404 error, if you call spambothoney.php with a wrong or without any password. If you generate your own error pages, you probably want to take a look at spambothoney.throw404.php, which is the file that gets included, if one of the files is called directly.
- Link somewhere from your site to the email generating page, but be careful that humans will not go there. You could hide the link by linking some transparent 1x1 pixel image or use stylesheets to make it invisible.
- Put the URI that generates the email addresses to your robots.txt, so that robots that respect this standard do not fall into your honeypot.
- You should check if directory indexes get shown. For Apache servers this would be Options -Indexes in .htaccess of the specific directory, or more global in httpd.conf.
Suggestions to this script are very welcome!