TarPit update :: geek ramblings

TarPit update

I’ve had a minor modification to my Spammer TarPit plugin in place here for a couple of weeks, but I’m just now getting around to updating it for public consumption. New in version 1.3: the plugin will now emit an HTTP 403 “Forbidden” status code, and the content-type is set to “text/plain”. There’s little hope that a spammer bot will actually recognize and respect the 403 status code, but at least it’s proper semantics on the part of the plugin.

5 Comments

Kitten

Posted 10/31/2004 at 3:07 pm | Permalink

you might be able to clean up the regex with something like:
"/^([0-9]{1,3}\.){2}([0-9]{1,3}\.?){1,2}$”/
That way, the last quad can be dropped for spammers that are working a subnet.
Dougal Campbell

Posted 10/31/2004 at 6:01 pm | Permalink

However, you would run the risk of blocking innocent bystanders who are in the same subnet.

The tarpit shouldn’t be considered a first line of defense in blocking spam. I find that far more of the spam targeted at my site is blocked by the normal moderation checks than by my tarpit. The tarpit is mainly useful for cases like I was seeing a week or two ago, when an automated program is sending spam after spam after spam from the same address.

I’ve seen hundreds of spams sent to moderation over the past few days, but only 4 hits have triggered the tarpit.
Artois

Posted 5/27/2005 at 4:59 pm | Permalink

and if i want to ban a subnet, like 82.55.x.x-82.59.x.x how i do?
MiG

Posted 1/15/2006 at 10:52 am | Permalink

Hi there, I just downloaded and installed your plugin since I also am a target for the damn crap bots. My Q ( ignorant and stupid as it might be )is how/where do I add the ip’s I want to block? How is it supposed to look like when I add them?

Thanks for your time

/Michael
Jeff

Posted 8/5/2008 at 10:09 pm | Permalink

Dougal, what happened to the code for your tarpit plugin? I go to http://dougal.gunters.org/blog/2004/08/25/spammer-tar-pit, and then from thereon, to http://dougal.gunters.org/tarpit.txt|phps, but guess what, “Apologies, but we were unable to find what you were looking for. Perhaps searching will help.” …

4 Trackbacks

By Five Acres with a View on 10/31/2004 at 10:33 pm

Death to All Comment Spammers

I am now trying Dougal’s Tarpit plugin to see if I can discourage the video gambling spammer who is flooding my comments.
By dot-totally.co.uk on 11/6/2004 at 1:35 pm

away (aint the blogosphere and its wonders great?) and has put my fears to rest. Iâ€™ve reenabled the plugin, and Iâ€™ll just have to stick it to the spammers. Gerrr! Thanks Dougal for your support and your wonderful plugin! Update 2: Spammer TarPit Version 1.3 has been released, which makes semantic 403 Forbidden errors. Great work, again. I donâ€™t know if Dougalâ€™s Spammer TarPit is just going slightly overboard on my weblog. Since the 11th of October (that
By Un Cielo Provvisorio » Blogware on 7/1/2005 at 5:32 pm

[...] Il secondo livello è formato da una versione modificata di SpamTarPit con un meccanismo d’una astuzia letale: interroga in continuo un rpc che lista gli open proxy e se un ip che ha visitato il blog "Match" ossia combacia, lo aggiunge nella blacklist. Questo ha uno svantaggio, per un po’ si è dentro il blog, ma non dura: entro 5/10 minuti l’indirizzo ip è out, quindi è anche difficile lasciare un messaggio, dato che la gestione di essi è affidata ad un sistema a doppia validazione ed infine, il terzo livello è Spam Karma II: l’ideale presidio se per caso le prime due difese siano varcate. Quindi spiacevoli episodi a base di cassamortari e minacce non dovrebbero presentarsi. [...]
By Five Acres with a View on 2/28/2006 at 7:28 pm

TarPit…

I don’t know if it was due to Dougal’s TarPit plugin, but the comment spammer seems to have gone away for now. He is not missed.

……