Stop Spam with Project Honey Pot

Project Honeypot

If you have read my posts recently you get the idea that I hate spam. In fact, I don’t know anyone that likes getting spam. Whether through e-mail, blogs, forums, or Web sites, spam is very annoying to receive and deal with.

I have implemented several measures to prevent spam from appearing on Technically Easy through the use of plugins. About 99.99% of the spam comments I receive get discovered and sent into the spam list. Recently, however, I have joined an online project that has been around for a few years called Project Honey Pot. I’m still learning about it, but this post will explain what I have discovered.

What is Project Honey Pot?

Stop Spam Harvesters, Join Project Honey Pot

A few months ago I read somewhere about a blog owner who joined an online project called Project Honey Pot. This project was created to help stop harvesters, spammers, dictionary attackers, and comment spammers. It does this by collecting data from thousands of web sites, blogs, and forums of those that have signed up for the project.

It is completely free to join and use, and can be used by pretty much anyone with a site of any kind. Even those on free hosts, such as Blogger, can join and use Project Honey Pot.

Project Honey Pot works by creating decoy pages and links on sites that can gather information about robots, crawlers and spiders. Eventually data is collected about harvesters, spammers, dictionary attackers, and comment spammers through the decoys that are created.

There are two methods you can use to help catch spammers: a honey pot and a quicklink.

Honey Pots

Honey pots are pages that can be uploaded to a site that uses PHP. This method is preferred if you have your own self-hosted web site that can execute PHP pages. For free hosts, such as Blogger, you can use Quicklinks, which are described below.

The honey pot pages simply consist of a legal disclaimer and an e-mail address. To ensure that these pages can’t be recognized by spammers, the pages are different with each honey pot. Also, the addresses on the honey pot pages are unique, not only for your honey pot, but also for each visitor. This helps provide information about the spider that harvested the page.

Honey pots are by far the most recommended way of catching spammers. The more honey pots that are in existence, the better chance that a spider will visit one and be caught. The pages themselves are very small, so the bandwidth usage is minimal. They are easy to install, and there are step-by-step instructions on Project Honey Pot that walk you through the process.

Once the honey pot is installed, you can simply create a hidden link on the pages of your site. This link won’t be seen by your visitors, but can be picked up by spiders.

For those on free hosts, instead of honey pots, you can use Quicklinks.

Quicklinks

Everyone that joins Project Honey Pot also has their own quicklink. This quicklink points to a Honey pot that is being shared on another site. It is simply a link that you can include in your Web pages, that is hidden from visitors, but can be picked up by spiders.

There are many ways you can generate quicklinks that can be hidden from your visitors, and Project Honey Pot has many example links for you to use. A good place to put any of the links is near the top of your pages. This way you can be sure that if a spider was to visit your site, it will find the link.

If you own multiple Web sites, you can use the same quicklink on all the sites. The number of visitors through the quicklinks are indicated within your dashboard on Project Honey Pot.

http:BL

All the data that is collected is analyzed and then information about suspicious or malicious IP addresses are then published. This information is provided in a tool called http:BL.

Webmasters can use the information within http:BL to prevent certain IP address from accessing their Web sites. In order to use http:BL you must have an account and an access key, which are granted to active participants of Project Honey Pot.

An active participant is someone who has installed a honey pot, donated an MX record, or referred people to the Project Honey Pot web site.

There is currently an Apache module available that can be used to query http:BL. This module allows you to restrict access to the visitor if they have been identified as suspicious or malicious. If you choose you can also create your own module as the API for http:BL is available for use.

Project Honey Pot With WordPress

There is a http:BL plugin available, but I’m not sure if it is actively being developed as I haven’t used that plugin. I currently use the Bad Behavior plugin which also has the ability to use http:BL, provided you have an access key.

Once you enter your access key on the Bad Behavior configuration page, Bad Behavior will start querying the Project Honey Pot blacklist to determine if the IP can download content for your blog. After I entered by key, I noticed that there were many entries in my Bad Behavior log indicating that a visitor was blocked because they were on the http:BL list.

Final Thoughts

If you own a Web site, and hate spammers as much as I do, I encourage you to join Project Honey Pot. It is free to join, and you can help rid the Internet of spammers. Taking advantage of http:BL, you can also help protect your site from spammers at the same time.

Follow Me