[wp-hackers] Trackback Spam
Darryl
dvandorp at gmail.com
Tue Feb 1 16:02:53 GMT 2005
On Tue, 1 Feb 2005 05:31:19 -0900, Allen Parker <infowolfe at gmail.com> wrote:
> On Tue, 1 Feb 2005 05:23:41 -0900, Allen Parker <infowolfe at gmail.com> wrote:
> <snip>
> forgot to add, sorry for the top post, very tired, ALSO... since this
> uses header(location: xyz.php); it *does not* mess with site
> statistics/logs. everything shows like it should in your stats
> programs....
>
> also, a 403 (forbidden) message would probably be the kindest way to
> tell these punters to go somewhere else, if you want to be more rude,
> feel free... a quick idea:
>
> $$: tarpit1.php :$$
> <?php
> sleep(10);
> header("location: tarpit2.php");
> ?>
> $$: tarpit2.php :$$
> <?php
> sleep(10);
> header("location: tarpit1.php");
> ?>
>
> include a common counter per ip/sessionid, whatever, and you'd have a
> very effective way of keeping these kinds of people occupied with very
> little bandwidth penalty on your end. you'd definately want to keep
> the sleep below 30 seconds, as i'm not exactly sure if that'd trigger
> a http/1.0 client's timeout ;-)
> make them pass through 30 rotations and you've wasted 5 minutes of
> their machine's time... fight fire with tar ;-)
>
>
I'm reasonably sure that spammers don't wait around for a timeout so I
doubt a tarpit actually slows them down.
Another idea is a throttle:
http://weblog.burningbird.net/archives/2005/02/01/throttling-the-trackback/
--
http://randomthoughts.vandorp.ca
More information about the hackers
mailing list