[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dealing with spam ~ advice needed

Steve Lamb wrote:


John Summerfield wrote:

I've not yet explored how to do it, but I quite like the idea of
blocking connexions from anyone trying my spambait addresses below (yes,
they are turning up in my logs).


   For a while I thought about blocking connections from dictionary spammers
and spammers that constantly hit my box.  But then I decided to go a different
route.  My machine processes maybe 500 legitimate messages a day.  The chances
of my inbound connections (set to 10) being all hit at the same time is pretty
darn remote.  Even so they won't be tied up for all that long.  So instead I
just had my machine consider, carefully, any reject message it gives on
certain behaviors.  Send to a bad address at my machine, it'll check for the
address and let you know what it finds in 20s.  After 20 of them it'll decide
you dunno whom you're looking for and tell ya to shoo. 20 * 20s = 400s or just
shy of 7 minutes.  If a dictionary spammer wants to tie up one of his
connections for 7 minutes to attempt 20 bad addresses at my machine who am I
to discourage him?  :D


<->

There is at least one tarpit if you want to get serious about it.
Oh, if you want to tie these people up even longer, dynamically write a firewall rule to deflect it to a different port where you can consider these matters with even greater care.
I'd expire the rule after a time though. If the IP changes hands, no point in punishing the new owner, and if the same offender returns from the same IP, well consider his application afresh. 


--

Cheers
John

-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
Reply to: