Jazajay
12-20-2007, 03:06 PM
Hi all I've modified this anti-spammer script and am going to share it with everyone for xmas as I'm in a good mood due to the holidays.
What It Does?
If a bot hits your site and doesn't view your robots.txt file , hence it's not a SE bot, it gets redirected to a anti-spammer page before it gets booted out of your site.
Now heres the kicker the page it gets re-directed to is a page of 100,000 random emails as in abhdf@adasd.com totally useless. Ha spam me again why don't you.
Why would you need this?
1.Well Spammers are the scum of the earth
2.Spammers use automated scripts to search your site looking for emails. When it finds one it adds it to thier DB and sends them spam or sells them on for a profit.
This is bad for several reasons - depending on how many times of day and how many spam bots hit your site your bandwidth and CPU usage can go through the roof. As they have to request every page before they scan them. So by redirecting them to one page not only are you saving bandwidth and CPU power, but you are giving them what they want 100,000 emails - shame they are useless. :)
3. You get spam to your inbox.
4.People use large scripts to get rid of spam bots. They don't catch them all. However this uses the universal robots.txt to decide between malious bots ans SE bots.
Implementation.
Disclaimer: I first got this script off another site and have done a re-work, I have publicized this script on another forum for the same reason ,I'm a good guy, 400 people viewed that thread I have no data to how many implemented it. No problems have been reported. I use this script and I haven't seen any problems, But please don't blame me if something unexpected happens. It is your job to implement this properly - I will provide as much information as I can. If you don't understand the implementation or decide it's not for you please don't just upload the code to your sever with out understanding it first.
You will need to create 3 files for this to work
A .htaccess file/modification to your .htaccess file
A robots.txt file/modification to your Robots.txt
A .individual page - which I provide.
Robots.txt file
This must be added first. To be on the safe side I would leave this on the server until the SE have been round when you are sure they have then upload the other files. That way you are garrenteed the SE wont view the spider trap by mistake.
Disallow: /antiSpam.phpThe .htaccess file
!This is important this must be done!
This needs to be placed in the root dir.
SetEnvIf Request_URI "^(/403.*\.htm|/robots\.txt)$" allowsome
order deny,allow
deny from env=antiSpam
allow from env=allowsomeOk this sets the variables to test against.
SetEnvIf Request_URI "^(/403.*\.htm|/robots\.txt)$" allowsomeDenys access to your sites from bots that view the antiSpam page
deny from env=antiSpam
Allows bots through that view the robots.txt
allow from env=allowsome
The script page
This needs to be set on your root dir and called antiSpam.php
<?php
ob_start("ob_gzhandler");
$filename = ".htaccess";
$content = "SetEnvIf Remote_Addr ^".str_replace(".","\.",$_SERVER["REMOTE_ADDR"])."$ antiSpam\r\n";
$handle = fopen($filename, 'r');
$content .= fread($handle,filesize($filename));
fclose($handle);
$handle = fopen($filename, 'w+');
fwrite($handle, $content,strlen($content));
fclose($handle);
mail("email@yourEmailAddress.com",
"Spider Alert!",
"The following ip just got banned because it accessed the spider trap.\r\n\r\n".$_SERVER["REMOTE_ADDR"]."\r\n".$_SERVER["HTTP_USER_AGENT"]."\r\n".$_SERVER["HTTP_REFERER"]
,"FROM: Me ");
$page = '';
for ( $i = 0; $i < 100000; $i++ )
{
$page .= new_email();
}
function new_email()
{
$email = '';
$letters_array = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
's', 't', 'u', 'v', 'w', 'x', 'y', 'z');
for ( $i = 0; $i < 17; $i++ )
{
$email .= ( $i!== 10 )? $letters_array[ mt_rand( 0, 25) ] : '@';
}
$email .= '.com';
$email = '<a href="mailto:' . $email . '">' . $email . "</a>\n";
return $email;
}
$page .= "Goodbye!";
echo $page;
?> Ok I'll try to go through it
ob_start("ob_gzhandler");This turns on page compression - For this to work your server must be able to compress data sent to the client via gzip.
To test create a new page and place <?php php_info();?> in it, load it to your server. this will give you a run down of your server compatibilities. If gzip is turned on it'll be in that table. Delete this file afterwards as it's a hackers dream to find that script.
Compression is needed to load the 100,000 emails, otherwise the script fails at around 10,000 as the maximum memory allocated for a script to use runs out.
Ok next -
$filename = ".htaccess";
$content = "SetEnvIf Remote_Addr ^".str_replace(".","\.",$_SERVER["REMOTE_ADDR"])."$ antiSpam\r\n";This test the remote address and kicks the script in.
$handle = fopen($filename, 'r');
$content .= fread($handle,filesize($filename));
fclose($handle);
$handle = fopen($filename, 'w+');
fwrite($handle, $content,strlen($content));
fclose($handle);This does all the nitty gritty opens .htaccess file etc...
mail("email@yourEmailAddress.com",
"Spider Alert!",
"The following ip just got banned because it accessed the spider trap.\r\n\r\n".$_SERVER["REMOTE_ADDR"]."\r\n".$_SERVER["HTTP_USER_AGENT"]."\r\n".$_SERVER["HTTP_REFERER"]
,"FROM: Me");
This sends you an email when the script works to let you know that a bot has been blocked. When you get this I suggest you check it against SE IP's as it will tell you if a problem with implementation has occurred. SE Bots shouldn't request this file as they have been blocked via robots.txt.
$page = '';
for ( $i = 0; $i < 100000; $i++ )
{
$page .= new_email();
}
function new_email()
{
$email = '';
$letters_array = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
's', 't', 'u', 'v', 'w', 'x', 'y', 'z');
for ( $i = 0; $i < 17; $i++ )
{
$email .= ( $i!== 10 )? $letters_array[ mt_rand( 0, 25) ] : '@';
}
$email .= '.com';
$email = '<a href="mailto:' . $email . '">' . $email . "</a>\n";
return $email;This creates the email addresses and loop through them to 100,000 has been reached.
$page .= "Goodbye!";
echo $page;this sets a nice freindly message to say get off my site you pile of crap.
It then gets booted out via the .htaccess file.
Why Am I giving this script away?
I told you I'm a nice guy. I've had major spammer problems in the past. I don't want a link back, cash or even sexual favors :D
Just the satisfaction of getting my own back on as many spammers as possible. The best thing is Spammers can hit your site several times a day so hell that could be close to a million crap emails they get. O well get a job!
All the best and have a Great day
Jaza
If any one spots any problems or bad instructions, please don't hesitate to post.
DISCLAIMER: Agian it's up to you to implament this properly. If you don't feel safe doing it don't.
Any feed back would be very greatfully appricated.
Have a great xmas and an even better new year
What It Does?
If a bot hits your site and doesn't view your robots.txt file , hence it's not a SE bot, it gets redirected to a anti-spammer page before it gets booted out of your site.
Now heres the kicker the page it gets re-directed to is a page of 100,000 random emails as in abhdf@adasd.com totally useless. Ha spam me again why don't you.
Why would you need this?
1.Well Spammers are the scum of the earth
2.Spammers use automated scripts to search your site looking for emails. When it finds one it adds it to thier DB and sends them spam or sells them on for a profit.
This is bad for several reasons - depending on how many times of day and how many spam bots hit your site your bandwidth and CPU usage can go through the roof. As they have to request every page before they scan them. So by redirecting them to one page not only are you saving bandwidth and CPU power, but you are giving them what they want 100,000 emails - shame they are useless. :)
3. You get spam to your inbox.
4.People use large scripts to get rid of spam bots. They don't catch them all. However this uses the universal robots.txt to decide between malious bots ans SE bots.
Implementation.
Disclaimer: I first got this script off another site and have done a re-work, I have publicized this script on another forum for the same reason ,I'm a good guy, 400 people viewed that thread I have no data to how many implemented it. No problems have been reported. I use this script and I haven't seen any problems, But please don't blame me if something unexpected happens. It is your job to implement this properly - I will provide as much information as I can. If you don't understand the implementation or decide it's not for you please don't just upload the code to your sever with out understanding it first.
You will need to create 3 files for this to work
A .htaccess file/modification to your .htaccess file
A robots.txt file/modification to your Robots.txt
A .individual page - which I provide.
Robots.txt file
This must be added first. To be on the safe side I would leave this on the server until the SE have been round when you are sure they have then upload the other files. That way you are garrenteed the SE wont view the spider trap by mistake.
Disallow: /antiSpam.phpThe .htaccess file
!This is important this must be done!
This needs to be placed in the root dir.
SetEnvIf Request_URI "^(/403.*\.htm|/robots\.txt)$" allowsome
order deny,allow
deny from env=antiSpam
allow from env=allowsomeOk this sets the variables to test against.
SetEnvIf Request_URI "^(/403.*\.htm|/robots\.txt)$" allowsomeDenys access to your sites from bots that view the antiSpam page
deny from env=antiSpam
Allows bots through that view the robots.txt
allow from env=allowsome
The script page
This needs to be set on your root dir and called antiSpam.php
<?php
ob_start("ob_gzhandler");
$filename = ".htaccess";
$content = "SetEnvIf Remote_Addr ^".str_replace(".","\.",$_SERVER["REMOTE_ADDR"])."$ antiSpam\r\n";
$handle = fopen($filename, 'r');
$content .= fread($handle,filesize($filename));
fclose($handle);
$handle = fopen($filename, 'w+');
fwrite($handle, $content,strlen($content));
fclose($handle);
mail("email@yourEmailAddress.com",
"Spider Alert!",
"The following ip just got banned because it accessed the spider trap.\r\n\r\n".$_SERVER["REMOTE_ADDR"]."\r\n".$_SERVER["HTTP_USER_AGENT"]."\r\n".$_SERVER["HTTP_REFERER"]
,"FROM: Me ");
$page = '';
for ( $i = 0; $i < 100000; $i++ )
{
$page .= new_email();
}
function new_email()
{
$email = '';
$letters_array = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
's', 't', 'u', 'v', 'w', 'x', 'y', 'z');
for ( $i = 0; $i < 17; $i++ )
{
$email .= ( $i!== 10 )? $letters_array[ mt_rand( 0, 25) ] : '@';
}
$email .= '.com';
$email = '<a href="mailto:' . $email . '">' . $email . "</a>\n";
return $email;
}
$page .= "Goodbye!";
echo $page;
?> Ok I'll try to go through it
ob_start("ob_gzhandler");This turns on page compression - For this to work your server must be able to compress data sent to the client via gzip.
To test create a new page and place <?php php_info();?> in it, load it to your server. this will give you a run down of your server compatibilities. If gzip is turned on it'll be in that table. Delete this file afterwards as it's a hackers dream to find that script.
Compression is needed to load the 100,000 emails, otherwise the script fails at around 10,000 as the maximum memory allocated for a script to use runs out.
Ok next -
$filename = ".htaccess";
$content = "SetEnvIf Remote_Addr ^".str_replace(".","\.",$_SERVER["REMOTE_ADDR"])."$ antiSpam\r\n";This test the remote address and kicks the script in.
$handle = fopen($filename, 'r');
$content .= fread($handle,filesize($filename));
fclose($handle);
$handle = fopen($filename, 'w+');
fwrite($handle, $content,strlen($content));
fclose($handle);This does all the nitty gritty opens .htaccess file etc...
mail("email@yourEmailAddress.com",
"Spider Alert!",
"The following ip just got banned because it accessed the spider trap.\r\n\r\n".$_SERVER["REMOTE_ADDR"]."\r\n".$_SERVER["HTTP_USER_AGENT"]."\r\n".$_SERVER["HTTP_REFERER"]
,"FROM: Me");
This sends you an email when the script works to let you know that a bot has been blocked. When you get this I suggest you check it against SE IP's as it will tell you if a problem with implementation has occurred. SE Bots shouldn't request this file as they have been blocked via robots.txt.
$page = '';
for ( $i = 0; $i < 100000; $i++ )
{
$page .= new_email();
}
function new_email()
{
$email = '';
$letters_array = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
's', 't', 'u', 'v', 'w', 'x', 'y', 'z');
for ( $i = 0; $i < 17; $i++ )
{
$email .= ( $i!== 10 )? $letters_array[ mt_rand( 0, 25) ] : '@';
}
$email .= '.com';
$email = '<a href="mailto:' . $email . '">' . $email . "</a>\n";
return $email;This creates the email addresses and loop through them to 100,000 has been reached.
$page .= "Goodbye!";
echo $page;this sets a nice freindly message to say get off my site you pile of crap.
It then gets booted out via the .htaccess file.
Why Am I giving this script away?
I told you I'm a nice guy. I've had major spammer problems in the past. I don't want a link back, cash or even sexual favors :D
Just the satisfaction of getting my own back on as many spammers as possible. The best thing is Spammers can hit your site several times a day so hell that could be close to a million crap emails they get. O well get a job!
All the best and have a Great day
Jaza
If any one spots any problems or bad instructions, please don't hesitate to post.
DISCLAIMER: Agian it's up to you to implament this properly. If you don't feel safe doing it don't.
Any feed back would be very greatfully appricated.
Have a great xmas and an even better new year