Bots don't honor 301 :(
VirginSnow at vfemail.net
VirginSnow at vfemail.net
Sat Jan 10 21:14:09 EST 2009
> From: "H. Kurth Bemis" <kurth at kurthbemis.com>
> Date: Sat, 10 Jan 2009 15:51:50 -0500
> Cc: gnhlug-discuss at mail.gnhlug.org
> I solved a similar problem using iptables rate limiting feature. Just
> slows down the attempts from hundreds/night to about ~8/night.
I was thinking about accepting the connection, maybe sending out a few
headers, and then the stalling the connection. But it's easy to set
connect/read timeouts, even on windows. That's something the bot
writer is likely to have accounted for.
I could return 200 OK, and send an infinite stream of 0xFF at the bot.
That might overflow its receive buffer or ehxaust its memory. No one
on this list would happen to know if spambots bounds check their
reads, would they? (; I might be able to test for it, if there was a
way to detect when the client socket is closed. Do win32 clients send
a FIN/ACK pair when an app with an open TCP socket unceremoniously
crashes? If not, I could interperet a FIN packet to mean that the
bot's immune to being "drowned" with 0xFFs.
I can't spend a whole lot of time on this though. If there's
something quick and dirty I can put in place that'll take the bots
down, I'll use it. I'm just not willing to build a full blown
honeypot to do so.
More information about the gnhlug-discuss
mailing list