This is an email spider harvesting bomb which will effectively render the email spider's database worthless. It will feed it 1,000 bad email addresses and serveral links which refreash the page and each generate 1,000 more bad addresses. This cycle continues until the spider's logs are full and it stops. Sooner or later, spiders will be forced to blacklist your website and will never come back to attempt to harvest email addresses.

Feel free to link to http://www.deltaend.com/strap/

edit: Oops forgot creds...
All credit to DeltaEnd, wee thought those of you on here with sites, (a couple of you I gathered), would find this useful...

[/joy]

(This post was last modified: 27/06/2007 10:14 PM by BlackNinja.)

There's email spiders now?  O_o, I thought there were only website crawlers.  But then...  can't they just use a similar algorithm?

ZiNgA BuRgA Wrote:There's email spiders now?  O_o, I thought there were only website crawlers.  But then...  can't they just use a similar algorithm?

Ummm... Not sure if this answers your questions is but:

Yup, for a long time now. They're smart too, and not hard to code. They can be given a list of search engines or specific sites; and search/crawl/spider around all robot like, grepping for emails. Everything is logged. If a bot hits this page it gets stuck logging ? bogus accounts until the DB is full. Cool huh!
If you meant bots that brute force for active email accounts, then, yup too...

Otherwise:

The idea is this, a lot of websites have dynamic pages.  Take these forums for example, the "Forum" link at the top leads to a certain page, with the same "Forum" link at the top - so if a spider kept going through the link, it would be stuck in an infinite loop.  Thus I guess the idea is that the spider won't continually re-index pages it has indexed before.  Another possibility is that it uses a priority system, so, although it may be stuck in an "infinite loop", it won't really have any effect.

Other argument is that I'm sure people have tried it with Google and Yahoo, and I doubt those multi-billion dollar companies would be brought down by such a simple trick.  Might work on lesser intelligent spiders I guess.

so basicly u email the admin of the website u want to "blacklist" and it dus it for u

basically, if you warm your hands and use just the right amount of force, there's no telling how much milk will come out of the cow!

wow maybe a tenthousand of these at the same time could bring down yahoo or google

eggroll Wrote:basically, if you warm your hands and use just the right amount of force, there's no telling how much milk will come out of the cow!

* ZiNgA BuRgA remembers that:D

ZiNgA BuRgA Wrote:The idea is this, a lot of websites have dynamic pages.  Take these forums for example, the "Forum" link at the top leads to a certain page, with the same "Forum" link at the top - so if a spider kept going through the link, it would be stuck in an infinite loop.

Kinda, you have a good heart, I can tell... To understand this, you need to, "think evil".
This page/link/script/whateveryouwannacallit targets "email harvesters". Most often its simple code on a dedicated box in a second world country targeting a, (or multiple), user defined site(s) with the sole intention of extracting potentially active email addresses from page source. Upon finding a potential email address, it is logged while the bot continues to scan. These email's are sent sPa/\/\. Upon reply, they are sent more sPa/\/\. Upon finding a link, it is followed and the process is repeated, (In the case of this page; filling the DB with garbage email's), unless...

ZiNgA BuRgA Wrote:...it uses a priority system...

In other words, if the bot won't log email's outside the base domain and has a connection limit, it won't work because it won't visit the five links at the top.

ZiNgA BuRgA Wrote:Thus I guess the idea is that the spider won't continually re-index pages it has indexed before.

The thing about it is, the page is randomly generated and is never re-indexededified... Try visiting the link, the top five are links and the rest are bogus email's. Now refresh the page, or visit one of the links... Now they're all different. Cool concept no?

ZiNgA BuRgA Wrote:Other argument is that I'm sure people have tried it with Google and Yahoo, and I doubt those multi-billion dollar companies would be brought down by such a simple trick.

Hmmm... never thought about that... I wonder what happens when G00gleb0t visits that page... Can't be good... He doesn't have a robots.txt either, (not that it would matter but)... How would it avoid it?

ZiNgA BuRgA Wrote:Might work on lesser intelligent spiders I guess.

That's the idea, yup.
edit: You could code/embed your own in every page, that would be ultimate, but the bandwidth if one, (or 1000) got stuck... basically refreshing over and over... augghh... consider it a proof of concept, rendered useless in due time... Think DOS, (not the Microsoft one), unless everyone had one.
Otherwise you could stash the link at the top of every page. Or even: "To contact me: admin@website.com", for AI harvesters that ignore source and use an, ummm, (in laymans terms), automated people technic. Or combine it with an SMTP server honeypot... nevermind... I could go on forever... Either way, it helps fight sPa/\/\.

Hows that for milk? ;P

(This post was last modified: 30/06/2007 04:00 AM by BlackNinja.)

O_o, okay I get it - for lame sPa/\/\ seeking scripts :P

As for dynamic pages, commercial search engine spiders (ie GoogleBot) tend to give a time period between re-indexing - eg, many pages will change when you keep visiting it.
The priority system generally works by indexing via a "parallel method" rather than a linear index (eg, go to one link, then index all the stuff in that link, go out, go to next link, etc etc), somewhat similar to how Windows switches between threads.

Nice concept though :P
Hmm, I could easily stick an invisible link to that on this website :P
I wonder if those bots can pick this up:

(This post was last modified: 01/07/2007 04:27 AM by ZiNgA BuRgA.)