Feeding Spammers Bogus Address with wPoison

wPoison is a Perl CGI program which generates dynamic web pages full of bogus email addresses and randomized hyperlinks. As a spambot attempts to harvest your web page and "clicks" on the wPoison link, wPoison creates a brand new page full of bogus addresses. The spambot goes to the next hyperlink and the process repeats. Pretty soon, the spammer has a database full of useless addresses. Couldn't happen to a nicer bunch of people, could it?

Installing wPoison

Installing wPoison could not be simpler. Simply download the source code and place it in your cgi-bin directory. You may want to name it something other than wpoison.pl as spambots may get smart enough to avoid links with this name. The author recommends calling it something similar to members or clients to fool spmabots.

Some spambots are smart enough to avoid cgi-bin directories. To get these bots, create a new directory under your DocumentRoot. Then using the magic of mod_rewrite redirect any client clicking on that directory will be redirected to wPoison. The below is section shows how to accomplish this with a directory of "/var/www/html/members".

RewriteEngine on

RewriteCond    {REQUEST_URI}    /members
RewriteRule    ^.*              http://your.domain.xyz/cgi-bin/wpoison.pl

The last thing you need to do is honor the software's copyright. Simply put up the wPoison logo on your main page. Think of it like putting a spammer's head on a pike in your front lawn.

A Little Something Extra

Looking to ensure spambots find wPoison? A little more magic with mod_rewrite can push known spammers to wPoison. The below section shows how to use mod_rewrite to redirect spammers based on their bot name, fully qualified domain name, and/or IP address.

RewriteEngine on

RewriteCond    %{HTTP_USER_AGENT}   SpamBot    [NC] [OR]
RewriteCond    %{REMOTE_HOST}       Spammer's FQDN    [OR]
RewriteCond    %{REMOTE_ADDR}       Spammer's IP
RewriteCond    %{REQUEST_URI}       !/wpoison_dir/wpoison.pl
RewriteRule    ^.*                  http://your.domain.xyz/wpoison_dir/wpoison.pl

The above section does the following:

The first line turns on the mod_rewrite engine
The second line sets the condition for the rewrite to the user agent containing SpamBot. The [NC] makes it case insensitive. The [OR] says the rule will occur if there is a match with this rule or the one following it.
The third line sets the condition for rewrite to any remote host matching the spammer's FQDN.
The fourth line sets the condition for rewrite to any remote IP matching the spammer's IP
The fifth line sets the condition for rewrite to any page other than the one containing wPoison.
The last line rewrites the entire HTTP request to your wPoison installation if any of the first three conditions and the last one are met.

Remember to exempt your target page from the redirection. Otherwise you can denial of service (DOS) your server with an infinite redirect loop. Most browsers will detect this and error out with a message referencing "recursive redirection" or "too many redirects".