If you are wondering why the idea of bbProtection was conceived then this is the post for you. Dave and I have been running some honeypots to catch spammers, their trends and their general behaviour for a few months now and its time to give a general idea on how things are going and just why we are running them.

So just what is a honeypot?

Wikipedia can explain this one better than I can:

In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

In our terms; we have phpBB installations that are stock, normal installs that you would find across the internet. They haven’t been modified to try and stop spammers, and they are open to attack.

So why run these honeypots then?

Put simply it is beneficial for us to collect as much data as we can get our hands on regarding spammers and their behaviour. This includes the raw registration and post data that we can use later on to refine and make the service better and more able to detect spam.

It also shows really interesting trends that we can compare between honeypots. For example, a massive increase in spam offering degrees and other educational qualifications around the start of September shows that spammers are using targeted dates such as the start of the academic year to attempt to promote their “services”.

How much have you caught?

My honeypot has caught around 10,000 spam posts and around 900 spam user accounts. Dave’s statistics are considerably higher at around 35,000 spam posts and 5,400 users at the time of writing.

Both boards are purely designed to collect data and make it clear that they are doing so, therefore I don’t expect many if any of these posts or registrations to be from anything else than automated bots who just target every forum they find across their warpath.

What have you caught?

Mainly generic spam; medicine, pills, general obscene content and suchlike. More interesting examples include spam hidden in jokes and funny anecdotes as well as the classic fake signature trick that Dave noticed a while back.

Can I run a honeypot?

Of course, providing you have basic web hosting and are able to install a bulletin board. However, be prepared for a serious amount of spam that isn’t necessarily pretty or nice (a lot of spam relates to X rated content). This especially holds true for domains that are more popular than others, for example Dave’s honeypot recieves more spam than mine does; probably related to the fact that his domain has been around a lot longer than mine has and is therefore on more spammer’s lists.

If you do decide to set one up let us know if you spot any interesting trends or patterns appearing