Python open proxy honeypot

[Alex Reinhart]

Being deluged by spam like nearly all of us (though fortunately I have a
very good spam filter), I also hate spam as much as almost everybody. I
know basic Python (enough to make a simple IRC bot) and I figured a good
project to help learn Python would be to make a simple "proxypot."

I've done some research and found one already existing, written in Perl
(http://www.proxypot.org/). However, I prefer the syntax and ease of
Python (and Proxypot is no longer maintained, as far as I can see), so I
decided to write my own. I have just one question:

Is running Python's built-in smtpd, pretending to accept and forward all
messages, enough to get me noticed by a spammer, or do I have to do
something else to "advertise" my script as an open proxy?

I'm hoping to make this proxy script "distributed", in that several
honeypots are run on different servers, and the results are then
collected on a central server that provides statistics and a listing of
all spammers caught. So, just out of curiosity, I'd like to know how
many people would actually be willing to run a honeypot on their server,
and how many are opposed to the idea (just so I know if the concept is
even valid).

Thanks!

 

[Serge Orlov]

Being deluged by spam like nearly all of us (though fortunately I have a
very good spam filter), I also hate spam as much as almost everybody. I
know basic Python (enough to make a simple IRC bot) and I figured a good
project to help learn Python would be to make a simple "proxypot."

I've done some research and found one already existing, written in Perl
(http://www.proxypot.org/). However, I prefer the syntax and ease of
Python (and Proxypot is no longer maintained, as far as I can see), so I
decided to write my own. I have just one question:

Is running Python's built-in smtpd, pretending to accept and forward all
messages, enough to get me noticed by a spammer, or do I have to do
something else to "advertise" my script as an open proxy?

I'm hoping to make this proxy script "distributed", in that several
honeypots are run on different servers, and the results are then
collected on a central server that provides statistics and a listing of
all spammers caught. So, just out of curiosity, I'd like to know how
many people would actually be willing to run a honeypot on their server,
and how many are opposed to the idea (just so I know if the concept is
even valid).

IMHO it's pretty useless, spammers are starting to use botnets, and the
more you make inconvenient to them use open proxies, the more of them
will move to closed botnets.

My spam folder at gmail is not growing anymore for many months (it is
about 600-700 spams a month). Have spammers given up spamming gmail.com
only or is it global trend?

 

[Alex Reinhart]

IMHO it's pretty useless, spammers are starting to use botnets, and the
more you make inconvenient to them use open proxies, the more of them
will move to closed botnets.

As long as I inconvenience them, or at least catch one or two, I'll be
satisfied.

My spam folder at gmail is not growing anymore for many months (it is
about 600-700 spams a month). Have spammers given up spamming gmail.com
only or is it global trend?

I get several spam mails a day at gmail.com.

 

[Serge Orlov]

As long as I inconvenience them, or at least catch one or two, I'll be
satisfied.

What makes you think that spammers won't discover you're blackholing
their spam as soon as you start to make some impact on their business?
They will just skip your proxypots and move to real open proxies.

I think you'll make bigger impact if you implement proxy checking
software <http://dsbl.org/programs> in Python, so it can run on windows
too.

 

[Alex Reinhart]

What makes you think that spammers won't discover you're blackholing
their spam as soon as you start to make some impact on their business?
They will just skip your proxypots and move to real open proxies.

There are so many spammers and (hopefully) more than one proxypot, so a
stream of less-than-coordinated spammers would probably be caught. The
more coordinated, careful ones would probably avoid them quickly enough,
but I'm sure there are plenty of stupid spammers.

I think you'll make bigger impact if you implement proxy checking
software <http://dsbl.org/programs> in Python, so it can run on windows
too.

That would be a good goal as well.

 

[imcs ee]

Alex Reinhart wrote:
My spam folder at gmail is not growing anymore for many months (it is
about 600-700 spams a month). Have spammers given up spamming gmail.com
only or is it global trend?

Gmail said "messages that have been in Spam more than 30 days will be
automatically deleted"
so may be the speed of spam comes in counterbalanced to the speed spam goes out?

 

[Serge Orlov]

Gmail said "messages that have been in Spam more than 30 days will be
automatically deleted"
so may be the speed of spam comes in counterbalanced to the speed spam goes out?

Yes, it is. My point was "monthly amount" is not increasing for me. But
I guess if you publish your email everywhere it is increasing:
<http://egofood.blogspot.com/2006/06/well-spam-is-officially-annoying.html>
20,000 a month. Wow.