lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <33713abc04100815093997aba8@mail.gmail.com>
From: stfunub at gmail.com (Andrew Smith)
Subject: Simple but Effective Spam Harvester Solutions

Not entirely sure if this is appropriate for full-disclosure. Ah Well.

As you may well know there are programs that scour the internet
looking for email addresses, some people attempt to thwart them
writing emails like "my_email (AT) mydomain (DOT) com". These don't
really work, so i figured some of my own out. They appear to have been
successful, i will share them with you now.

Using HTML Escape characters is a popular method, eg:

 <a href="mailto&#58;escchar&#64;shiz&#46;biz">contact me</a> 
This works quite well but is easy to defeat (more on HTML escape
chars: http://www.theukwebdesigncompany.com/articles/entity-escape-characters.php)

I then started toying with JavaScript, this worked great. Here are
some examples:

<script>
document.write('<a href="mailto:js1');
document.write('@...z.biz');
document.write('">contact me</a>');
</script>

<script>
var a="@shiz.biz"
document.write('<a href=mailto:');
var b="js2"
document.write(b);
document.write(a);
</script>
>contact me</a>

<script language="Javascript" src="a.htm"></script>
<script language="Javascript" src="b.htm"></script>
<script>
document.write("<a href=mailto:");
document.write(a+b);
</script>>contact me</a>

Also, worked pretty well. As it gets more complicated it's far harder to defeat.
Then i found PHP could be used, creating a file called 'mail.php' and entering:

<?php
header("Location: mailto:form2@...z.biz")
?> 

into it, meant that linking to mail.php would launch an email.

Anyways, more info can be found here: http://www.wheresthebeef.co.uk/?p=hat

I hope some people have found this useful.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ