Since it's so simple and I want comments on coding, I'll post it inline for now and only find a place to keep it if it grows and other people like it.
- Code: Select all
#!/bin/sh
#Copyright Michael De La Rue 2008;
# This program may be used under the GNU General Public License version 3 or (at your option) later.
# http://www.gnu.org/copyleft/gpl.html
#
#file where we log people who generate ; if you have selinux do chcon -t httpd_sys_content_t <filename>
LOGFILE=/var/www/data/email-address.log
#your base email address; you also set the watchword in the regex below
BASEADDR="myuser@spamgourmet.com"
#the email address contains random characters mixed (by the sed pattern) with a watch word
#you would use a watchword like "^wa.*tc.*h$" to match these email addresses which will stop
#spammers from simply appending or removing parts of the string.
sleep 1 # rate limit on /dev/urandom when combined with httpd connection limit.;
#the watchword is in the regular expression "^wa.*tc.*h$" in this case. Test carefully
EMAIL=`dd if=/dev/urandom bs=10 count=1 2>/dev/null | base64 | tr -d '/+=' | sed 's/\(.....\)\(.*\)/wa\1tc\2h/'`.$BASEADDR || exit 3
echo `date +"%Y/%m/%d %H:%M:%S"` "$REMOTE_ADDR $REMOTE_PORT $EMAIL $REQUEST_URI" | cat -v >> $LOGFILE || exit 4
echo "Content-type: text/plain"
echo
echo This email address may not be valid for long. Please use it immediately.
echo For reliable contact please consider a mobile phone or registered letter.
echo
echo " " $EMAIL
Some possible improvements I can think of
- address based blocking (maybe better just to use a .httaccess file)
- locking to reduce maximum server load (only one user at a time; second one gets a busy message)
- output an html page
- force the user to go through a post CAPTCHA javascript or other thing likely to stop a bot (remember accessibility)
Hints for usage
- I haven't yet managed to test the watchword pattern above..
- make sure it's somewhere robots aren't encouraged to go. You might use a robots.txt
- the above cuts and pastes to a working script but be careful that you don't add any line breaks that weren't there in the original.
- immediately you get your first spam (and as often as you like), add a new watchword to spamgourmet and change over your script. Delete your old watchword after a week or so (so your correspondents have time to contact you).
- you have to trust your web server to run scripts. enabling SELINUX will probably improve your security
- you can use logrotate to keep the file size limited but beware of spammers trying to overload your logs.
Changelog (I edited this comment):
- added logging of request url. now you can know where the spammer got the link from by using a link like http://example.com/cgi-bin/mymail.cgi/xxxyyyxxx