Where there’s honey!

I thought there was a need to do a short follow up on the post I did some time back about developing and protecting my online store: Building My Own Little Empire. Firstly I need to make an update on one of the plugins. I listed and was using StopBadBots by ReportAttacks.com. Unfortunately for me, even though the plugin works and functions as stated, caused a conflict with a ‘must use’ plugin in my list. Neither developer was willing t try and figure the issue, so one had to be exchanged. Unfortunately for StopBadBots (which was free) it was them. Instead I opted to use one that I had tried earlier but was a little more complicated to set up; Black Hole for Bots. This is working well for my setup, but needs to have a whitelisting of your IP address to avoid being locked out. The same must be said to a new plugin I added, but I will mention that when the time comes.

Above is a set of three charts listed at Project Honeypot, that show the amount of negative traffic and what affect it has on global internet usage (You can click on the images to see the larger version). It’s obvious to see who the main culprit is of much of the destructive forces of internet operations. I will explain these in a moment, but first let me explain Project HoneyPot, or Honeypot in terms of web use.

There are several bad aspects to using the web, I am sure it’s not new to you and not my place to state that this is an issue. If you have ever set up a WordPress naively and avoided adding any security measures, you may have found that you have loads of visitors and no seeming interaction, apart from a mass amount of spam comments on your posts. Well, this is one aspect of the bad side. These are bots, and sometime real people, trawling to sites looking for a way to add a comment automatically without having to do any checks. One reason Google invent ReCaptcha, was simply this, and thereupon it says “Are you human?” Bots (which are basically automated scripts), can do a lot of things, but one thing they can’t do is tick that ‘humanity’ tick box. So, by having it on your site, it can instantly cut down on those spam commenting bots.

Other negative aspects of web use (especially when images are concerned) are the practices of hotlinking and harvesting. Hotlinking is when a site (could be legit) uses your url link to an image or post, and places it on their site. Many credit scrapping sites actually steal all this image and info data and create fake sites and much of that can be done via hotlinking. Another deployed method and most common, is harvesting. This is literally when a bot or person goes to a site and physically takes all the images off the site and stores them for their own us. This could be to have fake sites to entice credit card sale, or actually using the images to make their own fake counterfeit products at low quality. Much of the shit merchandise you see on Amazon.com and AliExpress.com has been ripped in China (look at chart one above) and manufactured in China at low cost and given the impression it’s the original, due to this harvesting of information and mock-ups, etc.

For a long time there wasn’t much you can do about it, but now Project HoneyPot has created a pretty good mass solution. What HoneyPot is, is giving a fake piece of information on your webpage that a bot is searching for. When it hits that blank form field, baited URL or whatever (especially on mass) then it will be blocked, or added to a blacklist, or given the impression that the page doesn’t exist; like a 404 page or 503 page. now, if you a re good programmer, this implementation is relatively simple. If, like me, you are a creative and not a programmer, then the solution is harder. Luckily someone has created a WordPress plugin that aids in the setup: HoneyPot Toolkit by Jeff Sterup.

You can download from the WordPress repository of plugins via the Add New plugin interface. After that there is a little setup to do, as you will need to create an account at Project HoneyPot, but basically if you do it methodically it can be done in 30 minutes. Once the plugin has been setup then all that needs to be done is a link to the file downloaded from Project HoneyPot is needed. I have a mass amount of pages, and products and so I used Bulk Edit Pro for the products to place the “HoneyPot” data in my files.

What this now means is my site is trying to block harvesters and spammers. With the additional tick of the SPAMCOP option, a double barrier is created and any of the requirements for blacklisting are met, they will be added to the database and banned from your site.

It is probably a case that there are work arounds and ways to trick this, but it’s another weapon in your armoury to help combat this very destructive activity. Especially as a creative who has many images that are desired by these thieves and counterfeiters, then it is a very good solution. Since I installed the HoneyPot my Wordfence activity on Failed Logins, Blocked Countries and Blocked Its has dropped significantly. This is because they are stopped even before they get to this threshold. The next issue is to convince POD sites to add HoneyPot coding to avoid my art to be grabbed from their sites. I am seriously considering whether to actually avoid uploading to sites that don’t have these types of protection. It is not a hard thing to employ and the simple fact that a Whitelist option is available to allow the IPs that can hotline to the image for site.