1: #!/usr/bin/perl
   2: # spamtrap_encode/spamtrap_decode
   3: # zeitform Internet Dienste (c) 2003
   4: # alex@zeitform.de - Version 0.1
   5: #
   6: # encrypt timestamp and ip address for random mail-addresses
   7: #
   8: # spamtrap_encode creates a blowfish encrypted hex string
   9: # based on a given ip address and timestamp to construct
  10: # dynamic mail addresses for online publishing
  11: #
  12: # If you publish your email address on your web site, you will
  13: # be spammed. To minimize this, you can use methods to
  14: # trick address harvesters:
  15: # 
  16: #   * "user at domain dot com"
  17: #   * "user-nospam@domain.com"
  18: #   * HTML encoded mailto
  19: #   * JavaScript generated mailto
  20: #   * other methods
  21: #
  22: # The method proposed by this encoder creates mail addresses
  23: # that include a timestamp and the ip address of the remote
  24: # host (i.e. of the harvester). This enables you to reveal
  25: # the harvester's ip adress for received spam. 
  26: #
  27: # usage:
  28: #
  29: # my $ip   = $ENV{REMOTE_ADDR};   # e.g. "146.140.8.123"
  30: # my $time = time;                # unix timestamp
  31: # my $key  = "0123456789ABCDEF";  # key for Blowfish
  32: #
  33: # to generate the spamtrap string:
  34: #
  35: # my $string = spamtrap_encode($ip, $time, $key);  # e.g. 78c1ed6da0322b3a
  36: #
  37: # to decode:
  38: #
  39: # ($ip, $time) = spamtrap_decode($string, $key);   # returns ip address and timestamp
  40: #
  41: # Example:
  42: #
  43: # If you have an E-Mail address "joe@domain.com" and use qmail
  44: # extensions to have addresses like "joe-anything@domain.com"
  45: # you could publish your E-Mail address on websites with:
  46: #
  47: # print '<a href="mailto:joe-' . spamtrap_encode($ip, $time, $key) . '@domain.com">Joe</a>';
  48: #
  49: # which prints:
  50: #
  51: #  <a href="mailto:joe-78c1ed6da0322b3a@domain.com">Joe</a>
  52: #
  53: # A perfect trap for address harvesters!
  54: #
  55: # Many thanks to Daniel A. Rehbein (http://daniel.rehbein.net/)
  56: # for the idea to this code.
  57: #
  58: #### some dumy input
  59: #
  60: #  $ip   = quad-dooted ip address
  61: #  $time = unix timestamp
  62: #  $key  = your secret key
  63: 
  64: my $ip   = "146.140.8.123";
  65: my $time = time;
  66: my $key  = "0123456789ABCDEF";
  67: 
  68: #### end dummy input
  69: 
  70: my $string = spamtrap_encode($ip, $time, $key);
  71: 
  72: print "time:   $time\n";
  73: print "ip:     $ip\n";
  74: print "cipher: $string\n";
  75: 
  76: ($ip, $time) = spamtrap_decode($string, $key);
  77: 
  78: print "time:   $time\n";
  79: print "ip:     $ip\n";
  80: 
  81: exit;
  82: 
  83: ### sub land
  84: 
  85: sub spamtrap_encode
  86:   {
  87:     my ($ip, $time, $key) = @_;
  88:     return unless $key;
  89:     return unless $time > 0;
  90:     return unless $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/o;
  91:     my $inkey = pack("H16", $key);
  92:     my $plaintext = join("", map { chr } split (/\./, $ip)) . pack("L", $time);
  93:     use Crypt::Blowfish;
  94:     my $cipher = new Crypt::Blowfish $inkey;
  95:     my $string = unpack("H*", $cipher->encrypt($plaintext));
  96:     return $string;
  97:   }
  98: 
  99: sub spamtrap_decode
 100:   {
 101:     my ($string, $key) = @_;
 102:     return unless $key;
 103:     return unless $string =~ /[0-9a-f]{16}/o;
 104:     my $inkey = pack("H16", $key);
 105:     use Crypt::Blowfish;
 106:     my $cipher = new Crypt::Blowfish $inkey;
 107:     my $plaintext = $cipher->decrypt(pack("H*", $string));
 108:     my $time = unpack("L", substr($plaintext, 4, 4));
 109:     my $ip = join(".", map { ord } split //, substr($plaintext, 0, 4));
 110:     return wantarray ? ($ip, $time) : "$ip $time";
 111:   }
 112: 
 113: ###-fin