0: #!/usr/bin/perl
1: # spamtrap_encode/spamtrap_decode
2: # zeitform Internet Dienste (c) 2003
3: # alex@zeitform.de - Version 0.1
4: #
5: # encrypt timestamp and ip address for random mail-addresses
6: #
7: # spamtrap_encode creates a blowfish encrypted hex string
8: # based on a given ip address and timestamp to construct
9: # dynamic mail addresses for online publishing
10: #
11: # If you publish your email address on your web site, you will
12: # be spammed. To minimize this, you can use methods to
13: # trick address harvesters:
14: # 
15: #   * "user at domain dot com"
16: #   * "user-nospam@domain.com"
17: #   * HTML encoded mailto
18: #   * JavaScript generated mailto
19: #   * other methods
20: #
21: # The method proposed by this encoder creates mail addresses
22: # that include a timestamp and the ip address of the remote
23: # host (i.e. of the harvester). This enables you to reveal
24: # the harvester's ip adress for received spam. 
25: #
26: # usage:
27: #
28: # my $ip   = $ENV{REMOTE_ADDR};   # e.g. "146.140.8.123"
29: # my $time = time;                # unix timestamp
30: # my $key  = "0123456789ABCDEF";  # key for Blowfish
31: #
32: # to generate the spamtrap string:
33: #
34: # my $string = spamtrap_encode($ip, $time, $key);  # e.g. 78c1ed6da0322b3a
35: #
36: # to decode:
37: #
38: # ($ip, $time) = spamtrap_decode($string, $key);   # returns ip address and timestamp
39: #
40: # Example:
41: #
42: # If you have an E-Mail address "joe@domain.com" and use qmail
43: # extensions to have addresses like "joe-anything@domain.com"
44: # you could publish your E-Mail address on websites with:
45: #
46: # print '<a href="mailto:joe-' . spamtrap_encode($ip, $time, $key) . '@domain.com">Joe</a>';
47: #
48: # which prints:
49: #
50: #  <a href="mailto:joe-78c1ed6da0322b3a@domain.com">Joe</a>
51: #
52: # A perfect trap for address harvesters!
53: #
54: # Many thanks to Daniel A. Rehbein (http://daniel.rehbein.net/)
55: # for the idea to this code.
56: #
57: #### some dumy input
58: #
59: #  $ip   = quad-dooted ip address
60: #  $time = unix timestamp
61: #  $key  = your secret key
62: 
63: my $ip   = "146.140.8.123";
64: my $time = time;
65: my $key  = "0123456789ABCDEF";
66: 
67: #### end dummy input
68: 
69: my $string = spamtrap_encode($ip, $time, $key);
70: 
71: print "time:   $time\n";
72: print "ip:     $ip\n";
73: print "cipher: $string\n";
74: 
75: ($ip, $time) = spamtrap_decode($string, $key);
76: 
77: print "time:   $time\n";
78: print "ip:     $ip\n";
79: 
80: exit;
81: 
82: ### sub land
83: 
84: sub spamtrap_encode
85:   {
86:     my ($ip, $time, $key) = @_;
87:     return unless $key;
88:     return unless $time > 0;
89:     return unless $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/o;
90:     my $inkey = pack("H16", $key);
91:     my $plaintext = join("", map { chr } split (/\./, $ip)) . pack("L", $time);
92:     use Crypt::Blowfish;
93:     my $cipher = new Crypt::Blowfish $inkey;
94:     my $string = unpack("H*", $cipher->encrypt($plaintext));
95:     return $string;
96:   }
97: 
98: sub spamtrap_decode
99:   {
100:     my ($string, $key) = @_;
101:     return unless $key;
102:     return unless $string =~ /[0-9a-f]{16}/o;
103:     my $inkey = pack("H16", $key);
104:     use Crypt::Blowfish;
105:     my $cipher = new Crypt::Blowfish $inkey;
106:     my $plaintext = $cipher->decrypt(pack("H*", $string));
107:     my $time = unpack("L", substr($plaintext, 4, 4));
108:     my $ip = join(".", map { ord } split //, substr($plaintext, 0, 4));
109:     return wantarray ? ($ip, $time) : "$ip $time";
110:   }
111: 
112: ###-fin