This paper describes the measures that were taken by Dutch hosting provider Byte Internet to counteract the increasing amount of HTTP spam. By utilizing smart techniques such as reverse proxy scanning and HTTP honey pots, Byte automatically identifies new sources of spam and blocks over 50,000 spam HTTP spam attempts daily on behalf of its customers. A new way of combating a increasingly annoying and destructive evil on the web.


HTTP spam, ie. spam sent over the web, has been around since 2003 in many appearances, the most ubiquitous being refer and comment spam (to increase one’s position in the search engine rankings) and formmail spam (abuse malcoded server side scripts to send e-mail spam).

Many technical measures has been proposed, yet no generic solution was found. In general, these solutions target a very specific application, make unjustifiable assumptions about the audience or are just not viable for a series of other reasons. One example is the popular Captcha, a picture one has to transcribe as proof of being a human. Many website owners find these tests too obtrusive for the end-user, or webmasters simply do not know how to implement such verification schemes.

In our day to day experience as a hosting provider, we find that many customers take the spam for granted and manually delete tens to hundreds of spam comments a day. Another part of our customer base refrains from interactivity altogether and has dismissed any feedback/comment/submission functionality.

Theorem: People will inevitably find new ways to gain personal profit from abusing the web. Counter measures should therefore focus on the common denominator of the problem, which is the fact that abusers are after hiding their identity. By targeting the possibilities for anonymisation, not only do we solve today’s problems but also take a stab at tomorrow’s.

PDF The entire whitepaper can be found here.

Scan je eigen Magento shop op veiligheidslekken