serving a robots.txt

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

serving a robots.txt

poweroftwo
Hi!

E-Mail harvesting on PGP key servers can be done with such commands:
http://www.google.com/search?q=site%3Akeyserver.fabbione.net+pks+uid

I already receive spam because i decided to upload my public key years ago. I know its the source, because the same spam message arrived on all accounts belonging to one key withing seconds.

Those results could be prevented if server administrators would place such a robots.txt file in their webroot:
User-agent: *
Disallow: /pks/

WOW, i found a PGP Server that already has the file: http://keyserver.hadiko.de/robots.txt

It would be great if every PGP Server would do this, but how many of them are out there? Is it possible to contact every administrator?

The homepage of a common PGP Server software is: http://minskyprimus.net/sks/. They have a pool status page at: http://sks-keyservers.net/status/ . About 30-60 Servers here. Asking google, there might be 99 servers out there: http://www.google.com/search?q="%2Fpks%2Flookup%3Fop%3Dstats" .
Hmm, there are hundreds. But not thousands.
Perhaps it is still worth a try, since keys can never ever be deleted. Once your key leaked out to a public key server its spreaded all over the world. Thanks google, its ready to get spammed then.

Could sks suggest setting up such a robots.txt file? What do you think?

kind regards, poweroftwo


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: serving a robots.txt

Darren Horsman
It won't do much - custom spiders are used to harvest keys, since they
are already sending spam it is unlikely they would care about the
robots.txt file.

[hidden email] wrote:
 > Hi!
 >
 > E-Mail harvesting on PGP key servers can be done with such commands:
 > http://www.google.com/search?q=site%3Akeyserver.fabbione.net+pks+uid
 >
 > I already receive spam because i decided to upload my public key
years ago. I know its the source, because the same spam message arrived
on all accounts belonging to one key withing seconds.
 >
 > Those results could be prevented if server administrators would place
such a robots.txt file in their webroot:
 > User-agent: *
 > Disallow: /pks/
 >
 > WOW, i found a PGP Server that already has the file:
http://keyserver.hadiko.de/robots.txt
 >
 > It would be great if every PGP Server would do this, but how many of
them are out there? Is it possible to contact every administrator?
 >
 > The homepage of a common PGP Server software is:
http://minskyprimus.net/sks/. They have a pool status page at:
http://sks-keyservers.net/status/ . About 30-60 Servers here. Asking
google, there might be 99 servers out there:
http://www.google.com/search?q="%2Fpks%2Flookup%3Fop%3Dstats" .
 > Hmm, there are hundreds. But not thousands.
 > Perhaps it is still worth a try, since keys can never ever be
deleted. Once your key leaked out to a public key server its spreaded
all over the world. Thanks google, its ready to get spammed then.
 >
 > Could sks suggest setting up such a robots.txt file? What do you think?
 >
 > kind regards, poweroftwo
 >
 >
 > _______________________________________________
 > Sks-devel mailing list
 > [hidden email]
 > http://lists.nongnu.org/mailman/listinfo/sks-devel


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: serving a robots.txt

David Shaw
In reply to this post by poweroftwo
On Aug 15, 2008, at 4:44 AM, [hidden email] wrote:

> Hi!
>
> E-Mail harvesting on PGP key servers can be done with such commands:
> http://www.google.com/search?q=site%3Akeyserver.fabbione.net+pks+uid
>
> I already receive spam because i decided to upload my public key  
> years ago. I know its the source, because the same spam message  
> arrived on all accounts belonging to one key withing seconds.
>
> Those results could be prevented if server administrators would  
> place such a robots.txt file in their webroot:
> User-agent: *
> Disallow: /pks/

Why would spammers even care if the robots.txt file is in place?  Only  
people following the rules respect robots.txt.  Spammers, by  
definition, are not following the rules.

David


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: serving a robots.txt

Jan Dreyer-2
In reply to this post by poweroftwo
Hi,

[hidden email] schrieb:

> E-Mail harvesting on PGP key servers can be done with such commands:
> http://www.google.com/search?q=site%3Akeyserver.fabbione.net+pks+uid
>
> I already receive spam because i decided to upload my public key years ago. I know its the source, because the same spam message arrived on all accounts belonging to one key withing seconds.
>
> Those results could be prevented if server administrators would place such a robots.txt file in their webroot:
> User-agent: *
> Disallow: /pks/
>
> WOW, i found a PGP Server that already has the file: http://keyserver.hadiko.de/robots.txt
>
> It would be great if every PGP Server would do this, but how many of them are out there? Is it possible to contact every administrator?
>
> The homepage of a common PGP Server software is: http://minskyprimus.net/sks/. They have a pool status page at: http://sks-keyservers.net/status/ . About 30-60 Servers here. Asking google, there might be 99 servers out there: http://www.google.com/search?q="%2Fpks%2Flookup%3Fop%3Dstats" .
> Hmm, there are hundreds. But not thousands.
> Perhaps it is still worth a try, since keys can never ever be deleted. Once your key leaked out to a public key server its spreaded all over the world. Thanks google, its ready to get spammed then.
>
> Could sks suggest setting up such a robots.txt file? What do you think?


I think it makes sense for "easy" spidering; google (and other
websearches like yahoo) will respect the robots.txt so the mail adresses
won't show up in websearches.
Nevertheless as mentioned before many spam-bots are using own spiders
which don't respect anything.

But: bad maintained keyservers have been a problem since pks was out
first ...

If you would like to remove your mail address from websearches, you may
consider uploading an updated "broken" version of your key without any
(valid) mailaddress - though this makes the keyserver useless (for your
key). I think I will have no more friends here after posting this
proposal ;-)

Greetings
Jan Dreyer


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel