BASTED is a free tool/solution, that acts as a honeypot for spammers, who use spambots to harvest email addresses from websites. BASTED has been designed to become a powerfull tool for system administrators willing to gather information about the data-flow in the spam process.

The idea behind BASTED is simple. Spammers use programs that crawl our websites and automatically gather text matching the email address format (user@domain.com). They then use those harvested email addresses to pollute the internet, our networks and everyone's mailboxes with unsolicited spam mail. BASTED tricks spambots into collecting randomly generated email addresses from a php script, each one recorded in BASTED's database along with the visitor's IP address. Those email addresses would be in the format user-name@spamhost.yourdomain.com and should be handled by your MTA to forward all mail traffic into one mailbox. Once mail is received on that mailbox, a perlscript would parse the mailbox and insert the mail message in BASTED's database. BASTED is then able to generate nice (abuse) reports containing all ascociated data for the spam mail received. Yes, it is handy for monitoring/trapping those filthy spammers.

At the moment, BASTED is designed to operate on its own vhost (for web and mail), which gives the advantage of only receiving spam messages sent solely to addresses that were gerated by the php script. It is important to note that the forementioned addresses are generated using a pronounceable word algorithm, in order to make sure that the email address appears valid to any filters running on the crawler's side. Through its web-based administrative interface, BASTED can generate reports about spam-mail received and usernames/mailboxes generated by the php script, ascociate those results, report IP addresses of spammers and spamcrawlers, and last but not least, create abuse reports in the easiest fashion.

BASTED is written in php and perl, and also requires a mailserver accepting spam-mail for a dns record, and a web-server to host the php-scripts for the honeypage and the administrative interface. Some screenshots of the admin interface and reports can be found here. Another version of this document resides here.If you are still interested go ahead and try it.

The r00thellians are really happy people once they receive feedback from others, concerning their tools. If you create extensions or invent different uses for this tool, please feel free to let us know - tr\at/r00thell.org.