Jump to content

Recommended Posts

Posted

I read about this a while ago, i could not find the original article. But heres the basic concept, If youve ever made the mistake of putting your email adress in plain text on a webpage, youll understand the amount of spam you receive (depending on how popular the site is).

The idea is to make long lists of fake email accounts and let the spam bots crawl them, sending large amounts of spam to places that don't exist. The success of this depends on how many of these pages we can get up, and how many sites link to each of them.

I wrote some php code to automatically make a large list of email addresses using random characters, TLDs. You can view it here: http://xkid.biz/lolspam.php

Ive called this piece of code LOLSpam, the source code is as follows

#!/usr/bin/php
<?php
//LOL Spam - xkid.biz

//Config Variables
$base_domain="";
$email_prefix="lolspam_";
$max_length="12";
$max_gen="1000";

//Do Not Change These
$abc= array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");
$tld= array(".ac",".ad",".ae",".aero",".af",".ag",".ai",".al",".am",".an",".ao",".aq",".as",".asia",".at",".aw",".ax",".az",".ba",".bb",".be",".bf",".bg",".bh",".bi",".biz",".bj",".bm",".bo",".br",".bs",".bw",".by",".bz",".ca",".cat",".cc",".cd",".cf",".cg",".ch",".ci",".cl",".cm",".cn",".co",".com",".coop",".cr",".cu",".cv",".cx",".cz",".de",".dj",".dk",".dm",".dz",".ec",".edu",".ee",".es",".eu",".fi",".fm",".fo",".fr",".ga",".gd",".ge",".gf",".gg",".gh",".gi",".gl",".gm",".gov",".gp",".gq",".gr",".gs",".gw",".gy",".hk",".hm",".hn",".hr",".ht",".hu",".id",".ie",".im",".in",".info",".int",".io",".iq",".ir",".is",".it",".je",".jo",".jobs",".jp",".kg",".ki",".km",".kn",".kr",".ky",".kz",".la",".lc",".li",".lk",".local",".ls",".lt",".lu",".lv",".ly",".ma",".mc",".md",".me",".mg",".mh",".mil",".mk",".ml",".mn",".mo",".mobi",".mp",".mq",".mr",".ms",".mu",".museum",".mv",".mw",".mx",".my",".na",".name",".nc",".ne",".net",".nf",".nl",".no",".nr",".nu",".org",".pa",".pe",".pf",".ph",".pk",".pl",".pn",".pr",".pro",".ps",".pt",".pw",".re",".ro",".rs",".ru",".rw",".sa",".sb",".sc",".sd",".se",".sg",".sh",".si",".sk",".sl",".sm",".sn",".so",".sr",".st",".su",".sy",".sz",".tc",".td",".tel",".tf",".tg",".th",".tj",".tk",".tl",".tm",".tn",".to",".travel",".tt",".tv",".tw",".ua",".ug",".us",".uz",".va",".vc",".vg",".vi",".vn",".vu",".ws",); 
$count="0";
$foo=$max_length;

function get_rand($ar,$no_max = ""){
    global $max_length;
    global $foo;

    if ("$no_max" == "1") {
        $max_length="1"; }

    $rand="";
    $i="0";
    $cc=count($ar) -1;
    while( $i < $max_length) {
        $rand=$rand.$ar[rand(0,$cc)]; 
        $i++; }
    $max_length=$foo;
    return $rand; }

function get_base() {
    global $base_domain;
    global $abc;
    global $tld;
    if (empty($base_domain)) {
        return get_rand($abc).get_rand($tld,"1"); }
    else {
        return $base_domain; }
}

while( $count < $max_gen) {
    echo "$email_prefix".get_rand($abc)."@".get_base()." ";    
    $count++;
}

?>

Its dirty, but it works. I encourage you to put this piece of code on your website, and link to it, to help fight spam. I also encourage you to add on to my POC code, i planned on adding support for logging IPs/Useragents/Time of any bot that crawls the page.

Posted (edited)
I read about this a while ago, i could not find the original article. But heres the basic concept, If youve ever made the mistake of putting your email adress in plain text on a webpage, youll understand the amount of spam you receive (depending on how popular the site is).

The idea is to make long lists of fake email accounts and let the spam bots crawl them, sending large amounts of spam to places that don't exist. The success of this depends on how many of these pages we can get up, and how many sites link to each of them.

I wrote some php code to automatically make a large list of email addresses using random characters, TLDs. You can view it here: http://xkid.biz/lolspam.php

Ive called this piece of code LOLSpam, the source code is as follows

Its dirty, but it works. I encourage you to put this piece of code on your website, and link to it, to help fight spam. I also encourage you to add on to my POC code, i planned on adding support for logging IPs/Useragents/Time of any bot that crawls the page.

Nicely done! one thing I would do is remove the lolspam_prefix. Once the spammaster realizes that his list is filled with a thousand emails that all start with something, it would be very easy to delete them and continue.

Also, I would make it never ending, like how it is done here. this way, once a bot crawls your link, it is stuck on that one page, where it could potentially suck up hundreds of thousands of fake emails in just a minute's time

Edited by eovnu87435ds
Posted

Thanks for the advice! Ive removed the lolspam prefix on my main site (didnt mean to keep that), and im going to look into making it function like that website :), should be easy with mod_rewrite

Posted

Quite interesting and I like your idea very much, good work dude.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...