Xqtftqx Posted November 14, 2010 Posted November 14, 2010 I read about this a while ago, i could not find the original article. But heres the basic concept, If youve ever made the mistake of putting your email adress in plain text on a webpage, youll understand the amount of spam you receive (depending on how popular the site is). The idea is to make long lists of fake email accounts and let the spam bots crawl them, sending large amounts of spam to places that don't exist. The success of this depends on how many of these pages we can get up, and how many sites link to each of them. I wrote some php code to automatically make a large list of email addresses using random characters, TLDs. You can view it here: http://xkid.biz/lolspam.php Ive called this piece of code LOLSpam, the source code is as follows #!/usr/bin/php <?php //LOL Spam - xkid.biz //Config Variables $base_domain=""; $email_prefix="lolspam_"; $max_length="12"; $max_gen="1000"; //Do Not Change These $abc= array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"); $tld= array(".ac",".ad",".ae",".aero",".af",".ag",".ai",".al",".am",".an",".ao",".aq",".as",".asia",".at",".aw",".ax",".az",".ba",".bb",".be",".bf",".bg",".bh",".bi",".biz",".bj",".bm",".bo",".br",".bs",".bw",".by",".bz",".ca",".cat",".cc",".cd",".cf",".cg",".ch",".ci",".cl",".cm",".cn",".co",".com",".coop",".cr",".cu",".cv",".cx",".cz",".de",".dj",".dk",".dm",".dz",".ec",".edu",".ee",".es",".eu",".fi",".fm",".fo",".fr",".ga",".gd",".ge",".gf",".gg",".gh",".gi",".gl",".gm",".gov",".gp",".gq",".gr",".gs",".gw",".gy",".hk",".hm",".hn",".hr",".ht",".hu",".id",".ie",".im",".in",".info",".int",".io",".iq",".ir",".is",".it",".je",".jo",".jobs",".jp",".kg",".ki",".km",".kn",".kr",".ky",".kz",".la",".lc",".li",".lk",".local",".ls",".lt",".lu",".lv",".ly",".ma",".mc",".md",".me",".mg",".mh",".mil",".mk",".ml",".mn",".mo",".mobi",".mp",".mq",".mr",".ms",".mu",".museum",".mv",".mw",".mx",".my",".na",".name",".nc",".ne",".net",".nf",".nl",".no",".nr",".nu",".org",".pa",".pe",".pf",".ph",".pk",".pl",".pn",".pr",".pro",".ps",".pt",".pw",".re",".ro",".rs",".ru",".rw",".sa",".sb",".sc",".sd",".se",".sg",".sh",".si",".sk",".sl",".sm",".sn",".so",".sr",".st",".su",".sy",".sz",".tc",".td",".tel",".tf",".tg",".th",".tj",".tk",".tl",".tm",".tn",".to",".travel",".tt",".tv",".tw",".ua",".ug",".us",".uz",".va",".vc",".vg",".vi",".vn",".vu",".ws",); $count="0"; $foo=$max_length; function get_rand($ar,$no_max = ""){ global $max_length; global $foo; if ("$no_max" == "1") { $max_length="1"; } $rand=""; $i="0"; $cc=count($ar) -1; while( $i < $max_length) { $rand=$rand.$ar[rand(0,$cc)]; $i++; } $max_length=$foo; return $rand; } function get_base() { global $base_domain; global $abc; global $tld; if (empty($base_domain)) { return get_rand($abc).get_rand($tld,"1"); } else { return $base_domain; } } while( $count < $max_gen) { echo "$email_prefix".get_rand($abc)."@".get_base()." "; $count++; } ?> Its dirty, but it works. I encourage you to put this piece of code on your website, and link to it, to help fight spam. I also encourage you to add on to my POC code, i planned on adding support for logging IPs/Useragents/Time of any bot that crawls the page. Quote
eovnu87435ds Posted November 14, 2010 Posted November 14, 2010 (edited) I read about this a while ago, i could not find the original article. But heres the basic concept, If youve ever made the mistake of putting your email adress in plain text on a webpage, youll understand the amount of spam you receive (depending on how popular the site is). The idea is to make long lists of fake email accounts and let the spam bots crawl them, sending large amounts of spam to places that don't exist. The success of this depends on how many of these pages we can get up, and how many sites link to each of them. I wrote some php code to automatically make a large list of email addresses using random characters, TLDs. You can view it here: http://xkid.biz/lolspam.php Ive called this piece of code LOLSpam, the source code is as follows Its dirty, but it works. I encourage you to put this piece of code on your website, and link to it, to help fight spam. I also encourage you to add on to my POC code, i planned on adding support for logging IPs/Useragents/Time of any bot that crawls the page. Nicely done! one thing I would do is remove the lolspam_prefix. Once the spammaster realizes that his list is filled with a thousand emails that all start with something, it would be very easy to delete them and continue. Also, I would make it never ending, like how it is done here. this way, once a bot crawls your link, it is stuck on that one page, where it could potentially suck up hundreds of thousands of fake emails in just a minute's time Edited November 14, 2010 by eovnu87435ds Quote
Xqtftqx Posted November 14, 2010 Author Posted November 14, 2010 Thanks for the advice! Ive removed the lolspam prefix on my main site (didnt mean to keep that), and im going to look into making it function like that website :), should be easy with mod_rewrite Quote
Infiltrator Posted November 14, 2010 Posted November 14, 2010 Quite interesting and I like your idea very much, good work dude. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.