Fully Automated Link Spamming Method - Let Other People Do All the Work
Ok, so lately I’ve been working on a lot of internal tools I can’t really talk about here(or they’d become useless), so I thought I’d talk about an old internal tool that I haven’t used in a bit that served me well for getting things indexed quickly. Yes it’s using other blackhats to profit, but hey. Most would do the same in a similar situation.
Edit: Keep in mind this article is discussing HTTP proxies, NOT cgi proxies/myspace proxies. Also keep in mind most server hosts will not be ok with this, so find one that is if you want to do it. Sorry, I can’t recommend any.
Ok, so lately I’ve been working on a lot of internal tools I can’t really talk about here(or they’d become useless), so I thought I’d talk about an old internal tool that I haven’t used in a bit that served me well for getting things indexed quickly. Yes it’s using other blackhats to profit, but hey. Most would do the same in a similar situation.
Edit: Keep in mind this article is discussing HTTP proxies, NOT cgi proxies/myspace proxies. Also keep in mind most server hosts will not be ok with this, so find one that is if you want to do it. Sorry, I can’t recommend any.
The Basics
A large percentage of the people using link spammers like XRumer use lists of open proxies to spam forums/guestbooks/whatever. Now I have a couple IPs I don’t care about getting listed on akismet on hosts that don’t care about link spam.
So what we’re going to try and do is get a list of places to link spam, and indeed drop our links, without bothering to scrape footprints.
A large percentage of the people using link spammers like XRumer use lists of open proxies to spam forums/guestbooks/whatever. Now I have a couple IPs I don’t care about getting listed on akismet on hosts that don’t care about link spam.
So what we’re going to try and do is get a list of places to link spam, and indeed drop our links, without bothering to scrape footprints.
A Quick Understanding of HTTP Proxies
So the protocol for HTTP proxies is very, very similar to that of normal proxies. Essentially the difference is that you have the domain in the get request. So it’s relatively easy to code an HTTP proxy. All you’re doing is opening a port, reading in the domain and page you’re requesting, getting it, and sending the information back. Not hard at all, right?
So the protocol for HTTP proxies is very, very similar to that of normal proxies. Essentially the difference is that you have the domain in the get request. So it’s relatively easy to code an HTTP proxy. All you’re doing is opening a port, reading in the domain and page you’re requesting, getting it, and sending the information back. Not hard at all, right?
The Software Modification
Make a slight change to the software. Have it so when it’s reading the request from the client IP, it parses out the GET and POST requests. You’re looking for URLs so that you can substitute your own URL into the post/get data, assuming it’s posting a link somewhere if it’s including a URL. So here’s what you’re looking for:
Fields that start with http:// and have no spaces
These are text fields generally. So if someone is signing up at a forum through the proxy and sets their profile website to be “http://www.TheirLinkSpamDomain.com”.
Fields with HTML and a <a href
These are a bit trickier to parse properly, since you have to not only remove their link, but change the anchor text to reflect your own.
Fields with a URL in a GET variable
A lot of these are dynamic output, so whatever’s in the get variable will get linked to on the page.
Make a slight change to the software. Have it so when it’s reading the request from the client IP, it parses out the GET and POST requests. You’re looking for URLs so that you can substitute your own URL into the post/get data, assuming it’s posting a link somewhere if it’s including a URL. So here’s what you’re looking for:
Fields that start with http:// and have no spaces
These are text fields generally. So if someone is signing up at a forum through the proxy and sets their profile website to be “http://www.TheirLinkSpamDomain.com”.
Fields with HTML and a <a href
These are a bit trickier to parse properly, since you have to not only remove their link, but change the anchor text to reflect your own.
Fields with a URL in a GET variable
A lot of these are dynamic output, so whatever’s in the get variable will get linked to on the page.
So a query that may have initially been
Code:
POST http://www.targetforum.com/register2.php HTTP/1.1
(junk header info here)
name=John+Smith&birthyear=1978&birthmonth=5&birthd ay=3&captcha=hji43&website=http://www.TheirSpamDomain.com
Ends up getting modified to instead be
Code:
POST http://www.targetforum.com/register2.php HTTP/1.1
(junk header info here)
name=John+Smith&birthyear=1978&birthmonth=5&birthd ay=3&captcha=hji43&website=http://www.MySpamDomain.com
Get it? You’re not solving captchas, you’re not scraping places to post. Just altering data everyone else’s software is giving to you.
Code:
POST http://www.targetforum.com/register2.php HTTP/1.1
(junk header info here)
name=John+Smith&birthyear=1978&birthmonth=5&birthd ay=3&captcha=hji43&website=http://www.TheirSpamDomain.com
Ends up getting modified to instead be
Code:
POST http://www.targetforum.com/register2.php HTTP/1.1
(junk header info here)
name=John+Smith&birthyear=1978&birthmonth=5&birthd ay=3&captcha=hji43&website=http://www.MySpamDomain.com
Get it? You’re not solving captchas, you’re not scraping places to post. Just altering data everyone else’s software is giving to you.
So How Do Other People Find my Fake Proxy?
Search Google for “online proxy checker”. You’re looking for sites like http://www.checker.freeproxy.ru/checker/ that check the proxy online and return whether it’s working or not. These checkers are used by the companies that made them to gather up proxies via their checker, which are then freely available to some, and sold to some customers. Submit to several of these sites, and make sure you pass the validation. Over time, other proxy sites will scrape the ones you’ve submitted to(and some have web scanners that will find you naturally), and people will begin to use it. And you can switch domains of every link anyone tries to submit through you.
Search Google for “online proxy checker”. You’re looking for sites like http://www.checker.freeproxy.ru/checker/ that check the proxy online and return whether it’s working or not. These checkers are used by the companies that made them to gather up proxies via their checker, which are then freely available to some, and sold to some customers. Submit to several of these sites, and make sure you pass the validation. Over time, other proxy sites will scrape the ones you’ve submitted to(and some have web scanners that will find you naturally), and people will begin to use it. And you can switch domains of every link anyone tries to submit through you.
The End Result
Eventually your server will max out to whatever level you allow it. A dedicated server should be able to easily handle a sizable amount of simultaneous connections. Just let it run for a few days at a time. By the end of it, not only will your links be everywhere on the net from your substitutions, but you’ll have a sizable list of places to link spam.
Eventually your server will max out to whatever level you allow it. A dedicated server should be able to easily handle a sizable amount of simultaneous connections. Just let it run for a few days at a time. By the end of it, not only will your links be everywhere on the net from your substitutions, but you’ll have a sizable list of places to link spam.
Benefits and Disadvantages to this Method
While the benefits are completely passive link dropping, a link spamming list that builds itself, and some pretty killer indexing time, it’s not to say it’s a perfect method. First off, you lose control of where you’re dropping links, which means a lot of the links are going to be horrible. In addition, it uses up an arseload of bandwidth, and it’s a bit tricky to keep the security angle tightened up. It’s not appropriate for most mainstream sites(especially since you lose control of the link anchor text pretty frequently) but does quite good on junk autogenned sites.
While the benefits are completely passive link dropping, a link spamming list that builds itself, and some pretty killer indexing time, it’s not to say it’s a perfect method. First off, you lose control of where you’re dropping links, which means a lot of the links are going to be horrible. In addition, it uses up an arseload of bandwidth, and it’s a bit tricky to keep the security angle tightened up. It’s not appropriate for most mainstream sites(especially since you lose control of the link anchor text pretty frequently) but does quite good on junk autogenned sites.
Validation Precautions
Watch the first several requests(of the proxy list services) and the first few XRumer proxy checks to make sure you’re validating as a proxy correctly. If someone is testing using a link, you may want to add that in as a request that won’t be modified. For example, a lot of xrumer requests involve the string “proxyc” in the url.
Watch the first several requests(of the proxy list services) and the first few XRumer proxy checks to make sure you’re validating as a proxy correctly. If someone is testing using a link, you may want to add that in as a request that won’t be modified. For example, a lot of xrumer requests involve the string “proxyc” in the url.
Security Precautions
This is obviously a big security risk if it’s not handled properly. Record every domain accessed through your proxy, and in a seperate list keep the ones where you were told to post. Over time, start disallowing certain domains.
The first thing you’re looking for is sites like yahoo mail and gmail. There’s something called an internal mailer that e-mail spammers use to push mail out of webmail services. You don’t want to be the IP the webmail provider sees as spamming, so disallow these sites early.
The other thing you’re looking for is any type of e-commerce site, to make sure people don’t try and use fraudulent credit cards and whatnot. It’s a good idea to build up a keyword blacklist as well, so you can disconnect IPs that request pages with certain content (credit card numbers, etc). It’s important to note I’ve never seen anyone do this on a proxy I’ve run. The closest was some ticket scalper automating ticketmaster.
This is obviously a big security risk if it’s not handled properly. Record every domain accessed through your proxy, and in a seperate list keep the ones where you were told to post. Over time, start disallowing certain domains.
The first thing you’re looking for is sites like yahoo mail and gmail. There’s something called an internal mailer that e-mail spammers use to push mail out of webmail services. You don’t want to be the IP the webmail provider sees as spamming, so disallow these sites early.
The other thing you’re looking for is any type of e-commerce site, to make sure people don’t try and use fraudulent credit cards and whatnot. It’s a good idea to build up a keyword blacklist as well, so you can disconnect IPs that request pages with certain content (credit card numbers, etc). It’s important to note I’ve never seen anyone do this on a proxy I’ve run. The closest was some ticket scalper automating ticketmaster.
Also, many of the security issues can be solved by simply
not coding to allow HTTPS connections. If you restrict to port 80,
standard HTTP communication, most sites that are a security risk are
unusable anyways, so you don’t have to worry.
Hope yall liked it.
About Unknown
Hi, My Name is Andre. I am a Defacer, the developer of this blog. Thank you for visiting my blog. :)
Posts
0 komentar:
Post a Comment