dirdival

dirdival

I would really like to know, what IT is and where is it going? Not so young Polish developer writes about his reflections and fears.

Spam tools

3 minute read

I recognise them easily. A post comes from a person that has just created a new account. She or he always set some random information about self and the game has just begun.

Titles are quite repeatable: Im happy I finally signed up, Im glad I now registered, Just wanted to say Hi!

Body of a post also has a pattern. It starts from small greetings or introduction like: I am the new girl here, Beneficial info, Thank you, This is really interesting, You are a very skilled blogger.

Finally we have a clou: Stop by my page, My website, Here is my weblog.

It makes me crazy when on Linux forum I read new posts about poker online or loans. To be honest, some of them are incidentally fun, like this: I love your blog.. very nice colors & theme. Did you design this website yourself or did you hire someone to do it for you? This quote comes from forum created in last century and it still has look from that ages. I can imagine that exists somewhere a geek, which today decided use the oldest and not supported version of PLD Linux distribution, but in this particular case, I expect something more than: I am the new girl … Also visit my website ….

Who is responsible for a spam? It’s obvious – we see link to a page. This kind of cheap advertising campaign mostly aim at crawling bot. The goal is simple, higher page rank means higher position on list, when you type something in search engine. Web services try to reduce amount of unwanted messages, they require email address and send confirmation link to prevent simple adding comments. Also, quite commonly used is CAPTCHA. But even though services use this techniques, they still have a problem with spam.

Since months I observe increase number of unwanted messages. I decided to find out something more about spam. How do they do it? Is it hard to become a spammer?

Because I’m a moderator, I started gathering information about this posts like: IP address, titles, descriptions and referred web pages. After a few weeks I’ve recognized some patterns. Spam mostly comes from:

  • new accounts,
  • windows machines – according to user agent,
  • IP address each time is different that used before, even if it refers to the same page.

For me as a programmer, it’s obvious that some tools are used here. As I said, I started also collecting bodies of posts for future investigation. I waited for spammer’s mistakes. I caught some, but in most cases they looked like this:

title: ________
body: Feel free to visit my weblog - _____ ____________________________

It’s a quote, real message, underscores are part of it.

Moreover, I suppose that there is a spammer which signs his work with sentence [X-N-E-W-L-I-N-S-P-I-N-X]. On a first glance it looks like a mistake, but from my point of view it’s not. After small research I discovered that it happens to often and since many months.

But one day, a few weeks ago I saw this:

lytter til venstre midtbane Men den vindende formel for Coli
%spinfolde-D:\Articles\dk_ubb%

%spinfolde part looks suspicious. I used google to find out more about it and I nailed them. A spammer used GSA Search Engine Ranker. On their main page I also found links to products:

  • GSA Search Engine Ranker
  • GSA Captcha Breaker
  • GSA Auto Website Submitter
  • GSA URL Redirector PRO
  • GSA PR Emulator
  • GSA Content Generator
  • GSA Image Analyser
  • GSA Email Spider
  • GSA Proxy Scraper

and much more. You can find here well made tutorials hosted on youtube. They show how to use all this tools, I’ve watched some of them. What is GSA Website Contact and what is it used for? Here you can find answer. Small spoilers:

  • how to use private proxies for sending (see – 3:30),
  • add gov (government) domains to black list (see – 7:20),
  • submission content (see – 8:35), very important section. You can see here how to make a campaign, how to set for each field like name, company, etc. random generated value.

I can also recommend you the film – How To Get Started With Captcha Breaker.

It wasn’t so hard to discover this service. There is no doubt what kind of tools they make and who buy them. The main question is: why this page is still working? Does anybody care about that?

Recently, according to Spamhaus one of the biggest spammers Peter Severa was caught. How many mistakes he had to make? How many big campaigns he had to make until somebody started looking for him? I’m afraid that big internet players doesn’t care about spam problem like they should.

Updated:

You May Also Enjoy

PDF

3 minute read

Last weekend I filled PIT (Personal Income Tax) declaration for the previous year. Since 2010 I sent it over the network (e-PIT), but before that, I used to ...

Enigmail and gpg groups

3 minute read

When I came to the current work, almost 9 years ago, everything was simpler. We had great admins with huge knowledge. They were experienced, and they had ful...

Summary of 2019

4 minute read

Yet another year almost pasted and I have no idea even when. Not the best one, but thankfully not the worst.

private USB with LUKS

6 minute read

I still don’t get why so many people don’t use encrypted storages. I had a talk with friends about it, and the most common answer is: I would like to, but I ...