Sacrificial RabbitCode. Art. Perversion. Madness.

Tuesday, January 31. 2006

TrackBack Spam.. some notes on what they are doing.

I fucking HATE trackback spam. Spammers are doing to trackbacks what they did to Usenet and are doing to email: making a perfectly good service absolutely unusable because, in a nutshell, they fucking suck.

The latest back of trackback spam I got points to a page at http:// www .myjavaserver .com/ ~casinosandpoker /videopoker.html (not hyperlinked, don't go there.) which contains some "encrypted" Javascript. Here is a hint kids, you cannot fucking encrypt Javascript, because the clients browser needs to decrypt it. Decrypting it is as easy as looking at the code, and executing it in a sandboxed environment to see what it is doing. This particular chunk of Javascript builds a form with a hidden field, with the name ref, and the value is suposed to be the referer, and then submits that form . For my non technical readers, it basicly logs where you got the link to that site from (the trackback on my site) and then sends that off to a new site (http:// www .best-pokerrooms .com/).

Well that is what it is supposed to do.

These assholes screwed up. They assumed that the server is running PHP (it's not).

Boy, wouldn't it suck if someone put up some arguments to wget and cURL to fill up their referer logging mechanism full of junk?

Man. That would SUCK.

Especially since they get their ad revenue from external Javascript. Which isn't downloaded.

Man.

I hope no-one does that.

wget --post-data="ref=http://StopSpammingBlogs.com/TrackBackSpamSux" \
--referer=http://stop.spamming.blogs.org/StopTrackBackSpammingBlogs \
--spider http://www.best-pokerrooms.com/

curl --form ref=http://StopSpammingBlogs.com/TrackBackSpamSux" \
--referer http://stop.spamming.blogs.org/StopTrackBackSpammingBlogs \
--request POST http://www.best-pokerrooms.com/ >/dev/null

Randomize the urls to be, well, whatever you like really. Just keep the www.best-pokerrooms.com url the same.

Update: Metacharacters are your friend... Certainly don't do this... lots.

Update 2: User agent selection is also good. No-one should ever do this, because it would be oh-so-terrible if it was harder for trackback spammers to scrub their referer logs.

Update 3: Now I am the dumbass, it appears that --spider in wget only performs a HEAD request, not a POST. So I fixed the wget command. 

wget --post-data="ref=http://`pwgen 50 1`.com" \
--referer=http://`pwgen 50 1`.com \
--user-agent=`pwgen 50 1` \
--output-document=/dev/null http://www.best-pokerrooms.com/

curl --form ref=http://`pwgen 50 1`.com \
--referer http://`pwgen 50 1`.com \
--user-agent `pwgen 50 1`
--request POST http://www.best-pokerrooms.com/ >/dev/null
Posted by jonnay at 18:09 | Comments (0) | Trackbacks (0)
Defined tags for this entry: ,

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA