Tuesday, August 11, 2009

Forth Attack: Click-Fraud-Bot (part 1)

When I started writing this blog (yesterday) this was the last accomplished attack. It was just a few days ago, no change on Lamer since then. From my point of view this attack was the best ever. There wasn't any harm I could do, like in the previous cases, still I worked much more then before.

My programming knowledge is good. I mean I was learning programming for 7 years, I know the programming logic of more then 10 languages. Not the syntax tho, my memory is pretty bad. But with the help of Internet I can learn almost any language in a week. XML took me 2 hours.

I noticed that pages are distinguished just by a few very easy to guess information. For example, my user-page (profile, no modifying option available there) has an URL like this:

http://lamer_domain_name/user.php?userpage.9767

It's because I am the 9769th registered user. At the time of attack there were around 52000 registered users, which means every page from

http://lamer_domain_name/user.php?userpage.1

to

http://lamer_domain_name/user.php?userpage.52000

existed and contained an e-mail address. That is, if the users haven't chose the "Hide e-mail" option. But even if half of the users hid it, there were more than 20000 E-mails available for me (only registered users could see other's profile). And I wanted them. A .txt file containing several thousand of e-mail addresses in several lines. The only thing remaining was to create that bot. At first I chose php, which would have run on the server installed on my PC. But after some struggle I was thinking that "My, my, I wasn't learning that many languages to use this useless one for this task". Well, not a useless one, but yes, useless for that task. The most simple was C#.

So I chose C#.

No comments: