Harvest Comment Spammer’s Proxies

Yesterday we were hijacking comment links, today we are scoping the spammer’s proxies.

The post title pretty much says it all, but I’m in the library now and its raining pretty hard and I don’t feel like walking home so let me flesh it out a bit.

Spammers worth half their salt will use proxies (often “open”) to get around IP blocking measures.

Knowing that, doesn’t it make sense to put the IPs of your comments through a proxy checking script? This is an old hat trick for anyone who plays on IRC.

When someone POSTs to your blog, you put their IP in a database, you then port scan thoses IPs for everyone’s favorite open proxy ports 80,8080,3128, etc…

If any are open you try to connect through it as a proxy. Hey you already know that there is 90% chance that if its open it supports POST.

You can give it a go, by using the wordpress comments on one of your open *logs.

Get Comment IPs From WordPress DB

mysql> SELECT comment_author_IP FROM `wp_comments`;

So why not leave comments open so they can post their little rants, you hijack there links and scope their proxies? Well because the text sucks, but hey you can clean that up too. You could leave them open, but then erase them with cron every night or two.

Comments are just one example, also record IPs for failed captchas, off-the-screen text areas, questionable forum posts, etc…

Why wont this work for email spam you say? Because most of those spammers use rented botnets, which don’t have open ports.

Share
This entry was posted in beginner-programming and tagged . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

One Comment

  1. IA
    Posted August 3, 2009 at 3:43 am | Permalink

    Just want to say I enjoy reading your blog.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">

If you are going to post code please use:
<pre lang="php" escaped="true"> YOUR_CODE_HERE </pre>

Change the lang to mysql, python, lisp, whatever. This will escape your code.