1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blackhat idea

Discussion in 'Black Hat SEO' started by seomanifest, Nov 1, 2008.

  1. seomanifest

    seomanifest Regular Member

    Joined:
    Oct 5, 2008
    Messages:
    363
    Likes Received:
    81
    Occupation:
    Consultant
    Ok I don't know if this has been done before, but here goes. A lot of people are trying to work around captchas, what if one would create a forum that would allow ******** and leave it wide open to spammers, the only catch would be this, everytime a spammer wants to add a link they would have to fill in a captcha that would come from a remote service that you would need, you would use curl to do this and would retrieve the remote captcha image each time a new message is posted this way the spammer fills it in, and the same session would be used to send the result back to the service you need. You gain a captcha, the spammer gets a free link that will never get deleted.
     
  2. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    I've thought about the same thing, although using images or downloads as a "reward"

    The CURL or what have you going out the back end would probably have to go through multiple proxies, to avoid triggering the secondary protection mechanisms.

    Ideally, what you would create would simply be a CAPTCHA plugin that would allow itself to be pointed at the service you were targeting, so you could basically turn any software that employs CAPTCHA into a gateway for this method.
     
  3. seomanifest

    seomanifest Regular Member

    Joined:
    Oct 5, 2008
    Messages:
    363
    Likes Received:
    81
    Occupation:
    Consultant
    I definitely agree with the proxy method, there would be no way around that, I am sure that the spammers would be already grateful that in exchange for a captcha they gain a link that will never get deleted.
     
  4. scubaslick

    scubaslick Regular Member

    Joined:
    Aug 23, 2007
    Messages:
    392
    Likes Received:
    512
    Eli at bluehatseo has a pretty ingenious post about this and using proxies to get people to solve them for you. It's not a new idea, but this spin on it has potential.

    Of course spammers would either have to have an automated way to solve the captcha or they wouldn't bother spamming your site. Which means there's a way to automatically solve it, you just haven't found it yet. :)
     
  5. seomanifest

    seomanifest Regular Member

    Joined:
    Oct 5, 2008
    Messages:
    363
    Likes Received:
    81
    Occupation:
    Consultant
    I have not heard of anyone else coming up with this, but that is good news this means the idea does have potential, I have always been an automation freak in my 18 years in the IT industry. Could you be so kind as to give me the link to the post at bluehatseo?

    Thanks

     
  6. jammie

    jammie Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 24, 2008
    Messages:
    773
    Likes Received:
    453
    Adult sites use this sorta thing. Free stuff if you enter the captcha to "verify" your human.

    It just puts the image url into a PHP variable, loads it based on that, then XSS's the user input to the remote server.

    Of course, it's quite tedious to setup a checking script, but its very do-able (i.e. making sure the user enters the right code).
     
  7. cparainmaker

    cparainmaker BANNED BANNED

    Joined:
    Jan 17, 2008
    Messages:
    377
    Likes Received:
    71
    If you can't break it, how is the spammer going to. Unless of course it is manual spammers but that isn't going to allow you to get the volume that you want.
     
  8. seomanifest

    seomanifest Regular Member

    Joined:
    Oct 5, 2008
    Messages:
    363
    Likes Received:
    81
    Occupation:
    Consultant
    Well if you get your forum on Xrumer that would definitely help :)
     
  9. antsaoo

    antsaoo Supreme Member

    Joined:
    Oct 1, 2008
    Messages:
    1,291
    Likes Received:
    637
    what do you gain for people typing in catchpa ?
     
  10. jammie

    jammie Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 24, 2008
    Messages:
    773
    Likes Received:
    453
    Alot.

    Think account creation, process automation etc.
     
  11. dadboss

    dadboss BANNED BANNED

    Joined:
    Sep 29, 2007
    Messages:
    83
    Likes Received:
    52
    Im already doing this
    Its pretty hard to set up but its worth the effort
     
  12. seomanifest

    seomanifest Regular Member

    Joined:
    Oct 5, 2008
    Messages:
    363
    Likes Received:
    81
    Occupation:
    Consultant
    do you want to be more specific?
     
  13. wingchun3

    wingchun3 Newbie

    Joined:
    Nov 1, 2008
    Messages:
    26
    Likes Received:
    11
    i think the adult site method could be a very good way to get around capthca's

    i was reading a article the other day saying that soon alot of adult sites will be using this method toe draw in captcas getting users to enter them , making a spam post/ new email account/ so forth or similar


    the porn user is happy as all there doing is entering a string to get free porn, the webmaster/ bh / spammer is happy as a person is sloving the captcha problem and hopfulling promoting some other offer that might make money or somthing


    has anyone ever made a little script for this purpose on the forums, i run a hole bunch of adult sites that have thousands of vistors per day , (adult video sharing mainly) and i could quite esily put up a few pages that maybe use curl to post across message boards , newsgropus etc or even sign up for a bunch of free email accounts or similar, as these users enter my sites via a drawn in capactha


    maybe i should look more into making something like this, i guess it could not be that hard to make
     
  14. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    Probably the best thing would be to have two different entrances to the site, one would be the "honeypot" where the people who want something for free would come in (this would be the main entrance), and another (possibly on a different domain), which would be a market where people could bid on CAPTCHA cracking. Basically, they could offer an amount per cracked CAPTCHA, at any of a series of supported locations, and they would be presented with an API which would grant their processes access. If they bid low, they will not get as much access, or will have to wait until higher priority bids get processed. Still this will allow the price per CAPTCHA to sort itself out organically.
     
  15. seomanifest

    seomanifest Regular Member

    Joined:
    Oct 5, 2008
    Messages:
    363
    Likes Received:
    81
    Occupation:
    Consultant
    I really like the bidding idea, would anyone be interested in doing this? I can probably provide the remote captcha script, if someone is willing to do the bidding part, if interested send me a PM