1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Scrapebox Security Warning

Discussion in 'Black Hat SEO Tools' started by onlinemarketnow, May 29, 2010.

  1. onlinemarketnow

    onlinemarketnow Junior Member

    Joined:
    Mar 28, 2010
    Messages:
    145
    Likes Received:
    7
    I made a post about scrapebox and how to use it the safe way. Again people, use scrapebox with an antivirus software. When you find sites that have viruses, please share the list so others can have it.

    Here is the BIG downfall to scrapebox where security is concerned.

    If you are NOT careful it can be used paralyze your computer/server and turn it into a zombie which can be used for botnet attacks.

    Look at it this way:

    1000 scrapebox users x 2 Meg uplink to the internet = 2 Gig of a lot of damage. That is a total of 1000 computers sending attacks. Now what if you had say a 10 Meg uplink? :eek:

    1000 scrapebox infected machines can send spam attacks, and network attacks. Stuff like DDOs.

    If your machine is caught sending DDOS attacks and it caught, trying explaining that to the FEDS. :)

    If you don't share the sites that have trojans on them, then many computers will get infected easily.

    Now here is the interesting part...

    If you have other computers on the same network and your scrapebox machine gets infected, you can infect your other computers.

    The big security issue with scrapebox is this. They need to code it like xrumer where it does NOT rely on a browser. It needs to run in its own enviornment. I hope the vendors of scrapebox see this post.

    It is a great tool to have, but just needs some better security tweaks.
     
    • Thanks Thanks x 1
  2. Yukinari84

    Yukinari84 Elite Member

    Joined:
    Dec 12, 2007
    Messages:
    2,474
    Likes Received:
    4,665
    Occupation:
    I'm retired ;p
    Location:
    Somewhere in space...
    The SB malware and phishing filter addon helps alot for filtering out the sites that are infected.

    Combining this with good AVS and you shouldn't have a problem.

    Good heads up though.
     
  3. onlinemarketnow

    onlinemarketnow Junior Member

    Joined:
    Mar 28, 2010
    Messages:
    145
    Likes Received:
    7
    The malware add on feature is not as good as the internet security malware feature. The main difference is definition updates.

    How often does your internet security suite updates its malware database vs. scrapebox malware definition updates? The scrapebox malware database may have different algorithms but that does not mean a thing unless it's updated daily.

    If you notice the updates for scrapebox are mainly for functionality, not security related.
     
  4. softtouch2009

    softtouch2009 Senior Member

    Joined:
    Dec 2, 2009
    Messages:
    1,001
    Likes Received:
    225
    Occupation:
    Programming
    Location:
    ssdnet.biz
    Home Page:
    The malware addon does not rely on any internal database or signatures.
     
  5. Yukinari84

    Yukinari84 Elite Member

    Joined:
    Dec 12, 2007
    Messages:
    2,474
    Likes Received:
    4,665
    Occupation:
    I'm retired ;p
    Location:
    Somewhere in space...
    True.

    I think that's fine though because SB was not created to be a malware protection tool. With any tool like SB, you run the risk of getting some crap on your PC. That just comes with the territory and is the users responsibility.

    With that said, I have never had any infection from SB yet, so I'm happy.

    Sweet is doing a good job and I'm sure there will be more security updates coming in the future.
     
  6. wannabie

    wannabie Elite Member

    Joined:
    Mar 11, 2009
    Messages:
    3,807
    Likes Received:
    2,954
    Occupation:
    Seo and Marketing Suprisingly
    Location:
    Your bedroom window
    Home Page:
    Lets all stop using the internet as well then shall we?


    As long as you use the web you are leaving yourself open
     
  7. Cloaks

    Cloaks Regular Member

    Joined:
    Mar 20, 2010
    Messages:
    298
    Likes Received:
    90
    Just get a proper firewall like Comodo and learn to use it. You'll be malware-safe for life. Seriously, a lot of people should look into this.
    You can also run ScrapeBox sandboxed or under VMware.
     
  8. nice1

    nice1 Regular Member

    Joined:
    Aug 11, 2009
    Messages:
    308
    Likes Received:
    57
    Occupation:
    Money making
    Location:
    Utopia
    Isnt that the point of proxies with scrapebox so if any of this sh* it happens your ass is covered ?

    I have a virtual private network with my own personal ip in another country - plus browser proxies -- thera is no way anyone is gonna know who I am : ) and this should be the normal standard security you all should use - vpn - proxies -anymous banking etc -------

    scrape box isnt illegal -- spamming isnt illegal ---- becoming a zombie isnt your fault -- I dont live in the US but if teh FBI turn up -- it will probably be moulder and scully -- wtf
    ;)
     
  9. psychoul

    psychoul Junior Member

    Joined:
    Nov 9, 2008
    Messages:
    144
    Likes Received:
    65
    Hi Clocks, what do you mean by 'sandboxed'?

    thanks
     
  10. wannabie

    wannabie Elite Member

    Joined:
    Mar 11, 2009
    Messages:
    3,807
    Likes Received:
    2,954
    Occupation:
    Seo and Marketing Suprisingly
    Location:
    Your bedroom window
    Home Page:

    Google "sandboxie" - Its a bit of kit that will basically stop software from changing or have the power to change anything on your pc!

    I havent tried it myself as I have a ciuple of pcs but I heard good reports
     
    • Thanks Thanks x 1
    Last edited: Jun 1, 2010
  11. xboxps3wow

    xboxps3wow Power Member

    Joined:
    Jan 15, 2010
    Messages:
    737
    Likes Received:
    239
    Occupation:
    student
    Location:
    Chicago
    I think you misunderstood whats the thread is about...
     
    • Thanks Thanks x 1
  12. proxygo

    proxygo Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 2, 2008
    Messages:
    10,228
    Likes Received:
    8,692
    well thankfully wont effect me - i only ever use it
    to test proxies - the rest of the features ive
    never used since day 1.
    with any tool you use theres an element of risk
    if you no it exists - then if you pay its your
    gamble - malware can be installed these days
    through just about anything .
    just check your processors and u will no if your
    carrying something u should be.

    if u get caught with a script or an extra processor
    just boot into safe mode and run

    hijackthis http://www.whatthetech.com/hijackthis/
    Malwarebytes http://www.malwarebytes.org/mbam.php
    and your own virus scanner.

    HijackThis, sometimes abbreviated HJT, is a freeware enumerating tool for Microsoft Windows originally created by Merijn Bellekom, and later sold to Trend Micro. The program is notable for targeting browser hijacking methods - rather than relying on a database of known spyware. It scans a user's computer quickly, and displays browser hijacking locations, showing what entries are there. HijackThis is used primarily for diagnosis of browser hijacking, as uninformed use of its removal facilities can cause significant software damage to a computer. HijackThis does not remove or detect spyware, it only lists most common locations where browser hijacking activity can occur. Browser hijacking can cause malware to be instituted on a user's computer.
    after that stay in safe mode and do a full virus scan also - and remember to turn of
    system restore b4 u do or any viruses will be stored on the system volume backup .

    Malwarebytes' Anti-Malware (MBAM) is a computer application that finds and removes malware.[1] Made by Malwarebytes Corporation, it was released in January 2008. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which provides scheduled scans, real-time protection and a flash memory scanner.
     
    Last edited: Jun 1, 2010
  13. Sweetfunny

    Sweetfunny Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 13, 2008
    Messages:
    1,747
    Likes Received:
    5,039
    Location:
    ScrapeBox v2.0
    Home Page:
    It's updated in real time, it does not use signatures or algo's.

    Can someone "please" send me a URL where commenting with ScrapeBox results in an infection?

    I've been hitting thousands of sites and dodgy URL's with no real-time AV or firewall intentionally trying to get infected and i cannot. OP can you send me the URL your talking about?
     
    • Thanks Thanks x 2
  14. Yukinari84

    Yukinari84 Elite Member

    Joined:
    Dec 12, 2007
    Messages:
    2,474
    Likes Received:
    4,665
    Occupation:
    I'm retired ;p
    Location:
    Somewhere in space...
    Thanks for clarifying the real-time updating since some people were claiming it was not.

    I can say the same thing.

    I have not had one infection from using SB and I use it quite heavily.
     
  15. Cloaks

    Cloaks Regular Member

    Joined:
    Mar 20, 2010
    Messages:
    298
    Likes Received:
    90
    Or maybe you guys just don't know you're infected. It's not like a big message pops up and says "OMG U GOT MALWARE".. I'm pretty experienced in the field, and the whole point of malware is obviously to stay hidden from the PC user. I'm not saying anything bad about any of you two, perhaps you do know how to check registry startup keys and such, I'm just saying it's a possibility you don't.

    Also, it's called a Drive-by, and basically exploits programs on your computer, could be anything like Microsoft Office, Internet explorer, etc.. These exploit packs exist with at least 30% chance to infect US people, but of course they're 1000$+.. I'm just saying that if ScrapeBox loads websites as IE and FF does, it's at risk.. However, you can always just get a firewall like I said, or run it sandboxed (even though Sandboxie can be broken out of) or in VMware. Also, things like Mamutu could possibly help you out, it sounds a lot like the Anti Malware that's already in SB.
     
  16. Yukinari84

    Yukinari84 Elite Member

    Joined:
    Dec 12, 2007
    Messages:
    2,474
    Likes Received:
    4,665
    Occupation:
    I'm retired ;p
    Location:
    Somewhere in space...
    I've been using tools like SB for awhile and am very familiar with the territory of malware.

    I wouldn't be using tools like that if I wasn't, and I don't think Sweetfunny - the creator of SB - would be making tools like that without any knowledge on the subject.:rolleyes:
     
  17. Sweetfunny

    Sweetfunny Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 13, 2008
    Messages:
    1,747
    Likes Received:
    5,039
    Location:
    ScrapeBox v2.0
    Home Page:
    Yes I've been commenting directly to the latest 0day domains with everything from Zeus, trojans, fake AV/Scareware, Botnets etc with no security at all and... nothing, i can't infect myself by trying.

    http://www.scrapebox.com/videos/test/

    ScrapeBox filters executables, blocks file downloads and has a ton of security out of the box but if someone can send me a URL which can "own" my machine when running SB please send it to me. :)
     
    • Thanks Thanks x 1
  18. Cloaks

    Cloaks Regular Member

    Joined:
    Mar 20, 2010
    Messages:
    298
    Likes Received:
    90
    First of all: Didn't notice you were the creator of it. My point was just that some people might not have the latest updates, might have some outdated stuff on their computer, and so on. I don't doubt the security of SB.. It seems you did everything you could to secure it. Also, it's really just a risk people would have to take if they want to use the program.. I was just suggesting that they run it sandboxed if they're worried, and a firewall is always important..
     
  19. onlinemarketnow

    onlinemarketnow Junior Member

    Joined:
    Mar 28, 2010
    Messages:
    145
    Likes Received:
    7
    Proxies DOES NOT protect your machine from malwares or viruses.

    Proxies are NOT all 100% private.

    Some proxies are TRAP PROXIES.


     
  20. onlinemarketnow

    onlinemarketnow Junior Member

    Joined:
    Mar 28, 2010
    Messages:
    145
    Likes Received:
    7
    Listen to this guy. He seems to know what is going on in the security world.

    :cool: