1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Simple Wordpress Commentspammer

Discussion in 'PHP & Perl' started by wacked, Aug 27, 2010.

  1. wacked

    wacked Newbie

    Joined:
    Jul 17, 2010
    Messages:
    19
    Likes Received:
    2
    engine.php:
    PHP:
    function GetTheShit($Haystack$Start$End)
    {
        
    $StartPos=strpos($Haystack,$Start);
        if(!
    $StartPos)
            return 
    '';
        
    $Return=substr($Haystack,$StartPos+strlen($Start));
        
    $Return=substr($Return,0,strpos($Return,$End));
        return 
    $Return;
    }
    if(isset(
    $_GET['spam']))
    {
        
    $sql='SELECT ID,URL FROM SPAMBLOGS';
        if(isset(
    $_POST['Limit']) && $_POST['Limit']>0)
            
    $sql.=' ORDER BY RAND() LIMIT '.$_POST['Limit'];
        
    $raw_spamlist=mysql_query($sql);
        while(
    $spamme=mysql_fetch_row($raw_spamlist))
        {
            echo 
    'Spamming:';
            
    $ch curl_init();
            
    /*
            Get /
            */
            
    curl_setopt($ch,     CURLOPT_URL$spamme[1]);
            
    curl_setopt($ch,     CURLOPT_RETURNTRANSFER1);
            
    curl_setopt($ch,     CURLOPT_USERAGENT$UserAgent);
            
    curl_setopt($ch,     CURLOPT_TIMEOUT10);
            
    curl_setopt($ch,     CURLOPT_FOLLOWLOCATION1);
            
    curl_setopt($ch,     CURLOPT_COOKIEFILE'');
            
    curl_setopt($ch,     CURLOPT_REFERERbase64_decode('aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9xPQ==').$spamme[1]);
            
    $response=curl_exec($ch);
            
    $NewestPost=GetTheShit($response,'title"><a href="','"');
            if(empty(
    $NewestPost))
            {
                echo 
    'no post found. is '.$spamme[1].' really a wordpress blog?<br />';
                
    curl_close($ch);
                continue;
            }
            echo 
    $NewestPost.':';
            
    /*
            Get newest post & comment_post_ID
            */
            
    curl_setopt($ch,     CURLOPT_URL$NewestPost);
            
    curl_setopt($ch,     CURLOPT_RETURNTRANSFER1);
            
    curl_setopt($ch,     CURLOPT_USERAGENT$UserAgent);
            
    curl_setopt($ch,     CURLOPT_TIMEOUT10);
            
    curl_setopt($ch,     CURLOPT_FOLLOWLOCATION1);
            
    curl_setopt($ch,     CURLOPT_COOKIEFILE'');
            
    curl_setopt($ch,     CURLOPT_REFERER$spamme[1]);
            
    $response=curl_exec($ch);
            
    $CommentID=GetTheShit($response,"<input type='hidden' name='comment_post_ID' value='","'");
            if(empty(
    $CommentID))
            {
                echo 
    'comments closed?<br />';
                echo 
    '<textarea>'.$response.'</textarea>';
                
    curl_close($ch);
                continue;
            }
            
    $POST_comment='author='.urlencode($_POST['Name']).'&email='.urlencode($_POST['Email']).'&url='.urlencode($_POST['Website']).
            
    '&comment='.urlencode($_POST['Text']).'&submit=Post+Comment&comment_post_ID='.$CommentID.'&comment_parent=0';
            
    curl_setopt($ch,     CURLOPT_URL$spamme[1].'wp-comments-post.php');
            
    curl_setopt($ch,     CURLOPT_RETURNTRANSFER1);
            
    curl_setopt($ch,     CURLOPT_POSTFIELDS$POST_comment);
            
    curl_setopt($ch,     CURLOPT_POST1); // set POST method
            
    curl_setopt($ch,     CURLOPT_USERAGENT$UserAgent);
            
    curl_setopt($ch,     CURLOPT_TIMEOUT10);
            
    curl_setopt($ch,     CURLOPT_FOLLOWLOCATION1);
            
    curl_setopt($ch,     CURLOPT_COOKIEFILE'');
            
    curl_setopt($ch,     CURLOPT_REFERER$NewestPost);
            
    $response=curl_exec($ch);
            if(
    strstr($response,'Your comment is awaiting moderation.') || strstr($response,$_POST['Name']))
            {
                echo 
    'Comment posted.<br />';
                
    mysql_query('UPDATE SPAMBLOGS SET COMMENTS=COMMENTS+1 WHERE ID='.$spamme[0]);
            }
            else
            {
                echo 
    'Fail</br />';
                echo 
    '<textarea>'.$response.'</textarea>';
            }
            
    curl_close($ch);
        }
        
    mysql_free_result($raw_spamlist);
    }    
    $raw_bloglist=mysql_query('SELECT URL,COMMENTS,ADDED FROM SPAMBLOGS');
    index.php:
    PHP:
    <?php
    include('engine.php');
    ?>
    <center><form action="?cat=commentspammer&spam=1" method="POST">
        <input name="Name" value="Name" /><br />
        <input name="Email" value="Email" /><br />
        <input name="Website" value="Website" /><br />
        <textarea name="Text">Text <?=rand()?></textarea><br />
        <input name="Limit" value="0" /><br />
        <input type="submit" /><br />
    </form></center>
    <center><table>
        <tr>
            <th>URL</th><th>Comments</th><th>Added</th>
        </tr>
        <?while($data=mysql_fetch_row($raw_bloglist)):?>
        <tr>
            <td><?=$data[0]?></td><td><?=$data[1]?></td><td><?=$data[2]?></td>
        </tr>
        <?endwhile;mysql_free_result($raw_bloglist);?>
    </table><center>
    You won´t be able to do anything serious (>1000 blogs) in an acceptable time or without raising all red flags on askimet. But for smaller runs it is ok.

    Also I´m not able to post URLs so the referer is encrypted.
     
  2. wacked

    wacked Newbie

    Joined:
    Jul 17, 2010
    Messages:
    19
    Likes Received:
    2
    Sorry forget the table details
    Code:
    CREATE TABLE SPAMBLOGS
    (
        ID             INTEGER         AUTO_INCREMENT,
        URL            VARCHAR(256)    NOT NULL,
        COMMENTS    INTEGER            NOT NULL,
        ADDED        DATETIME        NOT NULL,
        UNIQUE(URL),
        PRIMARY KEY(ID)
    );
     
  3. ghprod

    ghprod Regular Member

    Joined:
    Mar 18, 2009
    Messages:
    230
    Likes Received:
    40
    Home Page:
    nice .. i need to try this :)

    thanks
     
  4. loopcrack

    loopcrack Newbie

    Joined:
    Dec 7, 2009
    Messages:
    4
    Likes Received:
    1
    Location:
    http://******/6fFD
    Home Page:
    I wll try this