vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   The botnet admins have completely defeated gmail (https://vborg.vbsupport.ru/showthread.php?t=293170)

Max Taxable 12-21-2012 12:19 AM
The botnet admins have completely defeated gmail
 
Most every auto registration stopped at my site lately was trying to use a gmail email address.

It looks like the latest version of XRumer has completely defeated gmail's human verification measures.

Anyone else noticing this? There's even a email address, "google@gmail.com" spamming. I never noticed this flood of autospam bots using gmail before, not to this degree.

Are these valid gmail addresses or are they just spoofed?

In Omnibus 12-21-2012 12:36 AM
Spoofed. There's also gmail@gmail.com and test@gmail.com.

Max Taxable 12-21-2012 12:36 AM
I've seen those too. How do you know they are spoofed? Easy to assume so, given their designations I guess.

Big Al 12-21-2012 05:24 AM
Thank you Max for bringing this up. There is a lot of useful information here:
http://en.wikipedia.org/wiki/XRumer

I am not an expert on spamming, as my field is related more towards scammers. however I have heard (as I previously posted) that the spammers were working on ways to defeat the anti-spam methods that people were working on.

After reading the Wikipedia article, I feel that we all need to be more aware and to help wherever we can those programmers who are working to stop spammers, hackers and scammers.

The amount of money obtained by these unethical acts can be very large indeed and can turn the heads of some administrators and programmers who actually support and encourage these hackers, spammers and scammers on their own websites and ridicule any who oppose them.

It is clear that the motivating force for the spammers to invest so heavily in automated programs is greed and "easy" money. It is scary how much these actions can rake in. And so there is a lot of money that can be used to increase the effectiveness of the unethical automated programs.

I think we all need to do what we can to stop the unethical and immoral guys in any way we can.

In Omnibus 12-21-2012 02:28 PM
Quote:
Originally Posted by Max Taxable (Post 2392004)
I've seen those too. How do you know they are spoofed? Easy to assume so, given their designations I guess.
Google's IP addresses begin with 66.

The IP addresses of the spoofed e-mails do not.

TNCclubman 12-21-2012 02:45 PM
Interesting theory that we as forum owners are all pawns to distribute the spam. hmmmmmm.

Max Taxable 12-21-2012 04:44 PM
Quote:
Originally Posted by ProSportsForums (Post 2392064)
Google's IP addresses begin with 66.

The IP addresses of the spoofed e-mails do not.
Just like they wouldn't if I was using my own gmail account to sign up on a message board.

I know it's not google itself spamming us, and the botnet admins haven't gotten into google's servers to make zombies, I'm saying that either they are spoofing gmail email addresses, or they have defeated gmail's human verification and these are actual, legitimate gmail accounts.

I guess the only way to tell if they are spoofed is to try to send a email to the addresses, and see if it bounces.

--------------- Added [DATE]1356115510[/DATE] at [TIME]1356115510[/TIME] ---------------

Quote:
Originally Posted by TNCclubman (Post 2392065)
Interesting theory that we as forum owners are all pawns to distribute the spam. hmmmmmm.
I personally know one or two who actually are. One of them owns something like, 40 message boards, and sells user info directly to spammers.

Big Al 12-21-2012 09:07 PM
Quote:
Originally Posted by kh99 (Post 2392059)
If you have proof of that you should present it. Or did someone say something you don't like so you just decided that must be the case? Don't you think it's unethical to even imply that it's true without proof?
I have proof.
However the mods and admins here have absolute control ....... <removed>


Yes they do, and you have been warned before about you personal vendettas.

Max Taxable 12-21-2012 09:21 PM
Hmm... Seems my answer does lie here: http://en.wikipedia.org/wiki/XRumer#...count_creation

Quote:
As per the latest update to XRumer 7 the software is able to automatically register e-mail accounts on mail.ru (Russian IP addresses only) and Gmail. Support for creating e-mail accounts in an automated fashion on Hotmail and AOL have been completely removed. The technique employed by XRumer to bypass the CAPTCHA protection in Gmail and mail.ru is Averaging. A captcha is a challenge-response test frequently used by internet services in order to verify that the user is actually a human rather than a computer program. Commonly, captchas are dynamically created images of random numbers and/or letters. These images are distorted in some way so that the human eye can still recognize them but with the goal to make automatic recognition impossible. Captchas are used by freemail services to prevent automatic creation of a huge number of email accounts and to protect automatic form submissions on blogs, forums and article directories. [3] As of November 2012, Xrumer has once again cracked Recaptcha, and is able to successfully post to Forums/Blogs that use it.

Averaging is a common method in physics to reduce noise in input data. The averaging attack can be used on image-based captchas if the following conditions are met:

The predominant distortion in the captcha is of noise-like nature. It is possible to extract a series of different images with the same information encoded in them. Averaging of a series of images can be used to improve image quality (reduce distortion, or improve signal-to-noise ratio, so to say) of captchas and hence to make them more easily recognizable by OCR (optical character recognition) systems.

The fact that noise and payload behave differently on "reload" is exploited. This allows the program to separate them and hence defeat the captcha without the need for a sophisticated algorithm.

Big Al 12-22-2012 12:38 AM
Quote:
I personally know one or two who actually are. One of them owns something like, 40 message boards, and sells user info directly to spammers.
Max if you feel comfortable with sending me the information, I will pass it along to those who deal with these things.

As I posted earlier, I think we should ALL try to to stop the spammers/scammers and those who support them.

I am on many anti-fraud websites and I am interested in helping the victims and exposing the scum who prey on them, no matter where they hide.


All times are GMT. The time now is 01:47 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02493 seconds
  • Memory Usage 1,747KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete