Go Back   vb.org Archive > Community Central > Community Lounge
Reload this Page The botnet admins have completely defeated gmail
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 12-21-2012, 01:19 AM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default The botnet admins have completely defeated gmail
Most every auto registration stopped at my site lately was trying to use a gmail email address.

It looks like the latest version of XRumer has completely defeated gmail's human verification measures.

Anyone else noticing this? There's even a email address, "google@gmail.com" spamming. I never noticed this flood of autospam bots using gmail before, not to this degree.

Are these valid gmail addresses or are they just spoofed?
Reply With Quote
  #2  
Old 12-21-2012, 01:36 AM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Spoofed. There's also gmail@gmail.com and test@gmail.com.
Reply With Quote
  #3  
Old 12-21-2012, 01:36 AM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I've seen those too. How do you know they are spoofed? Easy to assume so, given their designations I guess.
Reply With Quote
  #4  
Old 12-21-2012, 06:24 AM
Big Al Big Al is offline
 
Join Date: Nov 2011
Posts: 54
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thank you Max for bringing this up. There is a lot of useful information here:
http://en.wikipedia.org/wiki/XRumer

I am not an expert on spamming, as my field is related more towards scammers. however I have heard (as I previously posted) that the spammers were working on ways to defeat the anti-spam methods that people were working on.

After reading the Wikipedia article, I feel that we all need to be more aware and to help wherever we can those programmers who are working to stop spammers, hackers and scammers.

The amount of money obtained by these unethical acts can be very large indeed and can turn the heads of some administrators and programmers who actually support and encourage these hackers, spammers and scammers on their own websites and ridicule any who oppose them.

It is clear that the motivating force for the spammers to invest so heavily in automated programs is greed and "easy" money. It is scary how much these actions can rake in. And so there is a lot of money that can be used to increase the effectiveness of the unethical automated programs.

I think we all need to do what we can to stop the unethical and immoral guys in any way we can.
Reply With Quote
  #5  
Old 12-21-2012, 03:28 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Max Taxable View Post
I've seen those too. How do you know they are spoofed? Easy to assume so, given their designations I guess.
Google's IP addresses begin with 66.

The IP addresses of the spoofed e-mails do not.
Reply With Quote
  #6  
Old 12-21-2012, 03:45 PM
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
Posts: 690
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Interesting theory that we as forum owners are all pawns to distribute the spam. hmmmmmm.
Reply With Quote
  #7  
Old 12-21-2012, 05:44 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by ProSportsForums View Post
Google's IP addresses begin with 66.

The IP addresses of the spoofed e-mails do not.
Just like they wouldn't if I was using my own gmail account to sign up on a message board.

I know it's not google itself spamming us, and the botnet admins haven't gotten into google's servers to make zombies, I'm saying that either they are spoofing gmail email addresses, or they have defeated gmail's human verification and these are actual, legitimate gmail accounts.

I guess the only way to tell if they are spoofed is to try to send a email to the addresses, and see if it bounces.

--------------- Added [DATE]1356115510[/DATE] at [TIME]1356115510[/TIME] ---------------

Quote:
Originally Posted by TNCclubman View Post
Interesting theory that we as forum owners are all pawns to distribute the spam. hmmmmmm.
I personally know one or two who actually are. One of them owns something like, 40 message boards, and sells user info directly to spammers.
Reply With Quote
  #8  
Old 12-21-2012, 10:07 PM
Big Al Big Al is offline
 
Join Date: Nov 2011
Posts: 54
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by kh99 View Post
If you have proof of that you should present it. Or did someone say something you don't like so you just decided that must be the case? Don't you think it's unethical to even imply that it's true without proof?
I have proof.
However the mods and admins here have absolute control ....... <removed>


Yes they do, and you have been warned before about you personal vendettas.
Reply With Quote
  #9  
Old 12-21-2012, 10:21 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hmm... Seems my answer does lie here: http://en.wikipedia.org/wiki/XRumer#...count_creation

Quote:
As per the latest update to XRumer 7 the software is able to automatically register e-mail accounts on mail.ru (Russian IP addresses only) and Gmail. Support for creating e-mail accounts in an automated fashion on Hotmail and AOL have been completely removed. The technique employed by XRumer to bypass the CAPTCHA protection in Gmail and mail.ru is Averaging. A captcha is a challenge-response test frequently used by internet services in order to verify that the user is actually a human rather than a computer program. Commonly, captchas are dynamically created images of random numbers and/or letters. These images are distorted in some way so that the human eye can still recognize them but with the goal to make automatic recognition impossible. Captchas are used by freemail services to prevent automatic creation of a huge number of email accounts and to protect automatic form submissions on blogs, forums and article directories. [3] As of November 2012, Xrumer has once again cracked Recaptcha, and is able to successfully post to Forums/Blogs that use it.

Averaging is a common method in physics to reduce noise in input data. The averaging attack can be used on image-based captchas if the following conditions are met:

The predominant distortion in the captcha is of noise-like nature. It is possible to extract a series of different images with the same information encoded in them. Averaging of a series of images can be used to improve image quality (reduce distortion, or improve signal-to-noise ratio, so to say) of captchas and hence to make them more easily recognizable by OCR (optical character recognition) systems.

The fact that noise and payload behave differently on "reload" is exploited. This allows the program to separate them and hence defeat the captcha without the need for a sophisticated algorithm.
Reply With Quote
  #10  
Old 12-22-2012, 01:38 AM
Big Al Big Al is offline
 
Join Date: Nov 2011
Posts: 54
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
I personally know one or two who actually are. One of them owns something like, 40 message boards, and sells user info directly to spammers.
Max if you feel comfortable with sending me the information, I will pass it along to those who deal with these things.

As I posted earlier, I think we should ALL try to to stop the spammers/scammers and those who support them.

I am on many anti-fraud websites and I am interested in helping the victims and exposing the scum who prey on them, no matter where they hide.
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:49 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10500 seconds
  • Memory Usage 2,260KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete