Wtf Anti Spam?

**j4y3m** · 03-16-2004, 08:26 AM

Originally posted by 7thElement+16 March 2004 - 06:50--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (7thElement @ 16 March 2004 - 06:50)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-haxor41789@15 March 2004 - 22:58
It's all a lie.

You can beat double posting by turning off JavaScript.
You can beat refreshing by layering proxies in different orders.
You can still use my high-quality spam scripts (up for sale for $19.99 BTW ).

That's what you think

It has nothing to do with javascript. Every post request generates two random access keys which can only be used once.

Before your spam scripts worked cause the auth key doesn't change so you could post via scripts every 25 seconds (like your script did)

Once a post is made both anti spam keys are deleted and you will need a new one to post a new message or a new reply.

Javascript security doesn't work. If you don't believe it try to spam with your script and it will not work.

Btw you want 20 $ for this script which doesnt work ?

Code:

&#60;?php 
define&#40;topic,&#39;104349&#39;&#41;;
if&#40;&#33;&#40;isset&#40;&#036;_GET&#91;auth&#93;&#41;&#41;&#41;{
echo &#39;&#60;&#33;doctype html public &#34;-//W3C//DTD HTML 4.01//EN&#34; &#34;http&#58;//www.w3.org/TR/html4/DTD/html4-strict.dtd&#34;&#62;
&#60;html&#62;
&#60;meta name=&#34;author&#34; title=&#34;haxor41789&#34;&#62;&#60;head&#62;
&#60;title&#62;Enter your authorization key&#60;/title&#62;
&#60;script type=&#34;text/javascript&#34;&#62;var auth=prompt&#40;&#34;Please enter your authorization key. An incorrect key will break your ability to reply.&#34;&#41;;
document.write&#40;&#34;&#60;meta http-equiv=&#092;&#34;refresh&#092;&#34; content=&#092;&#34;0;url=autospam.php?auth=&#34;+auth+&#34;&#092;&#34; &#34;&#41;;&#60;/script&#62;
&#60;/head&#62;
&#60;body&#62;
&#60;noscript&#62;This page requires JavaScript.&#60;/noscript&#62;
&#60;/body&#62;&#60;/html&#62;&#39;;}
else{
echo &#39;&#60;&#33;doctype html public &#34;-//W3C//DTD HTML 4.01//EN&#34; &#34;http&#58;//www.w3.org/TR/html4/DTD/html4-strict.dtd&#34;&#62;
&#60;html&#62;
&#60;head&#62;
&#60;meta name=&#34;author&#34; content=&#34;haxor41789&#34;&#62;&#60;title&#62;Spamming...&#60;/title&#62;&#39;;
if&#40;&#33;&#40;isset&#40;&#036;_GET&#91;act&#93;&#41;&#41;&#41;{
echo &#39;&#60;meta http-equiv=&#34;refresh&#34; content=&#34;25;url=autospam.php?auth=&#39;.&#036;_GET&#91;auth&#93;.&#39;&#34;&#62;&#60;style&#62;iframe{visibility&#58;hidden;}&#60;/style&#62;
&#60;/head&#62;
&#60;body&#62;Spamming...&#60;br&#62;
&#60;iframe src=&#34;autospam.php?auth=&#39;.&#036;_GET&#91;auth&#93;.&#39;&act=spam&#34; width=&#34;0&#34; height=&#34;0&#34; border=&#34;0&#34;&#62;&#60;/iframe&#62;&#39;;
}else{
echo &#39;&#60;script type=&#34;text/javascript&#34;&#62;function submit&#40;&#41;{document.form.submit&#40;&#41;;}setTimeout&#40;&#34;submit&#40;&#41;;&#34;,10&#41;;&#60;/script&#62;
&#60;/head&#62;
&#60;body&#62;
&#60;form action=&#34;http&#58;//www.filesharingtalk.com/index.php?&#34; name=&#34;form&#34; method=&#34;post&#34;&#62;
&#60;input type=&#34;hidden&#34; value=&#34;&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;Post&#34; value=&#34;Spam from haxor41789&#092;&#39;s Autospam script 2.0 - PM me for source code&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;enableemo&#34; value=&#34;yes&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;enablesig&#34; value=&#34;yes&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;st&#34; value=&#34;0&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;act&#34; value=&#34;Post&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;s&#34; value=&#34;&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;f&#34; value=&#34;5&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;CODE&#34; value=&#34;03&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;t&#34; value=&#34;&#39;.&#036;topic.&#39;&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;auth_key&#34; value=&#34;&#39;.&#036;_GET&#91;auth&#93;.&#39;&#34;&#62;&#60;/form&#62;&#39;;}echo &#39;&#60;/body&#62;&#60;/html&#62;&#39;;} ?&#62;

I don't think anybody would pay 20 bucks for that lol

Marc [/b][/quote]
I don't think he wanted his script posted...

**7thElement** · 03-16-2004, 08:38 AM

Did he ask us if we want our boards spammed by his script ? No he didn't so that's my answer

**[N][O][B]** · 03-28-2004, 01:41 AM

Originally posted by stupidguy+16 March 2004 - 08:26--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (stupidguy @ 16 March 2004 - 08:26)</td></tr><tr><td id='QUOTE'>

Originally posted by 7thElement@16 March 2004 - 06:50
<!--QuoteBegin-haxor41789

@15 March 2004 - 22:58
It's all a lie.

You can beat double posting by turning off JavaScript.
You can beat refreshing by layering proxies in different orders.
You can still use my high-quality spam scripts (up for sale for $19.99 BTW ).

That's what you think

It has nothing to do with javascript. Every post request generates two random access keys which can only be used once.

Before your spam scripts worked cause the auth key doesn't change so you could post via scripts every 25 seconds (like your script did)

Once a post is made both anti spam keys are deleted and you will need a new one to post a new message or a new reply.

Javascript security doesn't work. If you don't believe it try to spam with your script and it will not work.

Btw you want 20 $ for this script which doesnt work ?

Code:

<?php define(topic,'104349'); if(!(isset($_GET[auth]))){ echo '<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/html4-strict.dtd"> <html> <meta name="author" title="haxor41789"><head> <title>Enter your authorization key</title> <script type="text/javascript">var auth=prompt("Please enter your authorization key. An incorrect key will break your ability to reply."); document.write("<meta http-equiv=\"refresh\" content=\"0;url=autospam.php?auth="+auth+"\" ");</script> </head> <body> <noscript>This page requires JavaScript.</noscript> </body></html>';} else{ echo '<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/DTD/html4-strict.dtd"> <html> <head> <meta name="author" content="haxor41789"><title>Spamming...</title>'; if(!(isset($_GET[act]))){ echo '<meta http-equiv="refresh" content="25;url=autospam.php?auth='.$_GET[auth].'"><style>iframe{visibility:hidden;}</style> </head> <body>Spamming...<br> <iframe src="autospam.php?auth='.$_GET[auth].'&act=spam" width="0" height="0" border="0"></iframe>'; }else{ echo '<script type="text/javascript">function submit(){document.form.submit();}setTimeout("submit();",10);</script> </head> <body> <form action="http://www.filesharingtalk.com/index.php?" name="form" method="post"> <input type="hidden" value=""> <input type="hidden" name="Post" value="Spam from haxor41789\'s Autospam script 2.0 - PM me for source code"> <input type="hidden" name="enableemo" value="yes"> <input type="hidden" name="enablesig" value="yes"> <input type="hidden" name="st" value="0"> <input type="hidden" name="act" value="Post"> <input type="hidden" name="s" value=""> <input type="hidden" name="f" value="5"> <input type="hidden" name="CODE" value="03"> <input type="hidden" name="t" value="'.$topic.'"> <input type="hidden" name="auth_key" value="'.$_GET[auth].'"></form>';}echo '</body></html>';} ?>

I don't think anybody would pay 20 bucks for that lol

Marc

I don't think he wanted his script posted... [/b][/quote]
owned.

**bujub22** · 03-28-2004, 02:06 AM

**vidcc** · 03-28-2004, 02:11 AM

What's the problem?...it's not like we have to pay to use this board and nobody puts a gun to anyones head to use it...if you want to post the same thing again just redo it. If the people that make and run the board decide they want to use anti spam for their webspace then they have every right to do so.
Constructive criticism is one thing but reading some of the posts here anyone would think that human rights were being violated.
I appreciate this will not be a popular post to many but i think that this site works well technically, i have never had a problem posting (mind you it was kind of frustrating last night when the servers went down)

**bigboab** · 03-28-2004, 02:16 AM

Originally posted by vidcc@28 March 2004 - 02:11
What's the problem?...it's not like we have to pay to use this board and nobody puts a gun to anyones head to use it...if you want to post the same thing again just redo it. If the people that make and run the board decide they want to use anti spam for their webspace then they have every right to do so.
Constructive criticism is one thing but reading some of the posts here anyone would think that human rights were being violated.
I appreciate this will not be a popular post to many but i think that this site works well technically, i have never had a problem posting (mind you it was kind of frustrating last night when the servers went down)

Ok! So I take it that this has not affected you?

Read some of my posts on this subject. I think the last one was attempt number 8 to post. If you think that this is OK then there is something wrong with my interpretation of common sense.

**bujub22** · 03-28-2004, 02:19 AM

victim of antispam -been tipped 9 times

h1 · 03-28-2004, 03:22 AM

You're telling me you thought I was serious when I said I'd sell that 1-minute masterpiece (read: POS)?

The board still uses the default UA / password auth_key, along with with a random number and an MD5 of what appears to be something randomly generated. If one were to use the actual reply page to post, he could just grab those values using parent functions (JS).

This post was done with a script...