|
bounidahl
Membru nou
Inregistrat: acum 16 ani
Postari: 21
|
|
STEP 1: SPAMMER TOOLS
In order to conduct a good spamming campaign you need some tools, I will refer to this list as a “spamming kit” because every spammer need this:
1. OPENVPN – you need this in order to protect from your local ISP network screening that will reveal that you are running a spamming campaign. In a few words a good OpenVPN service will encrypt your network traffic from your computer to the VPN server so not even your ISP or local LE will be aware what are you doing over Internet. For more info about OpenVPN and from where you can get one please read my previous Article: “A carder’s way to stay FREE when working over Internet!”
Please be aware that perfect-privacy.com is not good for this purposes because they run some heavy spam detection filters and will block any spam related account within 5 minutes from the time you start your campaign, but using google you will find a lot of OpenVPN providers, even few that can be carded.
2. SOCKS LIST – Socks are like proxies, you can connect trough them in order to hide your real IP address. Socks are useful when you run a spam campaign because if you don’t have good SMTP dedicated server you can use socks in order to run a good spam campaign. You must find a good socks list provider. More info and advices regarding socks list you can find on my previous article: “A carder’s way to stay FREE when working over Internet!”
3. EMAILS COLLECTOR: you need some good software that can collect emails for your spam campaign because a successfully spam campaign is based on a good(not necessary huge) email list. Sometimes you will do a good job only with 10k valid/active emails but most of the time you will need some hundred of thousands of emails in order to have some results, depending on what about is your spam and how many Inboxes(spam send to Inbox) you can send.
As a starter in this biz you can collect emails from 3 main sources from:
a) newsgroups – you get a huge emails list but many are useless because are invalid, are antispam format, old/unused accounts or are heavy spammed. But if you need a huge email list newsgroups are the primary source.
You can collect emails from newsgroups with PowerEmailExtractor from TEC Software. For newsgroup list I recommend you to card a private newsgroup server because many of spammers use public newsgroups and this makes the most of the emails from these public servers useless for a good spam campaign. If you can’t manage to card a private newsgroup server here is a list with some public servers:hxxp://home.snafu.de/hweede/pulin.htm
b) Internet websites – you can collect emails from all sorts of websites like forums and discussion lists and classifieds websites. Using google you will find your own list of websites form where you collect emails and a good tool for collection WebDataExtractor from rafasoft.com. With this software you can collect emails from all websites that reveal full email address and even from private forums if you have a username and password from those forums. The easiest way to collect emails from websites is by finding some big public/private classifieds websites that reveal users emails.
c) running fake adverts: this is a good and easy method to collect small but 100% valid email lists. You can collect 5k-10k within a few days by posting as much fake adverts as you can on well known classifieds websites or trade forums/boards in order to make a lot of ppl to contact you. The best places to run these fake adverts are the job hunting websites and small/inexpensive items classifieds websites. Your post must be very good looking and attractive in order to make a lot of ppl to contact you requesting more info. For this job you must use emails addresses that support mail forward in order to forward the emails received from all your fake adverts emails to one email account from where you can collect all emails more easy.
4. EMAIL LIST MANAGER: this tool will clean your email list from invalid/wrong format emails, duplicates and all sorts of emails that you don’t want/need in your spam campaign like admins and spam catchers emails and some emails from IPS that you don’t need or don’t want to spam. EmailListManager is the best tool for this job because can do a lot of cleaning and filtering to your emails list. When you clean your email list always remember to clean it for this words:
postmaster, 0000, hack, valid, noemail, nomail, noname, unavailable, fake, haha, privacy, abuse, spam, replay, junk, remove, scam, none, nobody, nothing, nowhere, here, xxxx, ..., support, admin, nochance, ****, police, noserver, noreply, blockbuster, illegal, daemon, netmaster, sales, support, security, dns, billing, newsletter, helpdesk, test, sneakmail
5. SMTP / ROOT / REMOTE: This is the most important tool for a any spammer, a good spammer will always use this tool in order to run its campaigns.
a) Sending spam from a remote location: If you have access to a root/shell or to a remote system you can run your spam campaigns from there and you will not use your own ISP network to send spam. This is the best option for a spammer because will not risk to be detected by his local ISP anti spam filters and will send spams more quirky using the remote system bandwidth. If you know how you can hack roots/shells or remote computers or you can use google to find cardable providers of remote system.
b) Sending spam from your own computer: if you don’t manage to hack/card your own root/remote you will be forced to send spam from your own computer. But don’t worry as this is not as dangerous as it first looks if you follow my advices on working online in a safe environment from my previous article: “A carder’s way to stay FREE when working over Internet!”
In order to send spam from your own computer you will need good SMTP server accounts. There are many ways you can obtain SMTP servers accounts but I will tell you a few easiest ways:
b.1) you can card/buy web hosting accounts without a SMTP sending limit. Because of the years of abuse of this method all major web hosting providers set a per day/per number limit to the emails you can send using a smtp account, and you will not be able to send more then 100-500 emails/day or only 5 emails per minute. But if you use google I assure you can find some small/new hosting providers that offer SMTP accounts without a sending limit.
b.2) you can use a network scanner to find smtp accounts that have weak passwords. There are a lot of web servers and stmp servers that have some default smtp accounts like: test, admin, root with weak password like: 12345, admin, password, test and so on. A good network scanner is HSCAN compiled by uhhuhy (cnhonker.net or uhhuh.myetang.com). With this scanner to can scan a lot of networks for smtp accounts with default/weak user/password.
If you use Hscan to grab some smtp accounts for spamming you should scan only for POP3 accounts and then manually test all weak pop3 accounts you find with the same username and password only used as smtp accounts to find the weak smtp accounts.
In order to understand what I’m saying I will give you an example:
- let’s say you scan a network with the ip range: 150.65.0.1 – 150.65.255.255
- from the Hscan modules congif tab(Hscan main menu) you should select only “check hostname of target” and "check POP3 weak accounts"
- now let’s say that the scan reveal 10 pop3 weak accounts, you take all that accounts and try them as smtp accounts, using the same username and password that you get from Hscan. The simplest method to find out what pop3 accounts are also smtp accounts is to use them one by one with a spam sending tool, for example Mailbomber or G-Lock EasyMail, in order to send an single email to one of your work emails. If you receive the message it means that the pop3 account is also a smtp account.
STEP 2: GET READY TO START
In order to start a spam campaign you need a tool that will effectively send the message you want to the email list you collect. From all tools available for this job I will present you two types:
1. PHP sender:
this is a php script that you can install into your hacked apache server or any other servers(linux/windows) that support php mail() function.
a) Just create a file with the name: sender.php on the above mentioned type of server and put there the following script, without the “===” marks
============start of sender.php===============
<?php
include("ini.inc");
$mail_header = "From: YourEmail< >\n";
$mail_header .= "Content-Type: text/html\n";
$subject="your subject";
$body=loadini("message.txt");
if (!($fp = fopen("list.txt", "r")))
exit("Unable to open $listFile.");
$i=0;
print "Start time is "; print date("Y:m:d H:i"); print "\n";
while (!feof($fp)) {
fscanf($fp, "%s", $name);
$i++;
mail($name, $subject, $body, $mail_header);
}
print "End time is "; print date("Y:m:d H:i"); print "\n";
print "$i"; print "emails sent."; print"\n";
?>
===============end of sender.php===========================
b) Not create a file named: ini.inc containing:
=============start of ini.inc=============================
<?php
function loadini($path) {
$fp = fopen($path, "r");
$fpcontents = fread($fp, filesize($path));
fclose($fp);
return $fpcontents;
}
function readini($filename, $key) {
return rfi($filename,$key,TRUE);
}
function rfi($filename, $key, $just_value) {
$filecontents=loadini($filename);
$key .= "=";
$currentkey = strstr($filecontents, $key);
if (!$currentkey)
return($empty);
$endpos = strpos($currentkey, "\r\n");
if (!$endpos) $endpos = strlen($currentkey);
if ($just_value) $currentkey = trim(substr($currentkey, strlen($key), $endpos-strlen($key)));
else $currentkey = trim(substr($currentkey, 0, $endpos));
return ($currentkey);
}
?>
=================end of ini.inc===========================
c) Now put your email list into a file named: list.txt
d) Finally, you must create a file with the name: message.txt and put there the exact message(including html formatting if you use it) that you want to send to the email list.
e) In this moment you are ready to start your spamming campaign, you only need to execute the script.php file in order to start sending the message from message.txt to the email list from list.txt
2. Windows sender:
This is software that run under Windows SO and make the same job as the PHP sender, with the only difference that the php sender run from the server where you install it and the windows sender will run from your own computer or from a remote computer that you use.
If you use your own computer you must use a OpenVPN in order to avoid being flagged as spammer by your own IPS, because depending where you live, this can get you in small or big time trouble. Two well known and easy to use windows senders for spam are:
a) MailBomber: is very easy to use and has a friendly user interface, you just need to input the email list in “"Recipients" table, the smtp account that you will use to send the messages into the “"SMTP Servers" tab and the message you want to send (including html formatting if you use it) to “"Messages" tab and hit F9 or Start from the “Sending” tab.
In order to run a good campaign you must select 8(slower smtp) up to 15(faster smtp) sending thread when you input your smtp account.
b) G-Lock EasyMail: this is a powerful tool for sending spam, it will be very easy to use after you will get use with it. Starters should test this tool before starting their first campaign because there are a lot of configurations that can be done in this tool in order to conduct a “Inbox” campaign.
STEP 3: BEFORE STARTING
In order to deliver a good rate of inboxes messages you must use only servers/smtp that are not listed in spamhaus black list, you can find this on their website: spamhaus.org/sbl/index.lasso
This is important because now days 99.9% reject emails coming from ips that are listed in spamhaus blacklist.
If you want to get the best protection of your real IP address you can use socks in order to connect to the smtp account you will use in your campaign. This will slow down a little your sending speed but will protect your vpn ip from the smtp server logs. If you want to use this additional protection you should use a tool called “Proxifier” to route your entire spam traffic trough the socks and from there to the smtp account and far away to the destination emails.
Also is important to have a good spam message, writhed in a correct language. Avoid sending images and try to include as little links as you can in your message, because all mail servers have spam filters and if your message is to “heavy” with images and links it will be flagged as spam and first will be delivered to “spam/junk” folder and in the end will not be delivered at all.
For ppl that English is not their first language it is best to use a English grammar checker in order to check if their spam message is correct:
spellcheckplus.com – best english spell checker
spellchecker.net/spellcheck/ - english spell checker
translate.google.com – to translate text from ur language into english
And ore last thing, you should always have 2 smtp accounts ready to be used because if the account in use goes offline you can quickly exchange it with a new one in order to resume your campaign asap. And please keep in mind that your smtp account goes offline in the middle of your sending campaign and you exchange it with a new account, you don’t have to star your sending campaign from the beginning, most of the windows sending tools will be able to resume the campaign.
That’s it for now, as I said this is article for beginners so it only contains the general info/stuff. Anyway, spamming is a art not something that can be done mechanically and it involves a lot of research and work, so if you want to do better than this you must start researching on your own.
|
|
