Posts

Posted on

12DailyPro is officially a Ponzi Scam

The infamous 12DailyPro autosurf program finally charged with with fraud for running a Ponzi scheme. This means that 12DailyPro website will be shut down permanently after this.

Well, tough luck for the unlucky investors. Please do not support ponzi-like scheme, I guess people should know better about this, HYIP (High Yield Investment Program) and autosurf program is most likely (if not all) a ponzi scheme. So becareful when somebody recommends you to join money-making schemes like this.

From Wikipedia entry,

HYIPs typically are not based in the United States, Europe, or Japan – countries that have strong laws against unregistered investment programs. HYIPs disclose little or no detail about the principals, management, location, or other aspects of whom is getting the money to be invested, and relatively little information (other than asserting that they do various types of trading on various stock and other exchanges) on how their investment programs actually work.

Sounds familiar?

Enuff said, more info at ShaolinTiger blog

hyip,ponzi,scam,autosurf

Posted on

Sending HTTP POST with php cURL

As promised previously, I’m going to show you how to send HTTP POST request using php cURL extension.

The target form

Let’s say you have a html form like this :

wtf

And this is the source code of the html file :

You can see that the form will submit the query using HTTP POST to “target.php”. Now let’s say you want to write a php script (bot.php) that will automatically send the query bypassing the html form, this is one way to do it (with php libcurl extension)

< ?php
//bot.php
$url = "http://localhost/wtf/target.php";
$ch = curl_init();

// set the target url
curl_setopt($ch, CURLOPT_URL,$url);

// howmany parameter to post
curl_setopt($ch, CURLOPT_POST, 1);

// the parameter 'username' with its value 'johndoe'
curl_setopt($ch, CURLOPT_POSTFIELDS,"username=johndoe");


$result= curl_exec ($ch);
curl_close ($ch); 
print $result;

?>

This script will send a HTTP POST request to “target.php” pretending to be a real person sending the “username” parameter as “john doe”.

However this is not entirely convincing since the server side will automatically know that you are using a http script to send the HTTP POST request by analyzing the browser “user-agent” string. The default script will send “(HTTPRetriever/1.0)” as its user-agent.

With a little add-on, you can spoof the user-agent string inside your script just like this :

< ?php
//
// test HTTP POST submitter, using libcurl
//

// the target url which contains scripts that accepts post request
$url = "http://localhost/wtf/target.php";

// we are spoofing Yahoo Seeker bot >:)
$useragent="YahooSeeker-Testing/v3.9 (compatible; Mozilla 4.0; MSIE 5.5; http://search.yahoo.com/)";

$ch = curl_init();

// set user agent
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

// set the target url
curl_setopt($ch, CURLOPT_URL,$url);

// howmany parameter to post
curl_setopt($ch, CURLOPT_POST, 1);

// the parameter 'username' with its value 'johndoe'
curl_setopt($ch, CURLOPT_POSTFIELDS,"username=johndoe");


// execute curl,fetch the result and close curl connection
$result= curl_exec ($ch);
curl_close ($ch); 

// display result
print $result;

?>

so when your “bot.php” sends the request, the server logs will record that the query was sent by a “Yahoo Seeker bot” instead of a crudely coded php script.

You can spoof other browser as long as you know their user-agent string, refer to my previous post for a collection of browser user-agent strings.

No PHP cURL support?

In this case, you have a few options

  1. Use a server that support php cURL extension
  2. Compile/Install php cURL extension
  3. Use libcurlemu – php cURL extension written in pure php

Well that should cover the short crash course on how to use php cURL extension.

p/s : Although I won’t tell you how to write one directly, this is the basic of building spam bots and auto-submitter. So use your imagination (and the dark side of the force) to write the rest of the code. *evil*

You can download the source code of this tutorial here : http://mypapit.net/pub/libcurltest.zip

php,curl,webdev,libcurl,bots

Posted on

A rather large collection of browser User-agent strings

If you are into analyzing http log files or writing web applications that does user-agent analysis, you might appreciate this website PGTS Agent String Switchword. The website has a huge collection of browser user-agent list ranging from the common Mozilla/Internet Explorer variant to search-engine spider, malicious web bots and internet worms.

The list is organised in various orders to ease up browsing (alphabetical, operating system, by popularity, common robots user agent). Finally, the site also offers tab-delimited user-agent download (zip file). This is useful for those who want to build user-agent database for their own project.

Posted on

How to Recover Scratched CDs


scratched cdsEver been in situation where you need to install softwares from an old CD-ROM, or perhaps retrieve backups of your works? It must be a frustrating experience when you found out that your data couldn’t be retrieved because the CDs has been scratched. While preventing scratches may avoid this sort of problem, let face it, scratches may appear on your well stored CD/DVD as well.

The article I found below discussed on ways to recover from scratched CD-ROM, with a few tips and guides how to look for scratches to the final step of recovering data from it. Trust me, you may need this tip someday : Recovering Scratched CDs

cd, cd-rom, dvd, recovery,computer