XRumer

From Seo Wiki - Search Engine Optimization and Programming Languages

Jump to: navigation, search
XRumer
Stable release 5.09 palladium
Operating system Microsoft Windows
Available in English, Russian, Czech, German, Polish
Type Automated forum/blog/guestbook posting Tool
License Proprietary

XRumer is a Windows program that posts forum spam with the aim of boosting search engine rankings. It has been claimed that the program is able to bypass techniques commonly used by many websites to deter automated spam, such as account registration, CAPTCHAs, and e-mail activation before posting. The program makes heavy use of a database of known open proxies in an attempt to make it more difficult for administrators to block posts.

In addition, the software can avoid the suspicions of forum administrators by first registering to make a post in the form of a question which mentions the spam product ("Where can I get...?"), before registering another account to post a spam link which mentions the product. The side effect of these innocent-looking posts is that helpful forum visitors may search on a search engine (e.g. Google) for the product and themselves post a link to help out, thus bolstering the product's Google stats without falling afoul of forum posting policies.

According to The Register, the latest versionTemplate:Which? of XRumer can defeat CAPTCHAs of Hotmail and Gmail. This enables the software to create accounts with these free email services, which are used to register in forums that it posts to.[1] [2]

Most spam attacks on forums generally occur in waves, and the software will not spam at full speed initially. Thus, a good strategy for limiting the damage of such attacks is to target new members who have random series' of alphanumeric characters for their usernames. The multiple instances of a spam bot will have obvious similarities in their email addresses (and will usually be random themselves), allowing members that match the profile of other spam bots to be banned before they even post. As mentioned - proxies are used, making IP bans ineffective, however it is possible to block the posting of threads containing certain text, or links to a certain site. Once a product or site has been spammed, it can be blocked, preventing the software from successfully uploading its payload.

One way to defeat the software (at least for now) is to add extra hidden password fields to the registration form. You can hide those fields with css "display:none;" so that normal users would not see them. (Do it by enclosing the fields in a div with style display:none).

XRumer seems to be filling out all fields of type "password" with the same value. So validation is rather simple at this point. If your hidden password fields are not empty, chances are the new registration was a result of XRumer run.

For further protection, you can generate random names for your password fields and include 10+ of such hidden fields into your registration form.


References

Personal tools

Served in 0.335 secs.