From Seo Wiki - Search Engine Optimization and Programming Languages
|Stable release||5.09 palladium|
|Operating system||Microsoft Windows|
|Available in||English, Russian, Czech, German, Polish|
|Type||Automated forum/blog/guestbook posting Tool|
XRumer is a Windows program that posts forum spam with the aim of boosting search engine rankings. It has been claimed that the program is able to bypass techniques commonly used by many websites to deter automated spam, such as account registration, CAPTCHAs, and e-mail activation before posting. The program makes heavy use of a database of known open proxies in an attempt to make it more difficult for administrators to block posts.
In addition, the software can avoid the suspicions of forum administrators by first registering to make a post in the form of a question which mentions the spam product ("Where can I get...?"), before registering another account to post a spam link which mentions the product. The side effect of these innocent-looking posts is that helpful forum visitors may search on a search engine (e.g. Google) for the product and themselves post a link to help out, thus bolstering the product's Google stats without falling afoul of forum posting policies.
According to The Register, the latest versionTemplate:Which? of XRumer can defeat CAPTCHAs of Hotmail and Gmail. This enables the software to create accounts with these free email services, which are used to register in forums that it posts to. 
Most spam attacks on forums generally occur in waves, and the software will not spam at full speed initially. Thus, a good strategy for limiting the damage of such attacks is to target new members who have random series' of alphanumeric characters for their usernames. The multiple instances of a spam bot will have obvious similarities in their email addresses (and will usually be random themselves), allowing members that match the profile of other spam bots to be banned before they even post. As mentioned - proxies are used, making IP bans ineffective, however it is possible to block the posting of threads containing certain text, or links to a certain site. Once a product or site has been spammed, it can be blocked, preventing the software from successfully uploading its payload.
One way to defeat the software (at least for now) is to add extra hidden password fields to the registration form. You can hide those fields with css "display:none;" so that normal users would not see them. (Do it by enclosing the fields in a div with style display:none).
XRumer seems to be filling out all fields of type "password" with the same value. So validation is rather simple at this point. If your hidden password fields are not empty, chances are the new registration was a result of XRumer run.
For further protection, you can generate random names for your password fields and include 10+ of such hidden fields into your registration form.
- ↑ John Leyden (3 October 2008). "Spam swine break next-gen CAPTCHAs: Hotmail, Gmail and kitchen-based checks all neutered". The Register. http://www.theregister.co.uk/2008/10/03/captcha_break/. Retrieved 2008-10-17.
- ↑ Sumeet Prasad (4 October 2008). "Microsoft Live Hotmail Under Attack by Streamlined Anti-CAPTCHA and Mass-mailing Operations". WebSense. http://securitylabs.websense.com/content/Blogs/3063.aspx. Retrieved 2008-10-17.
- Brian Kerbs (8 January 2007). "Scary Blogspam Automation Tools". Washington Post. http://blog.washingtonpost.com/securityfix/2007/01/scary_blogspam_automation_tool_1.html?nav=rss_blog. Retrieved 2007-01-13.
- Conrad Askland. "Xrumer Link Scam - Black Hat SEO". http://www.conradaskland.com/blog/2006/11/xrumer-link-scam-black-hat-seo/. Retrieved 2007-01-13.
- "Malware targets bloggers". ITweb. 3 August 2007. http://www.itweb.co.za/sections/software/2007/0708031034.asp?S=Virus%20Watch&A=VIR&O=FPTOP. Retrieved 2007-08-30.
- "Xrumer 5.0 Palladium". 26 January 2010. http://xrumer-seo.com/. Retrieved 2010-01-13. ru:XRumer